void dump_options(option_block *opts) { int i; if(opts != NULL) { printf("[%s] dumping options:\n\tfilename: <%s>\n\tstate: <%d>\n\tlineno: <%d>\n\tliterals: [%d]\n\tsequences: [%d]\n\tsymbols: [%d]\n\treq_del: <%d>\n\tmseq_len: <%d>\n\tplugin: <%s>\n\ts_syms: <%d>\n", get_time_as_log(), opts->pFilename, opts->state, opts->lno, opts->num_litr, opts->num_seq, opts->sym_count / 2, opts->reqw_inms, opts->mseql, g_plugin ? g_plugin->name() : "none", opts->s_syms_count); for(i = 0; i < opts->num_litr; i++) printf("\tliteral[%d] = [%s]\n", i+1, opts->litr[i]); for(i = 0; i < opts->num_seq; i++) printf("\tsequence[%d] = [%s]\n", i+1, opts->seq[i]); for(i = 0; i < opts->sym_count; ++i) { if(!(opts->syms_array[i].is_len)) printf("\tsym [%s]->[%s]\n", opts->syms_array[i].sym_name, opts->syms_array[i].sym_val); } for(i = 0; i < opts->s_syms_count; ++i) { printf("\t|sym| [%s] -> %d[%d:%s]\n", opts->s_syms[i].sym_name, opts->s_syms[i].is_len, opts->s_syms[i].offset, opts->s_syms[i].sym_val); } } }
int os_send_unix_dgram(option_block *opts, char *str, size_t len) { #ifdef __WIN32__ return -1; #endif FILE *log = stdout; struct sockaddr_un sa_unix; int sockfd = -1; if(opts->fp_log) log = opts->fp_log; sockfd = socket(AF_UNIX, SOCK_DGRAM, 0); if (sockfd != -1) { sa_unix.sun_family = AF_UNIX; strcpy(sa_unix.sun_path, opts->host_spec); if (sendto(sockfd, str, len, 0, (const struct sockaddr *)&sa_unix, sizeof sa_unix) < 0 ) { // handle the failure case... } if (opts->verbosity != QUIET) fprintf(log, "[%s] info: tx fuzz - scanning for reply.\n", get_time_as_log()); close(sockfd); return 0; } return -1; }
void process_opts(int argc, char *argv[], option_block *opts) { char *lastarg = 0; if(opts->state != CMD_LINE_OPTS) { fprintf(stderr, "[%s] fatal: attempt to invoke process_opts in improper state. ARE YOU HACKING ME?!\n", get_time_as_log()); exit(-1); } if(argc > 1) { --argc; while(argc > 0) { switch(argv[argc][0]) { case '-': process_opt_str((argv[argc])+1, lastarg, opts); break; default: lastarg = argv[argc]; break; } argc--; } } sanity(opts); }
void sanity(option_block *opts) { if(opts == NULL) { fprintf(stderr, "[%s] fatal: option block null\n", get_time_as_log()); exit(-1); } if(!(opts->tcp_flag) && !(opts->udp_flag) && !(opts->out_flag)) { fprintf(stderr, "[%s] error: must specify an output type.\n", get_time_as_log()); print_help(); exit(-1); } if(opts->pFilename[0] == 0) { fprintf(stderr, "[%s] error: must specify a config file.\n", get_time_as_log()); print_help(); exit(-1); } if(((opts->tcp_flag)||(opts->udp_flag)) && ((opts->host == 0) || ((opts->port == 0) || (opts->port < 1) || (opts->port > 65535))) ) { fprintf(stderr, "[%s] error: must specify a host and port when using netmode.\n", get_time_as_log()); print_help(); exit(-1); } }
/* this is going to be crappy! */ int atoip(const char *pIpStr) { #ifdef __WIN32__ WSADATA wsaData; #endif struct addrinfo hints, *servinfo, *p; int t = 0; #ifdef __WIN32__ if(WSAStartup(MAKEWORD(2,0), &wsaData) != 0) { fprintf(stderr, "[%s]: error: Unable to init winsock!\n", get_time_as_log()); return -1; } #endif memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; if(getaddrinfo(pIpStr, NULL, &hints, &servinfo) != 0) return 0; for(p = servinfo; p != NULL; p = p->ai_next) { if(p->ai_family == AF_INET) { t = ((struct sockaddr_in*)(p->ai_addr))->sin_addr.s_addr; break; } else if(p->ai_family == AF_INET6) t = 1; /* for IPv6 we treat it as a "true" value */ else t = 0; } freeaddrinfo(servinfo); #ifdef __WIN32__ WSACleanup(); #endif return t; }
