dali/bacnet_stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d3689aaec0cdd7eac5fd1d9706b02b2bde90a767
bacnet_stack/apps/fuzz-afl/main.c
T
Steve Karg 94b3809a58 Bugfix/confirmed handlers empty service request (#885) 
* Added reject in all confirmed service handlers, except GetEventInformation, when confirmed services with zero length occur which rejects with required parameters are missing message.

* Refactored errno use in service using debug_perror. Changed debug_perror usage to debug_fprintf. 

* Updated file and function headers in basic/service modules.

* Changed NDPU priority on confirmed messages to use requested NDPU priority.

* Renamed debug_aprintf to debug_printf_stdout for clarity.

* Convert most debug_fprintf usage to debug_print to reduce text bloat in AVR build
2025-01-05 10:09:39 -06:00

117 lines
3.3 KiB
C
Raw Blame History

/**
* @file
* @brief command line fuzz (data scrambling) interface for security testing
* @author Anthony Delorenzo <anthony@crystalpeaksecurity.com>
* @date 2023
* @copyright SPDX-License-Identifier: MIT
*/
#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <time.h>
#include <assert.h>
/* BACnet Stack defines - first */
#include "bacnet/bacdef.h"
/* BACnet Stack API */
#include "bacnet/bactext.h"
#include "bacnet/bacerror.h"
#include "bacnet/iam.h"
#include "bacnet/arf.h"
#include "bacnet/npdu.h"
#include "bacnet/apdu.h"
#include "bacnet/version.h"
/* some demo modules we use */
#include "bacnet/basic/sys/debug.h"
#include "bacnet/basic/tsm/tsm.h"
#include "bacnet/basic/binding/address.h"
#include "bacnet/basic/services.h"
/* port agnostic file */
#include "bacport.h"
/* our datalink layers */
#include "bacnet/datalink/dlmstp.h"
#include "bacnet/datalink/bip.h"
#include "bacnet/datalink/bvlc.h"
#include "bacnet/basic/bbmd/h_bbmd.h"
// Pull in all of this...
#include "../router-mstp/main.c"
static void Init_Service_Handlers()
{
apdu_set_unconfirmed_handler(
SERVICE_UNCONFIRMED_WHO_IS, handler_who_is_unicast);
apdu_set_unconfirmed_handler(SERVICE_UNCONFIRMED_WHO_HAS, handler_who_has);
apdu_set_unrecognized_service_handler_handler(handler_unrecognized_service);
apdu_set_confirmed_handler(
SERVICE_CONFIRMED_READ_PROPERTY, handler_read_property);
apdu_set_confirmed_handler(
SERVICE_CONFIRMED_READ_PROP_MULTIPLE, handler_read_property_multiple);
apdu_set_confirmed_handler(
SERVICE_CONFIRMED_WRITE_PROPERTY, handler_write_property);
apdu_set_confirmed_handler(
SERVICE_CONFIRMED_READ_RANGE, handler_read_range);
apdu_set_confirmed_handler(
SERVICE_CONFIRMED_REINITIALIZE_DEVICE, handler_reinitialize_device);
apdu_set_unconfirmed_handler(
SERVICE_UNCONFIRMED_UTC_TIME_SYNCHRONIZATION, handler_timesync_utc);
apdu_set_unconfirmed_handler(
SERVICE_UNCONFIRMED_TIME_SYNCHRONIZATION, handler_timesync);
apdu_set_confirmed_handler(
SERVICE_CONFIRMED_SUBSCRIBE_COV, handler_cov_subscribe);
apdu_set_confirmed_handler(
SERVICE_CONFIRMED_DEVICE_COMMUNICATION_CONTROL,
handler_device_communication_control);
apdu_set_unconfirmed_handler(SERVICE_UNCONFIRMED_WHO_IS, handler_who_is);
apdu_set_unrecognized_service_handler_handler(handler_unrecognized_service);
apdu_set_confirmed_handler(
SERVICE_CONFIRMED_READ_PROPERTY, handler_read_property);
apdu_set_unconfirmed_handler(SERVICE_UNCONFIRMED_I_AM, handler_i_am_add);
}
/*
* FIXME: This is a hack to get things linking correctly
*/
extern int cov_subscribe(void)
{
return 0;
}
extern int Device_Value_List_Supported(void)
{
return 0;
}
extern int Encode_RR_payload(void)
{
return 0;
}
extern int Device_Objects_RR_Info(void)
{
return 0;
}
extern int Device_Write_Property(void)
{
return 0;
}
extern int Device_Reinitialize(void)
{
return 0;
}
int main(int argc, char *argv[])
{
BACNET_ADDRESS src = { 0 };
uint16_t pdu_len = 0;
Init_Service_Handlers();
pdu_len = read(0, &BIP_Rx_Buffer[0], sizeof(BIP_Rx_Buffer));
/* process fuzz input*/
if (pdu_len) {
my_routing_npdu_handler(BIP_Net, &src, &BIP_Rx_Buffer[0], pdu_len);
}
return 0;
}
Reference in New Issue View Git Blame Copy Permalink