7784140f2b
Add a hook to src/vlibapi/api_shared.c to fuzz (screw up) binary API
messages, e.g. by xoring random data into them before processing. We
specifically exempt client connection messages, and inband debug CLI
messages. We step over msg_id, client index, client context, and
sw_if_index. Otherwise, "make test" vectors fail too rapidly to learn
anything.
The goal is to reduce the number of crashes caused to zero. We're
fairly close with this patch.
Add vl_msg_api_max_length(void *mp), which returns the maximum
plausible length for a binary API message.
Use it to hardern vl_api_from_api_to_new_vec(...) which takes an
additional argument - message pointer - so it can verify that
astr->length is sane. If it's not sane, return a u8 *vector of the
form "insane astr->length nnnn\0".
Verify array lengths in vl_api_dhcp6_send_client_message_t_handler(...)
and vl_api_dhcp6_pd_send_client_message_t_handler(...).
Add a fairly effective binary API fuzz hook to the unittest plugin,
and modify the "make test" framework.py to pass "api-fuzz { on|off }"
to enable API fuzzing: "make API_FUZZ=on TEST=xxx test-debug" or similar
Type: improvement
Signed-off-by: Dave Barach <dave@barachs.net>
Change-Id: I0157267652a163c01553d5267620f719cc6c3bde
60 lines
1.7 KiB
C
60 lines
1.7 KiB
C
/*
|
|
*------------------------------------------------------------------
|
|
* api_types.h
|
|
*
|
|
* Copyright (c) 2018 Cisco and/or its affiliates.
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at:
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*------------------------------------------------------------------
|
|
*/
|
|
|
|
#ifndef included_api_types_h
|
|
#define included_api_types_h
|
|
|
|
#include <stdbool.h>
|
|
#include <stdarg.h>
|
|
#include <vppinfra/types.h>
|
|
#include <arpa/inet.h>
|
|
#include <string.h>
|
|
|
|
#ifdef __cplusplus
|
|
extern "C"
|
|
{
|
|
#endif
|
|
|
|
/* VPP API string type */
|
|
typedef struct
|
|
{
|
|
u32 length;
|
|
u8 buf[0];
|
|
} __attribute__ ((packed)) vl_api_string_t;
|
|
|
|
/* Nul terminated string to vl_api_string_t */
|
|
extern int vl_api_c_string_to_api_string (const char *buf, vl_api_string_t * str);
|
|
/* NON nul terminated vector to vl_api_string_t */
|
|
extern int vl_api_vec_to_api_string (const u8 *vec, vl_api_string_t * str);
|
|
|
|
extern u32 vl_api_string_len (vl_api_string_t * astr);
|
|
|
|
/* Returns new vector. NON nul terminated */
|
|
extern u8 * vl_api_from_api_to_new_vec (void *mp, vl_api_string_t *astr);
|
|
/* Returns new vector. Nul terminated */
|
|
extern char * vl_api_from_api_to_new_c_string (vl_api_string_t *astr);
|
|
|
|
extern u8 *vl_api_format_string (u8 *s, va_list *args);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif
|