misc: binary api fuzz test fixes
Add a hook to src/vlibapi/api_shared.c to fuzz (screw up) binary API
messages, e.g. by xoring random data into them before processing. We
specifically exempt client connection messages, and inband debug CLI
messages. We step over msg_id, client index, client context, and
sw_if_index. Otherwise, "make test" vectors fail too rapidly to learn
anything.
The goal is to reduce the number of crashes caused to zero. We're
fairly close with this patch.
Add vl_msg_api_max_length(void *mp), which returns the maximum
plausible length for a binary API message.
Use it to hardern vl_api_from_api_to_new_vec(...) which takes an
additional argument - message pointer - so it can verify that
astr->length is sane. If it's not sane, return a u8 *vector of the
form "insane astr->length nnnn\0".
Verify array lengths in vl_api_dhcp6_send_client_message_t_handler(...)
and vl_api_dhcp6_pd_send_client_message_t_handler(...).
Add a fairly effective binary API fuzz hook to the unittest plugin,
and modify the "make test" framework.py to pass "api-fuzz { on|off }"
to enable API fuzzing: "make API_FUZZ=on TEST=xxx test-debug" or similar
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I0157267652a163c01553d5267620f719cc6c3bde
This commit is contained in:
Dave Barach
committed by
Florin Coras
Florin Coras
parent
d88fc0fced
commit
7784140f2b
@ -109,6 +109,7 @@ void vl_msg_api_handler_with_vm_node (api_main_t * am, svm_region_t * vlib_rp,
|
||||
void *the_msg, vlib_main_t * vm,
|
||||
vlib_node_runtime_t * node,
|
||||
u8 is_private);
|
||||
u32 vl_msg_api_max_length (void *mp);
|
||||
vl_api_trace_t *vl_msg_api_trace_get (api_main_t * am,
|
||||
vl_api_trace_which_t which);
|
||||
void vl_msg_api_add_msg_name_crc (api_main_t * am, const char *string,
|
||||
|
||||
Reference in New Issue
Block a user