int os_send_udp(option_block *opts, char *str, size_t len) { #ifdef __WIN32__ WSADATA wsaData; #endif FILE *log = stdout; struct timeval tv; fd_set fds; unsigned long int to = MAX(100, opts->time_out); struct addrinfo hints, *servinfo, *p; int sockfd = -1; int ret; if(opts->fp_log) log = opts->fp_log; #ifdef __WIN32__ if(WSAStartup(MAKEWORD(2,0), &wsaData) != 0) { fprintf(stderr, "[%s]: error: Unable to init winsock!\n", get_time_as_log()); fprintf(log, "[%s]: error: Unable to init winsock!\n", get_time_as_log()); return -1; } #endif memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_DGRAM; if(getaddrinfo(opts->host_spec, opts->port_spec, &hints, &servinfo) != 0) { fprintf(stderr, "[%s]: error: unable to get addrinfo\n", get_time_as_log()); fprintf(log, "[%s]: error: unable to get addrinfo\n", get_time_as_log()); #ifdef __WIN32__ WSACleanup(); #endif return -1; } for(p = servinfo; p!= NULL; p = p->ai_next) { sockfd = socket(p->ai_family, p->ai_socktype, p->ai_protocol); if(sockfd < 0) continue; opts->sockfd = sockfd; break; /* p won't be equal to NULL in this case */ } if(p == NULL) { fprintf(stderr,"[%s] error: unable to acquire socket.\n", get_time_as_log()); fprintf(log,"[%s] error: unable to acquire socket.\n", get_time_as_log()); freeaddrinfo(servinfo); #ifdef __WIN32__ WSACleanup(); #endif return -1; } ret = sendto(sockfd, str, len, 0, p->ai_addr, p->ai_addrlen); freeaddrinfo(servinfo); if(ret < 0) { fprintf(stderr,"[%s] error: udp send() failed.\n", get_time_as_log()); fprintf(log,"[%s] error: udp send() failed.\n", get_time_as_log()); #ifdef __WIN32__ WSACleanup(); #endif return -1; } if(opts->verbosity != QUIET) fprintf(log, "[%s] info: tx fuzz - scanning for reply.\n", get_time_as_log()); FD_ZERO(&fds); FD_SET(sockfd, &fds); tv.tv_sec = to / 1000; tv.tv_usec = (to % 1000) * 1000; /*time out*/ mssleep(opts->reqw_inms); ret = select(sockfd+1, &fds, NULL, NULL, &tv); if(ret > 0) { if(FD_ISSET(sockfd, &fds)) { char buf[8193] = {0}; int r_len = 0; r_len = read(sockfd, &buf, 8192); buf[8192] = 0; if(opts->verbosity != QUIET) fprintf(log, "[%s] read:\n%s\n===============================================================================\n", get_time_as_log(), buf); #ifndef NOPLUGIN if((g_plugin != NULL) && ((g_plugin->capex() & PLUGIN_PROVIDES_POST_FUZZ) == PLUGIN_PROVIDES_POST_FUZZ)) { g_plugin->post_fuzz(opts, buf, r_len); } #endif } } #ifdef __WIN32__ closesocket(sockfd); WSACleanup(); #else close(sockfd); #endif return 0; }
int os_send_tcp(option_block *opts, char *str, size_t len) { #ifdef __WIN32__ WSADATA wsaData; #endif FILE *log = stdout; struct timeval tv; fd_set fds; int sockfd = -1; struct addrinfo hints, *servinfo, *p; int ret; int snt = 0; unsigned long int to = MAX(100, opts->time_out); if(opts->fp_log) log = opts->fp_log; #ifdef __WIN32__ if(WSAStartup(MAKEWORD(2,0), &wsaData) != 0) { fprintf(stderr, "[%s]: error: Unable to init winsock!\n", get_time_as_log()); fprintf(log, "[%s]: error: Unable to init winsock!