aboutsummaryrefslogtreecommitdiffstats
path: root/tests/ap-mgmt-fuzzer
Commit message (Collapse)AuthorAgeFilesLines
* tests: Fix ap-mgmt-fuzzer build configuration to match libap.aJouni Malinen2019-05-291-0/+1
| | | | | | | | | | | | | | | | Missing CONFIG_AIRTIME_POLICY=y made the offset of struct hostapd_iface::prev_wmm different between libap.a and ap-mgmt-fuzzer.o which resulted in odd fuzzing failures due to a memcpy to ctx.iface->prev_wmm ending up writing on top of the ctx.hapd and in particular, on top of ctx.hapd.iface pointer. Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15013 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15014 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15015 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15017 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15019 Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15020 Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Fix ap-mgmt-fuzzer exit to free memoryJouni Malinen2019-05-241-0/+2
| | | | | | | | | | | This fuzzing wrapper does not go through full hostapd_clean_iface() call to free memory, so call ap_list_deinit() to avoid reporting memory leaks from added AP list entries. This case could not be hit with hostapd/wpa_supplicant since they perform full interface deinit on interface removal. Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14928 Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* ap-mgmt-fuzzer: Add .gitignoreJohannes Berg2017-03-071-0/+1
| | | | | | Ignore the binary created here. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* tests: Allow multiple management frames to be used with ap-mgmt-fuzzerJouni Malinen2016-11-162-7/+76
| | | | | | | | | | | The optional "-m <multi.dat>" command line option can now be used to specify a data file that can include multiple management frames with each one prefixed with a 16-bit big endian length field. This allows a single fuzzer run to be used to go through multi-frame exchanges. The multi.dat file shows an example of this with Probe Request frame, Authentication frame, Association Request frame, and an Action frame. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* tests: Add a STA entry for ap-mgmt-fuzzerJouni Malinen2015-05-031-0/+7
| | | | | | | This increases the coverage for AP mode management frame fuzzing by allowing number of additional Action frame code paths to be executed. Signed-off-by: Jouni Malinen <j@w1.fi>
* Declare all read only data structures as constMikael Kanstrup2015-04-251-1/+1
| | | | | | | | By analysing objdump output some read only structures were found in .data section. To help compiler further optimize code declare these as const. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
* tests: Add ap-mgmt-fuzzerJouni Malinen2015-04-224-0/+197
This program can be used to run fuzzing tests for areas related to AP management frame parsing and processing. Signed-off-by: Jouni Malinen <j@w1.fi>