search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
FIXUP: give names to sec_vt_command's
[wireshark-wip.git] / tools / fuzz-test.sh
blobface22c7939aafe1f256a848027d57fccd11f619
1 #!/bin/bash
2 #
3 # Fuzz-testing script for TShark
4 #
5 # This script uses Editcap to add random errors ("fuzz") to a set of
6 # capture files specified on the command line. It runs TShark on
7 # each fuzzed file and checks for errors. The files are processed
8 # repeatedly until an error is found.
9 #
10 # Copyright 2013 Gerald Combs <gerald@wireshark.org>
11 #
12 # $Id$
13 #
14 # Wireshark - Network traffic analyzer
15 # By Gerald Combs <gerald@wireshark.org>
16 # Copyright 1998 Gerald Combs
17 #
18 # This program is free software; you can redistribute it and/or
19 # modify it under the terms of the GNU General Public License
20 # as published by the Free Software Foundation; either version 2
21 # of the License, or (at your option) any later version.
22 #
23 # This program is distributed in the hope that it will be useful,
24 # but WITHOUT ANY WARRANTY; without even the implied warranty of
25 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 # GNU General Public License for more details.
27 #
28 # You should have received a copy of the GNU General Public License
29 # along with this program; if not, write to the Free Software
30 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
31
32 TEST_TYPE="fuzz"
33 . `dirname $0`/test-common.sh || exit 1
34
35 # Directory containing binaries. Default current directory.
36 BIN_DIR=.
37
38 # Sanity check to make sure we can find our plugins. Zero or less disables.
39 MIN_PLUGINS=0
40
41 # Did we catch a signal?
42 DONE=0
43
44 # Perform a two pass analysis on the capture file?
45 TWO_PASS=
46
47 # Specific config profile ?
48 CONFIG_PROFILE=
49
50 # Run under valgrind ?
51 VALGRIND=0
52
53 # The maximum permitted amount of memory leaked. Eventually this should be
54 # worked down to zero, but right now that would fail on every single capture.
55 # Only has effect when running under valgrind.
56 MAX_LEAK=`expr 1024 \* 500`
57
58 # To do: add options for file names and limits
59 while getopts ":2b:C:d:e:gp:P:" OPTCHAR ; do
60 case $OPTCHAR in
61 2) TWO_PASS="-2 " ;;
62 b) BIN_DIR=$OPTARG ;;
63 C) CONFIG_PROFILE="-C $OPTARG " ;;
64 d) TMP_DIR=$OPTARG ;;
65 e) ERR_PROB=$OPTARG ;;
66 g) VALGRIND=1 ;;
67 p) MAX_PASSES=$OPTARG ;;
68 P) MIN_PLUGINS=$OPTARG ;;
69 esac
70 done
71 shift $(($OPTIND - 1))
72
73 ### usually you won't have to change anything below this line ###
74
75 COMMON_ARGS="${CONFIG_PROFILE}${TWO_PASS}"
76 if [ $VALGRIND -eq 1 ]; then
77 RUNNER="`dirname $0`/valgrind-wireshark.sh"
78 COMMON_ARGS="-b $BIN_DIR $COMMON_ARGS"
79 declare -a RUNNER_ARGS=("" "-T")
80 # Valgrind requires more resources, so bump our limits to 1.5 times normal
81 MAX_CPU_TIME=`expr 3 \* $MAX_CPU_TIME / 2`
82 MAX_VMEM=`expr 3 \* $MAX_VMEM / 2`
83 else
84 # Not using valgrind, use regular tshark.
85 # TShark arguments (you won't have to change these)
86 # n Disable network object name resolution
87 # V Print a view of the details of the packet rather than a one-line summary of the packet
88 # x Cause TShark to print a hex and ASCII dump of the packet data after printing the summary or details
89 # r Read packet data from the following infile
90 RUNNER="$TSHARK"
91 declare -a RUNNER_ARGS=("-nVxr" "-nr")
92 # Running with a read filter but without generating the tree exposes some
93 # "More than 100000 items in tree" bugs.
94 # Not sure if we want to add even more cycles to the fuzz bot's work load...
95 #declare -a RUNNER_ARGS=("${CONFIG_PROFILE}${TWO_PASS}-nVxr" "${CONFIG_PROFILE}${TWO_PASS}-nr" "-Yframe ${CONFIG_PROFILE}${TWO_PASS}-nr")
96 fi
97
98
99 NOTFOUND=0
100 for i in "$TSHARK" "$EDITCAP" "$CAPINFOS" "$DATE" "$TMP_DIR" ; do
101 if [ ! -x $i ]; then
102 echo "Couldn't find $i"
103 NOTFOUND=1
104 fi
105 done
106 if [ $NOTFOUND -eq 1 ]; then
107 exit 1
108 fi
109
110 # Make sure we have a valid test set
111 FOUND=0
112 for CF in "$@" ; do
113 if [ "$OSTYPE" == "cygwin" ] ; then
114 CF=`cygpath --windows "$CF"`
115 fi
116 "$CAPINFOS" "$CF" > /dev/null 2>&1 && FOUND=1
117 if [ $FOUND -eq 1 ] ; then break ; fi
118 done
119
120 if [ $FOUND -eq 0 ] ; then
121 cat <<FIN
122 Error: No valid capture files found.
123
124 Usage: `basename $0` [-2] [-b bin_dir] [-C config_profile] [-d work_dir] [-e error probability] [-g] [-p passes] capture file 1 [capture file 2]...
