unsigned char get_pair(void)
{
unsigned char byte;
byte = ascii_to_bin(read_char_direct()) << 4;
byte |= ascii_to_bin(read_char_direct());
csum += byte;
return (byte);
}
int execute_fuzz(option_block *opts)
{
char *line = malloc(8192);
char *req = malloc(opts->mseql + 16384);
char *req2 = malloc(opts->mseql + 16384);
char *preq = malloc(opts->mseql + 16384);
char *p, *j;
char c,f,b;
int tsze = 0;
int reqsize = 0;
int preqsize= 0;
int i = 0;
int k = 0;
unsigned int seq4b = 0;
memset(req, 0, opts->mseql + 16384);
memset(req2, 0, opts->mseql + 16384);
memset(preq, 0, opts->mseql + 16384);
if(opts->state != FUZZ)
{
fprintf(stderr, "[%s] fatal: corrupted state for execute_fuzz()\n",
get_time_as_log());
exit(-1);
}
/*setup the socket fd*/
opts->sockfd = -1;
while(!feof(opts->fp))
{
tsze = 0;
reqsize = 0;
line[0] = 0;
while(strcmp(line, "--") && strcmp(line, "c-"))
{
tsze = readLine(opts, line, 8192, 1);
if(!strcmp(line, "--") || !strcmp(line, "c-") || tsze == 0)
{
break;
}
if(opts->mseql && ((tsze + reqsize) > opts->mseql + 8192))
{
/*ohnoes overflow*/
fprintf(stderr, "[%s] error: overflow[%d:%d].\n",
get_time_as_log(), opts->mseql,
(tsze + reqsize));
exit(-1);
}
memcpy(req+reqsize, line, tsze);
reqsize += tsze-1;
if(opts->line_terminator_size)
{
memcpy(req+reqsize, opts->line_term,
opts->line_terminator_size);
}
reqsize += opts->line_terminator_size;
*(req+reqsize) = 0;
}
if(feof(opts->fp)) break;
if(!strcasecmp(line, "c-"))
opts->close_conn = 0;
else
opts->close_conn = 1;
/* TODO: implement this feature in an intuitive and useful manner */
opts->send_initial_nonfuzz_again = 0;
if(opts->trim_nl)
req[reqsize-1] = 0;
if(opts->seqstep <= 0)
{
opts->seqstep = opts->mseql;
}
/*loaded a request.*/
p = strstr(req, "FUZZ");
if(!p)
{
if(fuzz(opts, req, reqsize) < 0)
{
goto done;
}
memcpy(preq, req, reqsize);
preqsize = reqsize;
}
else /* we have to FUZZ for reals*/
{
/*do the literals*/
if(opts->no_literal_fuzz == 0)
{
for(tsze = 0; tsze < opts->num_litr; ++tsze)
{
char litr_is_bin = 0;
i = 0;
/*first, do the literals, which are filled in as-is*/
strcpy(req2, req);
c = *(
(opts->litr[tsze]) +
strspn(opts->litr[tsze], " "));
b = *(1+
(opts->litr[tsze]) +
strspn(opts->litr[tsze], " "));
f = *(2 +
(opts->litr[tsze])+
strspn(opts->litr[tsze], " "));
if((c == '0') ||
(c == '\\'))
{
if((b == 'x') &&
((f >= '0') &&
(f <= '9')))
litr_is_bin = 1;
}
if(c == 'x')
if((f >= '0') && (f <= '9'))
litr_is_bin = 1;
if(!litr_is_bin)
i = strrepl(req2, reqsize, "FUZZ", opts->litr[tsze]);
else
{
char *blit = malloc(8192);
int blit_len = 0;
strcpy(blit,opts->litr[tsze]+
strspn(opts->litr[tsze]," "));
strrepl(blit, strlen(blit), "0x", " ");
strrepl(blit, strlen(blit), "\\x", " ");
blit_len = ascii_to_bin(blit);
i = smemrepl(req2, reqsize, "FUZZ",blit, blit_len );
free( blit );
}
if(opts->send_initial_nonfuzz_again)
if(fuzz(opts, preq, preqsize) < 0)
goto done;
if(fuzz(opts, req2, i)<0)
goto done;
}
}
if(opts->no_sequence_fuzz == 0)
{
/*do the sequences*/
for(tsze = 0; tsze < opts->num_seq; ++tsze)
{
char seq_buf[5] = {0};
/*at this point, we do sequences. Sequencing will be done*/
/*by filling to maxseqlen, in increments of seqstep*/
memcpy(req2, req, (p-req));
/*we've filled up req2 with everything BEFORE FUZZ*/
j = req2;
for(k = opts->seqstep; k <= opts->mseql; k+= opts->seqstep)
{
seq4b = 0;
req2 = j;
req2 += (p-req);
for(i=0; i < k; ++i)
{
*req2++ =
*(opts->seq[tsze] +