\n", get_time_as_log()); return -1; } #endif if(opts->sockfd != -1) { sockfd = opts->sockfd; } else { memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; if(getaddrinfo(opts->host_spec, opts->port_spec, &hints, &servinfo) != 0) { fprintf(stderr, "[%s]: error: unable to get addrinfo\n", get_time_as_log()); fprintf(log, "[%s]: error: unable to get addrinfo\n", get_time_as_log()); #ifdef __WIN32__ WSACleanup(); #endif return -1; } for(p = servinfo; p!= NULL; p = p->ai_next) { sockfd = socket(p->ai_family, p->ai_socktype, p->ai_protocol); if(sockfd < 0) continue; opts->sockfd = sockfd; if(connect(sockfd, p->ai_addr, p->ai_addrlen) < 0) { #ifdef __WIN32__ closesocket(sockfd); #else close(sockfd); #endif opts->sockfd = sockfd = -1; continue; } break; /* faster than setting p = NULL; (I think)*/ } freeaddrinfo(servinfo); } if(sockfd == -1) { fprintf(stderr, "[%s] error: unable to connect to remote system [%s].\n", get_time_as_log(), process_error()); fprintf(log, "[%s] error: unable to connect to remote system [%s].\n", get_time_as_log(), process_error()); #ifdef __WIN32__ WSACleanup(); #endif return -1; } while(len) { ret = send(sockfd, str + snt, len, 0); if(ret < 0) { fprintf(stderr,"[%s] error: tcp send() failed.\n", get_time_as_log()); fprintf(log,"[%s] error: tcp send() failed.\n", get_time_as_log()); #ifdef __WIN32__ WSACleanup(); #endif return -1; } len -= ret; snt += ret; } if(opts->verbosity != QUIET) fprintf(log, "[%s] info: tx fuzz - (%d bytes) - scanning for reply.\n", get_time_as_log(), snt); FD_ZERO(&fds); FD_SET(sockfd, &fds); tv.tv_sec = to / 1000; tv.tv_usec = (to % 1000) * 1000; /*time out*/ mssleep(opts->reqw_inms); ret = select(sockfd+1, &fds, NULL, NULL, &tv); if(ret > 0) { if(FD_ISSET(sockfd, &fds)) { char buf[8193] = {0}; int r_len = 0; r_len = read(sockfd, &buf, 8192); buf[8192] = 0; if(opts->verbosity != QUIET) fprintf(log, "[%s] read:\n%s\n===============================================================================\n", get_time_as_log(), buf); if((opts->s_syms_count) && (opts->repl_pol)) { for(ret = 0; ret < opts->s_syms_count; ++ret) { sym_t *pSym = &(opts->s_syms[ret]); int cpy_len = pSym->is_len; if((opts->repl_pol == 2) && pSym->increment) continue; if(cpy_len > r_len) continue; memset(pSym->sym_val, 0, 1024); memcpy(pSym->sym_val, buf+(pSym->offset),cpy_len); pSym->sym_val[cpy_len] = 0; pSym->s_len = cpy_len; pSym->increment = 1; } } #ifndef NOPLUGIN if((g_plugin != NULL) && ((g_plugin->capex() & PLUGIN_PROVIDES_POST_FUZZ) == PLUGIN_PROVIDES_POST_FUZZ)) { g_plugin->post_fuzz(opts, buf, r_len); } #endif } } if(opts->close_conn) opts->sockfd = -1; if((opts->close_conn) && (!opts->forget_conn)) { #ifdef __WIN32__ closesocket(sockfd); #else close(sockfd); #endif } #ifdef __WIN32__ WSACleanup(); #endif return 0; }
int execute_fuzz(option_block *opts) { char *line = malloc(8192); char *req = malloc(opts->mseql + 16384); char *req2 = malloc(opts->mseql + 16384); char *preq = malloc(opts->mseql + 16384); char *p, *j; char c,f,b; int tsze = 0; int reqsize = 0; int preqsize= 0; int i = 0; int k = 0; unsigned int seq4b = 0; memset(req, 0, opts->mseql + 16384); memset(req2, 0, opts->mseql + 16384); memset(preq, 0, opts->mseql + 16384); if(opts->state != FUZZ) { fprintf(stderr, "[%s] fatal: corrupted state for execute_fuzz()\n", get_time_as_log()); exit(-1); } /*setup the socket fd*/ opts->sockfd = -1; while(!feof(opts->fp)) { tsze = 0; reqsize = 0; line[0] = 0; while(strcmp(line, "--") && strcmp(line, "c-")) { tsze = readLine(opts, line, 8192, 1); if(!strcmp(line, "--") || !strcmp(line, "c-") || tsze == 0) { break; } if(opts->mseql && ((tsze + reqsize) > opts->mseql + 8192)) { /*ohnoes overflow*/ fprintf(stderr, "[%s] error: overflow[%d:%d].