/src/libpcap/testprogs/fuzz/fuzz_pcap.c

Source (jump to first uncovered line)
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <errno.h>
#include <unistd.h>

#include <pcap/pcap.h>

FILE * outfile = NULL;

static int bufferToFile(const char * name, const uint8_t *Data, size_t Size) {
    FILE * fd;
    if (remove(name) != 0) {
        if (errno != ENOENT) {
            printf("failed remove, errno=%d\n", errno);
            return -1;
        }
    }
    fd = fopen(name, "wb");
    if (fd == NULL) {
        printf("failed open, errno=%d\n", errno);
        return -2;
    }
    if (fwrite (Data, 1, Size, fd) != Size) {
        fclose(fd);
        return -3;
    }
    fclose(fd);
    return 0;
}

void fuzz_openFile(const char * name) {
    if (outfile != NULL) {
        fclose(outfile);
    }
    outfile = fopen(name, "w");
}

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
    pcap_t * pkts;
    char errbuf[PCAP_ERRBUF_SIZE];
    char filename[FILENAME_MAX] = { 0 };
    const u_char *pkt;
    struct pcap_pkthdr *header;
    struct pcap_stat stats;
    int fd = -1, r;

    //initialize output file
    if (outfile == NULL) {
        outfile = fopen("/dev/null", "w");
        if (outfile == NULL) {
            return 0;
        }
    }

    //generate temporary file name
    snprintf(filename, FILENAME_MAX, "/tmp/libpcap_fuzz_pcap.XXXXXX");
    if ((fd = mkstemp(filename)) < 0) {
        return 0;
    }
    close(fd);

    //rewrite buffer to a file as libpcap does not have buffer inputs
    if (bufferToFile(filename, Data, Size) < 0) {
        unlink(filename);
        return 0;
    }

    //initialize structure
    pkts = pcap_open_offline(filename, errbuf);
    if (pkts == NULL) {
        fprintf(outfile, "Couldn't open pcap file %s\n", errbuf);
        unlink(filename);
        return 0;
    }

    //loop over packets
    r = pcap_next_ex(pkts, &header, &pkt);
    while (r > 0) {
        //TODO pcap_offline_filter
        fprintf(outfile, "packet length=%d/%d\n",header->caplen, header->len);
        r = pcap_next_ex(pkts, &header, &pkt);
    }
    if (pcap_stats(pkts, &stats) == 0) {
        fprintf(outfile, "number of packets=%d\n", stats.ps_recv);
    }
    //close structure
    pcap_close(pkts);

    unlink(filename);
    return 0;
}

Line	Count	Source (jump to first uncovered line)
1		#include <stdio.h>
2		#include <stdlib.h>
3		#include <string.h>
4		#include <fcntl.h>
5		#include <errno.h>
6		#include <unistd.h>
7
8		#include <pcap/pcap.h>
9
10		FILE * outfile = NULL;
11
12	4.50k	static int bufferToFile(const char * name, const uint8_t *Data, size_t Size) {
13	4.50k	FILE * fd;
14	4.50k	if (remove(name) != 0) {
15	0	if (errno != ENOENT) {
16	0	printf("failed remove, errno=%d\n", errno);
17	0	return -1;
18	0	}
19	0	}
20	4.50k	fd = fopen(name, "wb");
21	4.50k	if (fd == NULL) {
22	0	printf("failed open, errno=%d\n", errno);
23	0	return -2;
24	0	}
25	4.50k	if (fwrite (Data, 1, Size, fd) != Size) {
26	0	fclose(fd);
27	0	return -3;
28	0	}
29	4.50k	fclose(fd);
30	4.50k	return 0;
31	4.50k	}
32
33	0	void fuzz_openFile(const char * name) {
34	0	if (outfile != NULL) {
35	0	fclose(outfile);
36	0	}
37	0	outfile = fopen(name, "w");
38	0	}
39
40	4.50k	int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
41	4.50k	pcap_t * pkts;
42	4.50k	char errbuf[PCAP_ERRBUF_SIZE];
43	4.50k	char filename[FILENAME_MAX] = { 0 };
44	4.50k	const u_char *pkt;
45	4.50k	struct pcap_pkthdr *header;
46	4.50k	struct pcap_stat stats;
47	4.50k	int fd = -1, r;
48
49		//initialize output file
50	4.50k	if (outfile == NULL) {
51	1	outfile = fopen("/dev/null", "w");
52	1	if (outfile == NULL) {
53	0	return 0;
54	0	}
55	1	}
56
57		//generate temporary file name
58	4.50k	snprintf(filename, FILENAME_MAX, "/tmp/libpcap_fuzz_pcap.XXXXXX");
59	4.50k	if ((fd = mkstemp(filename)) < 0) {
60	0	return 0;
61	0	}
62	4.50k	close(fd);
63
64		//rewrite buffer to a file as libpcap does not have buffer inputs
65	4.50k	if (bufferToFile(filename, Data, Size) < 0) {
66	0	unlink(filename);
67	0	return 0;
68	0	}
69
70		//initialize structure
71	4.50k	pkts = pcap_open_offline(filename, errbuf);
72	4.50k	if (pkts == NULL) {
73	841	fprintf(outfile, "Couldn't open pcap file %s\n", errbuf);
74	841	unlink(filename);
75	841	return 0;
76	841	}
77
78		//loop over packets
79	3.66k	r = pcap_next_ex(pkts, &header, &pkt);
80	28.9k	while (r > 0) {
81		//TODO pcap_offline_filter
82	25.2k	fprintf(outfile, "packet length=%d/%d\n",header->caplen, header->len);
83	25.2k	r = pcap_next_ex(pkts, &header, &pkt);
84	25.2k	}
85	3.66k	if (pcap_stats(pkts, &stats) == 0) {
86	0	fprintf(outfile, "number of packets=%d\n", stats.ps_recv);
87	0	}
88		//close structure
89	3.66k	pcap_close(pkts);
90
91	3.66k	unlink(filename);
92	3.66k	return 0;
93	4.50k	}

Coverage Report

Created: 2025-07-04 06:44