125 FIN
126 exit 1
127 fi
128
129 PLUGIN_COUNT=`$TSHARK -G plugins | grep dissector | wc -l`
130 if [ $MIN_PLUGINS -gt 0 -a $PLUGIN_COUNT -lt $MIN_PLUGINS ] ; then
131 echo "Warning: Found fewer plugins than expected ($PLUGIN_COUNT vs $MIN_PLUGINS)."
132 exit 1
133 fi
134
135 HOWMANY="forever"
136 if [ $MAX_PASSES -gt 0 ]; then
137 HOWMANY="$MAX_PASSES passes"
138 fi
139 echo -n "Running $RUNNER $COMMON_ARGS with args: "
140 printf "\"%s\" " "${RUNNER_ARGS[@]}"
141 echo "($HOWMANY)"
142 echo ""
143
144 # Clean up on <ctrl>C, etc
145 trap "DONE=1; echo 'Caught signal'" HUP INT TERM
146
147
148 # Iterate over our capture files.
149 PASS=0
150 while [ \( $PASS -lt $MAX_PASSES -o $MAX_PASSES -lt 1 \) -a $DONE -ne 1 ] ; do
151 let PASS=$PASS+1
152 echo "Starting pass $PASS:"
153 RUN=0
154
155 for CF in "$@" ; do
156 if [ $DONE -eq 1 ]; then
157 break # We caught a signal
158 fi
159 RUN=$(( $RUN + 1 ))
160 if [ $(( $RUN % 50 )) -eq 0 ] ; then
161 echo " [Pass $PASS]"
162 fi
163 if [ "$OSTYPE" == "cygwin" ] ; then
164 CF=`cygpath --windows "$CF"`
165 fi
166 echo -n " $CF: "
167
168 "$CAPINFOS" "$CF" > /dev/null 2> $TMP_DIR/$ERR_FILE
169 RETVAL=$?
170 if [ $RETVAL -eq 1 ] ; then
171 echo "Not a valid capture file"
172 rm -f $TMP_DIR/$ERR_FILE
173 continue
174 elif [ $RETVAL -ne 0 -a $DONE -ne 1 ] ; then
175 # Some other error
176 exit_error
177 fi
178
179 DISSECTOR_BUG=0
180 VG_ERR_CNT=0
181
182 "$EDITCAP" -E $ERR_PROB "$CF" $TMP_DIR/$TMP_FILE > /dev/null 2>&1
183 if [ $? -ne 0 ] ; then
184 "$EDITCAP" -E $ERR_PROB -T ether "$CF" $TMP_DIR/$TMP_FILE \
185 > /dev/null 2>&1
186 if [ $? -ne 0 ] ; then
187 echo "Invalid format for editcap"
188 continue
189 fi
190 fi
191
192 for ARGS in "${RUNNER_ARGS[@]}" ; do
193 if [ $DONE -eq 1 ]; then
194 break # We caught a signal
195 fi
196 echo -n "($ARGS) "
197 echo -e "Command and args: $RUNNER $ARGS\n" > $TMP_DIR/$ERR_FILE
198
199 # Run in a child process with limits, e.g. stop it if it's running
200 # longer then MAX_CPU_TIME seconds. (ulimit may not be supported
201 # well on some platforms, particularly cygwin.)
202 (
203 ulimit -S -t $MAX_CPU_TIME -v $MAX_VMEM -s $MAX_STACK
204 ulimit -c unlimited
205
206 "$RUNNER" $COMMON_ARGS $ARGS $TMP_DIR/$TMP_FILE \
207 > /dev/null 2>> $TMP_DIR/$ERR_FILE
208 )
209 RETVAL=$?
210
211 # Uncomment the next two lines to enable dissector bug
212 # checking.
213 #grep -i "dissector bug" $TMP_DIR/$ERR_FILE \
214 # > /dev/null 2>&1 && DISSECTOR_BUG=1
215
216 if [ $VALGRIND -eq 1 -a $DONE -ne 1 ]; then
217 VG_ERR_CNT=`grep "ERROR SUMMARY:" $TMP_DIR/$ERR_FILE | cut -f4 -d' '`
218 VG_DEF_LEAKED=`grep "definitely lost:" $TMP_DIR/$ERR_FILE | cut -f7 -d' ' | tr -d ,`
219 VG_IND_LEAKED=`grep "indirectly lost:" $TMP_DIR/$ERR_FILE | cut -f7 -d' ' | tr -d ,`
220 VG_TOTAL_LEAKED=`expr $VG_DEF_LEAKED + $VG_IND_LEAKED`
221 if [ $? -ne 0 ] ; then
222 VG_ERR_CNT=1
223 elif [ "$VG_TOTAL_LEAKED" -gt "$MAX_LEAK" ] ; then
224 VG_ERR_CNT=1
225 fi
226 if grep -q "Valgrind cannot continue" $TMP_DIR/$ERR_FILE; then
227 VG_ERR_CNT=-1
228 fi
229 fi
230
231 if [ $DONE -ne 1 -a \( $RETVAL -ne 0 -o $DISSECTOR_BUG -ne 0 -o $VG_ERR_CNT -ne 0 \) ] ; then
232 exit_error
233 fi
234 done
235
236 echo " OK"
237 rm -f $TMP_DIR/$TMP_FILE $TMP_DIR/$ERR_FILE
238 done
239 done