\n", get_time_as_log(), opts->mseql, (tsze + reqsize)); exit(-1); } memcpy(req+reqsize, line, tsze); reqsize += tsze-1; if(opts->line_terminator_size) { memcpy(req+reqsize, opts->line_term, opts->line_terminator_size); } reqsize += opts->line_terminator_size; *(req+reqsize) = 0; } if(feof(opts->fp)) break; if(!strcasecmp(line, "c-")) opts->close_conn = 0; else opts->close_conn = 1; /* TODO: implement this feature in an intuitive and useful manner */ opts->send_initial_nonfuzz_again = 0; if(opts->trim_nl) req[reqsize-1] = 0; if(opts->seqstep <= 0) { opts->seqstep = opts->mseql; } /*loaded a request.*/ p = strstr(req, "FUZZ"); if(!p) { if(fuzz(opts, req, reqsize) < 0) { goto done; } memcpy(preq, req, reqsize); preqsize = reqsize; } else /* we have to FUZZ for reals*/ { /*do the literals*/ if(opts->no_literal_fuzz == 0) { for(tsze = 0; tsze < opts->num_litr; ++tsze) { char litr_is_bin = 0; i = 0; /*first, do the literals, which are filled in as-is*/ strcpy(req2, req); c = *( (opts->litr[tsze]) + strspn(opts->litr[tsze], " ")); b = *(1+ (opts->litr[tsze]) + strspn(opts->litr[tsze], " ")); f = *(2 + (opts->litr[tsze])+ strspn(opts->litr[tsze], " ")); if((c == '0') || (c == '\\')) { if((b == 'x') && ((f >= '0') && (f <= '9'))) litr_is_bin = 1; } if(c == 'x') if((f >= '0') && (f <= '9')) litr_is_bin = 1; if(!litr_is_bin) i = strrepl(req2, reqsize, "FUZZ", opts->litr[tsze]); else { char *blit = malloc(8192); int blit_len = 0; strcpy(blit,opts->litr[tsze]+ strspn(opts->litr[tsze]," ")); strrepl(blit, strlen(blit), "0x", " "); strrepl(blit, strlen(blit), "\\x", " "); blit_len = ascii_to_bin(blit); i = smemrepl(req2, reqsize, "FUZZ",blit, blit_len ); free( blit ); } if(opts->send_initial_nonfuzz_again) if(fuzz(opts, preq, preqsize) < 0) goto done; if(fuzz(opts, req2, i)<0) goto done; } } if(opts->no_sequence_fuzz == 0) { /*do the sequences*/ for(tsze = 0; tsze < opts->num_seq; ++tsze) { char seq_buf[5] = {0}; /*at this point, we do sequences. Sequencing will be done*/ /*by filling to maxseqlen, in increments of seqstep*/ memcpy(req2, req, (p-req)); /*we've filled up req2 with everything BEFORE FUZZ*/ j = req2; for(k = opts->seqstep; k <= opts->mseql; k+= opts->seqstep) { seq4b = 0; req2 = j; req2 += (p-req); for(i=0; i < k; ++i) { *req2++ = *(opts->seq[tsze] + (i % opts->seq_lens[tsze])); if(strstr(j, "__SEQUENCE_NUM_ASCII__")) { snprintf(seq_buf, 5, "%04d", seq4b++); strrepl(j, strlen(j), "__SEQUENCE_NUM_ASCII__", seq_buf); req2 -= 18; } } memcpy(req2, (char *)(p+4), strlen(p+4)); *(req2+(strlen(p+4))) = 0; req2 = j; if(opts->send_initial_nonfuzz_again) if(fuzz(opts, preq, preqsize) < 0) goto done; if(fuzz(opts, req2, strlen(req2))<0) goto done; } } } } } done: free( line ); free( req ); free( req2 ); return 0; }
