5 # Fuzz-testing script for TShark
7 # This script uses Editcap to add random errors ("fuzz") to a set of
8 # capture files specified on the command line. It runs TShark on
9 # each fuzzed file and checks for errors. The files are processed
10 # repeatedly until an error is found.
12 # This needs to point to a 'date' that supports %s.
14 BASE_NAME=fuzz-`$DATE +%Y-%m-%d`-$$
16 # Directory containing binaries. Default current directory.
19 # Temporary file directory and names.
20 # (had problems with this on cygwin, tried TMP_DIR=./ which worked)
22 if [ "$OSTYPE" == "cygwin" ] ; then
23 TMP_DIR=`cygpath --windows "$TMP_DIR"`
25 TMP_FILE=$BASE_NAME.pcap
26 ERR_FILE=$BASE_NAME.err
28 # Loop this many times (< 1 loops forever)
31 # These may be set to your liking
32 # Stop the child process, if it's running longer than x seconds
34 # Stop the child process, if it's using more than y * 1024 bytes
36 # Insert z times an error into the capture file (0.02 seems to be a good value to find errors)
38 # Trigger an abort if a dissector finds a bug.
39 # Uncomment to disable
40 WIRESHARK_ABORT_ON_DISSECTOR_BUG="True"
43 # To do: add options for file names and limits
44 while getopts ":b:d:p:" OPTCHAR ; do
48 p) MAX_PASSES=$OPTARG ;;
51 shift $(($OPTIND - 1))
53 # Tweak the following to your liking. Editcap must support "-E".
54 TSHARK="$BIN_DIR/tshark"
55 EDITCAP="$BIN_DIR/editcap"
56 CAPINFOS="$BIN_DIR/capinfos"
58 # set some limits to the child processes, e.g. stop it if it's running longer then MAX_CPU_TIME seconds
59 # (ulimit is not supported well on cygwin and probably other platforms, e.g. cygwin shows some warnings)
60 ulimit -S -t $MAX_CPU_TIME -v $MAX_VMEM
63 ### usually you won't have to change anything below this line ###
65 # TShark arguments (you won't have to change these)
66 # n Disable network object name resolution
67 # V Print a view of the details of the packet rather than a one-line summary of the packet
68 # x Cause TShark to print a hex and ASCII dump of the packet data after printing the summary or details
69 # r Read packet data from the following infile
73 for i in "$TSHARK" "$EDITCAP" "$CAPINFOS" "$DATE" "$TMP_DIR" ; do
75 echo "Couldn't find $i"
79 if [ $NOTFOUND -eq 1 ]; then
83 # Make sure we have a valid test set
86 if [ "$OSTYPE" == "cygwin" ] ; then
87 CF=`cygpath --windows "$CF"`
89 "$CAPINFOS" "$CF" > /dev/null 2>&1 && FOUND=1
90 if [ $FOUND -eq 1 ] ; then break ; fi
93 if [ $FOUND -eq 0 ] ; then
95 Error: No valid capture files found.
97 Usage: `basename $0` [-p passes] [-d work_dir] capture file 1 [capture file 2]...
103 if [ $MAX_PASSES -gt 0 ]; then
104 HOWMANY="$MAX_PASSES passes"
106 echo "Running $TSHARK with args: $TSHARK_ARGS ($HOWMANY)"
109 # Clean up on <ctrl>C, etc
110 trap "rm -f $TMP_DIR/$TMP_FILE $TMP_DIR/$ERR_FILE; echo ""; exit 1" HUP INT TERM
112 # Iterate over our capture files.
114 while [ $PASS -lt $MAX_PASSES -o $MAX_PASSES -lt 1 ] ; do
115 PASS=`expr $PASS + 1`
116 echo "Starting pass $PASS:"
121 if [ $(( $RUN % 50 )) -eq 0 ] ; then
124 if [ "$OSTYPE" == "cygwin" ] ; then
125 CF=`cygpath --windows "$CF"`
129 "$CAPINFOS" "$CF" > /dev/null 2> $TMP_DIR/$ERR_FILE
131 if [ $RETVAL -eq 0 ] ; then
133 rm -f $TMP_DIR/$ERR_FILE
134 elif [ $RETVAL -eq 1 ] ; then
135 echo "Not a valid capture file"
136 rm -f $TMP_DIR/$ERR_FILE
141 echo -e "Processing failed. Capture info follows:\n"
142 echo " Input file: $CF"
143 echo -e "stderr follows:\n"
144 cat $TMP_DIR/$ERR_FILE
150 "$EDITCAP" -E $ERR_PROB "$CF" $TMP_DIR/$TMP_FILE > /dev/null 2>&1
151 if [ $? -ne 0 ] ; then
152 "$EDITCAP" -E $ERR_PROB -T ether "$CF" $TMP_DIR/$TMP_FILE \
154 if [ $? -ne 0 ] ; then
155 echo "Invalid format for editcap"
160 "$TSHARK" $TSHARK_ARGS $TMP_DIR/$TMP_FILE \
161 > /dev/null 2> $TMP_DIR/$ERR_FILE
163 grep -i "dissector bug" $TMP_DIR/$ERR_FILE \
164 > /dev/null 2>&1 && DISSECTOR_BUG=1
165 if [ $RETVAL -ne 0 -o $DISSECTOR_BUG -ne 0 ] ; then
168 echo -e "Processing failed. Capture info follows:\n"
169 echo " Output file: $TMP_DIR/$TMP_FILE"
170 if [ $DISSECTOR_BUG -ne 0 ] ; then
171 echo -e "stderr follows:\n"
172 cat $TMP_DIR/$ERR_FILE
177 rm -f $TMP_DIR/$TMP_FILE $TMP_DIR/$ERR_FILE