(i % opts->seq_lens[tsze]));
if(strstr(j, "__SEQUENCE_NUM_ASCII__"))
{
snprintf(seq_buf, 5, "%04d", seq4b++);
strrepl(j, strlen(j), "__SEQUENCE_NUM_ASCII__",
seq_buf);
req2 -= 18;
}
}
memcpy(req2, (char *)(p+4), strlen(p+4));
*(req2+(strlen(p+4))) = 0;
req2 = j;
if(opts->send_initial_nonfuzz_again)
if(fuzz(opts, preq, preqsize) < 0)
goto done;
if(fuzz(opts, req2, strlen(req2))<0)
goto done;
}
}
}
}
}
done:
free( line );
free( req );
free( req2 );
return 0;
}
/* This function pulls intel hex formatted code from the serial port and loads
it into a temporary location. Once a complete SPM page length is stored,
it executes a flash memory write. */
char ihex_load(void)
{
unsigned char
i,
byte_count = 0,
data_pairs,
data_type,
temp_byte,
temp_store,
address_lo,
address_hi;
unsigned int data; // temporary location to store program words
unsigned long temp_address = 0ul; //Tmp page fill address ??
do
{
if(GetChar0() != ':') // check to make sure the first character is ':'
{
return(1);
}
/* get the count of data pairs */
data_pairs = ascii_to_bin( GetChar0() ) << 4;
data_pairs |= ascii_to_bin( GetChar0() );
/* get the address to put the data */
/* although we collect this data, we do not use it. All data
programmed through this bootloader starts at application program
space location 0x0000. The collection is neccessary only for
the checksum calculation. */
address_hi = ascii_to_bin( GetChar0() ) << 4;
address_hi |= ascii_to_bin( GetChar0() );
address_lo = ascii_to_bin( GetChar0() ) << 4;
address_lo |= ascii_to_bin( GetChar0() );
/* get the data type */
data_type = ascii_to_bin( GetChar0() ) << 4;
data_type |= ascii_to_bin( GetChar0() );
temp_store = data_pairs + address_hi + address_lo + data_type;
for( i = 0; i < data_pairs; i++ )
{
temp_byte = ascii_to_bin( GetChar0() ) << 4;
temp_byte |= ascii_to_bin( GetChar0() );
page_data[byte_count] = temp_byte;
byte_count++;
temp_store += temp_byte;
}
/* get the checksum */
temp_byte = ascii_to_bin( GetChar0() ) << 4;
temp_byte |= ascii_to_bin( GetChar0() );
GetChar0(); // get and dispose of the LF
//GetChar0(); // strip the CR character
/* check the data and checksum */
if( (char)(temp_store + temp_byte) )
{
return(2);
}
/* fill the rest of the page buffer with 0xFF if the last records are not
a full page in length */
if( data_type )
{
for (i= 0 ; i < 10 ;i++);
for(byte_count; byte_count < SPM_PAGESIZE; byte_count++ )
{
page_data[byte_count] = 0xFF;
}
}
/* if the page buffer is full, write the buffer to the temp flash buffer */
if( byte_count >= SPM_PAGESIZE )
{
byte_count = 0;
/* store data in temp buffer and write to flash */
for( i = 0; i < SPM_PAGESIZE; i += 2 )
{
/* swap the bytes for little endian format */
data = page_data[ i ];
data |= ( page_data[ i + 1 ] << 8 );
boot_page_fill( temp_address, data ); // call asm routine to load temporary flash buffer
temp_address += 2; // select next word in temporary buffer
}
/* write to the flash */
boot_page_write( temp_address - SPM_PAGESIZE );
boot_spm_busy_wait();
boot_rww_enable(); //Re-enable the RWW section
PutChar0('*');
}
} while( !data_type );
return(0);
}
int processFileLine(option_block *opts, char *line, int line_len)
{
FILE *t;
char *f;
int state;
int lno;
char *delim;
int sze;
switch(line[0])
{
case '/':
if(line[1] != '/')
break;
case ';':
case '#':
case 0:
case '\n':
return 0;
case '\r':
if(line[1] == '\n')
return 0;
break;
}
