/*
* .KB_C_FN_DEFINITION_START
* void WriteCommandTable(void)
* This global function write the current command table to the non-volatile
* memory.
* .KB_C_FN_DEFINITION_END
*/
void
WriteCommandTable(void)
{
int i, size = MAX_ENV_SIZE_BYTES, copySize;
char *cPtr = env_table;
p_memset(env_table, 0, sizeof(env_table));
for (i = 0; i < MAX_BOOT_COMMANDS; ++i) {
copySize = p_strlen(boot_commands[i]);
size -= copySize + 1;
if (size < 0) {
continue;
}
memcpy(cPtr, boot_commands[i], copySize);
cPtr += copySize;
*cPtr++ = 0;
}
/* We're executing in low RAM so addr in ram == offset in eeprom */
WriteEEPROM((unsigned)&BootCommandSection, env_table,
sizeof(env_table));
}
int
begin_fuzz (const char *path, int fuzztype, int argc, char **argv)
{
DIR *dirp;
struct dirent *dp;
char *buff = NULL;
struct stat statbuf;
int ix = 0;
if ((dirp = opendir (path)) == NULL)
{
fprintf (stderr, "Error opening specified directory [%s]\n", path);
perror ("opendir");
exit (-1);
}
while ((dp = readdir (dirp)))
{
buff = realloc (buff, p_strlen (path) + 1 + strlen (dp->d_name) + 1);
sprintf (buff, "%s/%s", path, dp->d_name);
if (stat (buff, &statbuf))
{
perror ("stat");
exit (-1);
}
if (!(strcmp (dp->d_name, "ifuzz")) ||
!(strcmp (dp->d_name, ".")) ||
!(strcmp (dp->d_name, "..")) ||
!(statbuf.st_mode & S_IEXEC) || !(S_ISREG (statbuf.st_mode)))
continue;
printf ("Executable: %s\n", dp->d_name);
ix++;
do_fuzz (buff, dp->d_name, fuzztype, argc, argv);
}
free (buff);
closedir (dirp);
printf ("Fuzzed %d files in directory %s\n", ix, path);
return 0;
}
/* takes a C string as an argument and "randomly" switches the letters around */
char *
p_strfry (char *string)
{
int len, i;
if (!init)
{
srand (time ((time_t *) NULL) + getpid ());
init = 1;
}
len = p_strlen (string);
for (i = 0; i < len; ++i)
{
size_t j = rand () % len;
char c = string[i];
string[i] = string[j];
string[j] = c;
}
return string;
}
char *
make_string (int size, char *startswith, char *endswith, char *hasone)
{
char *buff;
unsigned char filler;
int min_size = 0;
/* don't know behavior of strlen(NULL) on all implementations */
min_size =
p_strlen (startswith) + p_strlen (endswith) + p_strlen (hasone) + 1;
if (size < min_size)
{
printf ("error with the size of the string dude\n");
exit (-1);
}
buff = rmalloc (size);
if (!init)
{
srand (time ((time_t *) NULL) + getpid ());
init = 1;
}
filler = (rand () % 254) + 1;
if (hasone)
{
while ((p_strlen (hasone) == 1) && (filler == hasone[0])
&& !(isprint (filler)))
filler = (rand () % 254) + 1;
}
memset (buff, filler, size);
buff[size - 1] = 0x0;
if (startswith)
{
memcpy (buff, startswith, p_strlen (startswith));
memcpy (buff + p_strlen (startswith), FS_TRIGGER, p_strlen (FS_TRIGGER));
}
else
{
memcpy (buff + 1, FS_TRIGGER, p_strlen (FS_TRIGGER));
}
if (endswith)
{
strcpy (buff + p_strlen (buff) - p_strlen (endswith) - 1, endswith);
}
if (hasone)
{
if ((p_strlen (buff) / 2) < p_strlen (hasone))
{
printf("huh\n");
exit (-1);
}
memcpy (buff + (p_strlen (buff) / 2), hasone, p_strlen (hasone));
}
return buff;
}