bart
/
cfuzz
mirror of https://github.com/bartpleiter/cfuzz


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143
							/*
Fuzzes template Information element

Sub-fuzzer template for fuzzing a specific information element.
Change all places with "update this" as comment.
Also change all words with template in them.

Files to change when adding subfuzzer:
- subfuzzer header file
- fuzzer.c with includes
- frameCreator.c with includes
*/
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include "../frameDefinitions.h"

//Indecates whether the templateFuzzer is running
int templateRunningState = 0;

//Number of fuzzing states
const int templateStates =  2;          //update this
//Steps of fuzzers for each fuzzing state
const int templateSteps[] =   {1, 3};   //update this

//Current state and step of the templateFuzzer
int fuzzState;
int fuzzStep;

void templatePrintCurrentState() //update this
{
    switch (fuzzState)
    {
        case 0: 
        {
            printf("\e[33mFuzzing TEMPLATE IE\e[39m\n");
            printf("Trying 255*0xFF data\n");
            break;
        }
        case 1: 
        {
            printf("Fuzzing template state 2\n");
            break;
        }
        case 2:
        {
            printf("\e[33mDone with fuzzing template\e[39m\n");
            break;
        }
    }
}

//Updates templateFuzzer
//Status 0 indicates start
//Status 1 indicates increaseStep
//Status 2 indicates stop
//Returns -1 if done with fuzzing
int templateFuzzUpdate(int status)
{
    switch (status)
    {
        case 0: //start fuzzer
        {
            templateRunningState    = 1;
            fuzzState       = 0;
            fuzzStep        = 0;
            templatePrintCurrentState();
            break;
        }
        case 1: //update fuzzer
        {
            if (templateRunningState == 1) //sanity check
            {
                //increase steps until all steps are done
                if (fuzzStep < templateSteps[fuzzState]-1)
                    fuzzStep = fuzzStep + 1;
                //then increase state and notify
                else
                {
                    fuzzStep = 0;
                    fuzzState = fuzzState + 1;
                    templatePrintCurrentState();
                }
                //when all states are done, stop
                if (fuzzState == templateStates)
                {
                    templateRunningState = 0;
                    return -1;
                }
            }
            break;
        }
        case 2: //stop fuzzer
        {
            templateRunningState = 0;
            break;
        }
    }
    return 0;
}

//Returns an template information element
infoElem templateFuzz()
{
    infoElem template;

    //What to return when not fuzzed
    if (templateRunningState == 0)
    {
        template.id = 0;
        template.len = 1;
        template.len_data = -1;
        template.data = "\xab";
    }
    else
    {
        switch (fuzzState) //update this
        {
            case 0:     //255*0xff
            {
                template.id = 0; //update this
                template.len = 255;
                template.len_data = 255;
                //create data of 255 times 0xff
                u_char *data = malloc(255);
                memset(data, 0xff, 255);
                template.data = data;
                break;
            }
            case 1:  //template null data
            {
                template.id = 0; //update this
                template.len = 1;
                template.len_data = 1;
                template.data = "\x00";
                break;
            } 
        }
    }
    
    return template;
}