/*not a comment, regular state*/
#ifndef NOPLUGIN
if(!strncasecmp("plugin", line, 6))
{
delim = strstr(line, " ");
if(delim == NULL)
{
file_error("plugin line with no file specified. abort!", opts);
}
plugin_load(delim, opts);
return 0;
}
#endif
if(!strncasecmp("literal", line, 7))
{
delim = strstr(line, "=");
if(delim == NULL)
{
file_error("literal string not assigned!", opts);
}
sze = strlen(delim+1);
if(sze == 0)
{
file_error("literal string is null!", opts);
}
add_literal(opts, delim+1, sze);
return 0;
}
if(!strncasecmp("++", line, 2))
{
set_bsym_increment(opts, line+2);
return 0;
}
if(!strncasecmp("sequence", line, 7))
{
delim = strstr(line, "=");
if(delim == NULL)
{
file_error("sequence string not assigned!", opts);
}
sze = strlen(delim+1);
if(sze == 0)
{
file_error("sequence string is null!", opts);
}
add_sequence(opts, delim+1, sze);
return 0;
}
if(!strncasecmp("reppol", line, 6))
{
delim = strstr(line, "=");
if(delim == NULL)
file_error("replacement policy not specified.", opts);
f = delim+1;
if(!strncasecmp(f, "always", 6))
{
opts->repl_pol = 1;
}
else if(!strncasecmp(f, "once", 5))
{
opts->repl_pol = 2;
}
else
file_error("replacement policy not recognized.", opts);
return 0;
}
if(!strncasecmp("reqwait", line, 7))
{
delim = strstr(line, "=");
if(delim == NULL)
file_error("request wait string not assigned!", opts);
sze = strlen(delim+1);
if(sze == 0)
file_error("request wait string is null!", opts);
opts->reqw_inms = atoi(delim+1);
return 0;
}
if(!strncasecmp("lineterm", line, 8))
{
delim = strstr(line, "=");
if(delim == NULL)
file_error("lineterm value not assigned!", opts);
sze = strlen(delim+1);
state = strlen(line) - sze;
if(sze)
{
if((line[state] == '\\') ||
(line[state] == '0'))
{
if(line[state] == 'x')
sze = ascii_to_bin(line+state);
}
memcpy(opts->line_term, line+state, sze);
}
opts->line_terminator_size = sze;
return 0;
}
if(!strncasecmp("maxseqlen", line, 9))
{
delim = strstr(line, "=");
if(delim == NULL)
file_error("max seq len not assigned!", opts);
sze = strlen(delim+1);
if(sze == 0)
file_error("max seq len is null!", opts);
opts->mseql = atoi(delim+1);
return 0;
}
if(!strncasecmp("seqstep", line, 7))
{
delim = strstr(line, "=");
if(delim == NULL)
file_error("seq step not assigned!", opts);
sze = strlen(delim+1);
if(sze == 0)
file_error("seq step is null!", opts);
opts->seqstep = atoi(delim+1);
return 0;
}
if(!strncasecmp("endcfg", line, 6))
return 1;
if(!strncasecmp("include", line, 7))
{
delim = strstr(line, " ");
if(delim == NULL)
file_error("include not assigned!", opts);
sze = strlen(delim+1);
if(sze == 0)
file_error("include is null!", opts);
t = opts->fp;
f = malloc(strlen(opts->pFilename));
if(f == NULL)
{
file_error("unable to include file - out of memory.", opts);
}
/*yeah yeah...not safe. So fuzz it, already!*/
strcpy(f, opts->pFilename);
state = opts->state;
strncpy(opts->pFilename, delim+1, MAX_FILENAME_SIZE-1);
/*setup for inner parse.*/
opts->state = INIT_READ;
lno = opts->lno;
/*do inner parse.*/
read_config(opts);
strcpy(opts->pFilename, f);
opts->state = state;
opts->lno = lno;
opts->fp = t;
free(f);
return 0;
}
if(line[0] == '$')
{
delim = strstr(line+1, "=");
if(delim == NULL)
{
file_error("symbol not assigned!", opts);
}
sze = strlen(delim+1);
if(sze == 0)
{
file_error("symbol is null!", opts);
}
add_symbol(line+1, (delim - (line+1)), delim+1, sze, opts, 0);
return 0;
} else if (line[0] == '!')
