diff options
| author | Marcus Meissner <marcus@jet.franken.de> | 2016-02-22 23:59:14 +0100 |
|---|---|---|
| committer | Marcus Meissner <marcus@jet.franken.de> | 2016-02-22 23:59:14 +0100 |
| commit | 705322f36e1013f075cf24c15972eb48da9d61f0 (patch) | |
| tree | c9c9e75e66515d9eed54afdc4aee9efce8dbfcd7 /libgphoto2_port/vusb | |
| parent | 756bf1531af74a32ecac8b5d728f20b02140510e (diff) | |
| download | libgphoto2-705322f36e1013f075cf24c15972eb48da9d61f0.tar.gz | |
allow fuzzing the virtual usb traffic, with a file being xored.
--port usb:FILENAME
for use by AFL and friends
Diffstat (limited to 'libgphoto2_port/vusb')
| -rw-r--r-- | libgphoto2_port/vusb/vcamera.c | 23 | ||||
| -rw-r--r-- | libgphoto2_port/vusb/vcamera.h | 4 | ||||
| -rw-r--r-- | libgphoto2_port/vusb/vusb.c | 4 |
3 files changed, 26 insertions, 5 deletions
diff --git a/libgphoto2_port/vusb/vcamera.c b/libgphoto2_port/vusb/vcamera.c index 385f7f0b7..fc655b9e7 100644 --- a/libgphoto2_port/vusb/vcamera.c +++ b/libgphoto2_port/vusb/vcamera.c @@ -1560,11 +1560,21 @@ static int vcam_exit(vcamera* cam) { return GP_OK; } -static int vcam_open(vcamera* cam) { +static int vcam_open(vcamera* cam, const char *port) { + char *s = strchr(port,':'); + + if (s) { + cam->fuzzfd = open(s+1,O_RDONLY); + if (cam->fuzzfd == -1) perror(s+1); + } return GP_OK; } static int vcam_close(vcamera* cam) { + if (cam->fuzzfd) { + close (cam->fuzzfd); + cam->fuzzfd = 0; + } return GP_OK; } @@ -1661,7 +1671,16 @@ vcam_read(vcamera*cam, int ep, char *data, int bytes) { if (toread > cam->nrinbulk) toread = cam->nrinbulk; - memcpy (data, cam->inbulk, toread); + if (cam->fuzzfd) { + int i; + + memset(data,0,toread); + read(cam->fuzzfd, data, toread); + for (i=0;i<toread;i++) + data[i] ^= cam->inbulk[i]; + } else { + memcpy (data, cam->inbulk, toread); + } memmove (cam->inbulk, cam->inbulk + toread, (cam->nrinbulk - toread)); cam->nrinbulk -= toread; return toread; diff --git a/libgphoto2_port/vusb/vcamera.h b/libgphoto2_port/vusb/vcamera.h index e44298ffa..a937be03e 100644 --- a/libgphoto2_port/vusb/vcamera.h +++ b/libgphoto2_port/vusb/vcamera.h @@ -34,7 +34,7 @@ typedef struct ptpcontainer { typedef struct vcamera { int (*init)(struct vcamera*); int (*exit)(struct vcamera*); - int (*open)(struct vcamera*); + int (*open)(struct vcamera*, const char*port); int (*close)(struct vcamera*); int (*read)(struct vcamera*, int ep, char *data, int bytes); @@ -50,6 +50,8 @@ typedef struct vcamera { unsigned int session; ptpcontainer ptpcmd; + + int fuzzfd; } vcamera; vcamera *vcamera_new(void); diff --git a/libgphoto2_port/vusb/vusb.c b/libgphoto2_port/vusb/vusb.c index 9d3105b1f..62f4152fe 100644 --- a/libgphoto2_port/vusb/vusb.c +++ b/libgphoto2_port/vusb/vusb.c @@ -122,10 +122,10 @@ gp_port_vusb_exit (GPPort *port) static int gp_port_vusb_open (GPPort *port) { - gp_log(GP_LOG_DEBUG,__FUNCTION__,"()"); + gp_log(GP_LOG_DEBUG,__FUNCTION__,"(%s)", port->settings.usb.port); if (port->pl->isopen) return GP_ERROR; - port->pl->vcamera->open(port->pl->vcamera); + port->pl->vcamera->open(port->pl->vcamera, port->settings.usb.port); port->pl->isopen = 1; return GP_OK; } |