{
/*binary stuff*/
delim = strstr(line+1, "=");
if(delim == NULL)
{
file_error("binary symbol not assigned!", opts);
}
sze = strlen(delim+1);
if(sze == 0)
{
file_error("binary symbol is null!", opts);
}
sze = ascii_to_bin(delim+1);
if(sze < 0)
{
file_error("binary text is invalid!", opts);
}
add_b_symbol(line+1, (delim - (line+1)), delim+1, sze, opts);
return 0;
} else if (line[0] == '|')
{
delim = strstr(line+1, "=");
if(delim == NULL)
{
file_error("symbol not assigned!", opts);
}
sze = strlen(delim+1);
if(sze == 0)
{
file_error("symbol is null!", opts);
}
add_subst_symbol(line+1, (delim - (line+1)), delim+1, sze, opts, 0);
return 0;
}
#ifndef NOPLUGIN
if(g_plugin != NULL &&
((g_plugin->capex() & PLUGIN_PROVIDES_LINE_OPTS) ==
PLUGIN_PROVIDES_LINE_OPTS))
{
return g_plugin->config(opts, line, line_len);
}
#endif
fprintf(stderr, "[%s]\n", line);
file_error("invalid config file.", opts);
return 1;
}
int galileo_dl(void)
{
#define display_char '.'
#define display_error 'E'
#define display_error_bad_7 '7'
#define display_error_unknown 'U'
#define display_error_length 'L'
register int length, address, save_csum;
int i, first, done, eof, reccount, type, client_pc;
int src, dbl_length;
unsigned char *buffptr, databuff[258], tempo;
register int display_counter, chunks, leftovers, putter,
bytes_per_chunk;
display_counter = 0;
bytes_per_chunk = 16;
csum = 0;
reccount = 1;
for (first = 1, done = 0; !done; first = 0, reccount++) {
while (read_char_direct() != 'S')
continue;
csum = 0;
type = read_char_direct();
length = get_pair();
if (length < 0 || length >= 256) {
*(char *) 0xbd000020 = display_error_length;
// *(char*)0xbd00000c = display_error_length;
return 0;
}
length--;
switch (type) {
case '0':
while (length-- > 0)
get_pair();
break;
case '3':
address = 0;
for (i = 0; i < 4; i++) {
address <<= 8;
address |= get_pair();
length--;
}
if (address == -1) {
eof = 1;
continue;
}
buffptr = &databuff[0];
dbl_length = length << 1;
chunks = dbl_length / bytes_per_chunk;
leftovers = dbl_length % bytes_per_chunk;
putter = bytes_per_chunk >> 1;
while (chunks--) {
for (i = 0; i < bytes_per_chunk; i++)
databuff[i] = read_char_direct();
src = i = 0;
while (i++ < putter) {
tempo =
(ascii_to_bin(databuff[src++])
<< 4) |
ascii_to_bin(databuff[src++]);
csum += tempo;
*(char *) address++ = tempo;
}
}
if (leftovers) {
putter = leftovers / 2;
for (i = 0; i < leftovers; i++)
databuff[i] = read_char_direct();
src = i = 0;
while (i++ < putter) {
tempo =
(ascii_to_bin(databuff[src++])
<< 4) |
ascii_to_bin(databuff[src++]);
csum += tempo;
*(char *) address++ = tempo;
}
}
break;
case '7':
address = 0;
for (i = 0; i < 4; i++) {
address <<= 8;
address |= get_pair();
length--;
}
if (address == -1) {
eof = 1;
continue;
}
client_pc = address;
if (length) {
*(char *) 0xbd000020 = display_error_bad_7;
// *(char*)0xbd00000c = display_error_bad_7;
}
done = 1;
break;
default:
*(char *) 0xbd000020 = display_error_unknown;
// *(char*)0xbd00000c = display_error_unknown;
break;
}
save_csum = (~csum) & 0xff;
if ((csum = get_pair()) < 0) {
eof = 1;
continue;
}
if (csum != save_csum) {
*(char *) 0xbd000020 = display_error;
// *(char*)0xbd00000c = display_error;
} else {
if (display_counter % 50 == 0) {
*(char *) 0xbd000020 = display_char;
display_counter = 0;
}
display_counter++;
}
}
--reccount;
dl_entry = client_pc;
return dl_entry; /* Success */
}