int fuzz(option_block *opts, char *req, int len) { int i = 0; int res = 0; FILE *log = stdout; char *r2, *tmp = 0; char *p1, *tmp2 = 0; int r2_len,p1_len; sym_t *pSym; int fuzz_this_time = (opts->start_test <= ++fuzznum) ? 1 : 0; if(opts->fp_log) log = opts->fp_log; if( fuzz_this_time && opts->verbosity != QUIET ) fprintf(log, "[%s] attempting fuzz - %d.\n", get_time_as_log(), fuzznum); #ifndef NOPLUGIN if(fuzz_this_time && g_plugin != NULL && ((g_plugin->capex() & PLUGIN_PROVIDES_PAYLOAD_PARSE) == PLUGIN_PROVIDES_PAYLOAD_PARSE)) { tmp2 = req; p1_len = len * 2; p1 = malloc(p1_len); g_plugin->payload_trans(opts, req, len, p1, &p1_len); req = p1; len = p1_len; } #endif if(fuzz_this_time && ((opts->sym_count) || (opts->s_syms_count))) { /*xxx : enhancement - loop backwards allowing people to define a string (aaa for example) and use that string within other defines appearing later. THIS creates a problem - our length field substitution depends on having lengths before non-lengths. The answer of course, is to just have 2 loops, apply the lenghts first*/ for(i = 0; i < opts->s_syms_count ; ++i) { pSym = &(opts->s_syms[ opts->s_syms_count - (i+1) ]); len = smemrepl(req, len, pSym->sym_name, pSym->sym_val, pSym->s_len); } for(i = 0; i < opts->sym_count; ++i) { pSym = &(opts->syms_array[ opts->sym_count - (i+1) ]); if(pSym->is_len) len = strrepl(req, len, pSym->sym_name, pSym->sym_val); } for(i = 0; i < opts->sym_count; ++i) { pSym = &(opts->syms_array[ opts->sym_count - (i+1) ]); if(!pSym->is_len) len = strrepl(req, len, pSym->sym_name, pSym->sym_val); } } if(opts->b_sym_count) /* we let this one through in skip cases because we need the increments to happen. */ { for(i = 0; i < opts->b_sym_count; ++i) { pSym = &(opts->b_syms_array[i]); len = smemrepl(req, len, pSym->sym_name, pSym->sym_val, pSym->is_len); if(pSym->increment) { int *increm = (int*)pSym->sym_val; *increm = (*increm)+1; } } } if(fuzz_this_time && opts->out_flag) { if(opts->hexl_dump) { dump(req, len, log); } else { fwrite(req, len, 1, log); fwrite("\n", 1, 1, log); } } #ifndef NOPLUGIN if(fuzz_this_time && g_plugin != NULL && ((g_plugin->capex() & PLUGIN_PROVIDES_FUZZ_MODIFICATION) == PLUGIN_PROVIDES_FUZZ_MODIFICATION)) { r2 = malloc(len * 2); r2_len = len * 2; g_plugin->fuzz_trans(opts, req, len, r2, &r2_len); tmp = req; req = r2; len = r2_len; } if(fuzz_this_time && g_plugin != NULL && ((g_plugin->capex() & PLUGIN_PROVIDES_TRANSPORT_TYPE) == PLUGIN_PROVIDES_TRANSPORT_TYPE)) { res = g_plugin->trans(opts, req, len); } else #endif if(fuzz_this_time && opts->tcp_flag) { res = os_send_tcp(opts, req, len); } else if(fuzz_this_time && opts->udp_flag) { res = os_send_udp(opts, req, len); } #ifndef NOPLUGIN if(fuzz_this_time && (g_plugin != NULL) && ((g_plugin->capex() & PLUGIN_PROVIDES_POST_FUZZ) == PLUGIN_PROVIDES_POST_FUZZ)) { g_plugin->post_fuzz(opts, req, len); } if(fuzz_this_time && g_plugin != NULL && ((g_plugin->capex() & PLUGIN_PROVIDES_FUZZ_MODIFICATION) == PLUGIN_PROVIDES_FUZZ_MODIFICATION)) { free(req); req = tmp; } if(fuzz_this_time && g_plugin != NULL && ((g_plugin->capex() & PLUGIN_PROVIDES_PAYLOAD_PARSE) == PLUGIN_PROVIDES_PAYLOAD_PARSE)) { free(req); req = tmp2; } #endif if(fuzz_this_time && (opts->new_logfile) && (opts->pLogFilename)) { char *z_set; char z_buf[80] = {0}; fclose(opts->fp_log); z_set = strrchr(opts->pLogFilename, '.'); if(z_set) *z_set = 0; snprintf(z_buf, 80, ".%d", fuzznum); strncat(opts->pLogFilename, z_buf, MAX_FILENAME_SIZE); opts->fp_log = fopen(opts->pLogFilename, "w"); } if(res < 0 && opts->stop_on_fail) return -1; return 0; }
int main(int argc, char *argv[]) { FILE *log = stdout; struct timeval tv; option_block options; int i; g_plugin = NULL; sfuzz_setsearchpath( #ifndef __WIN32__ "./:"PREFIX"/share/sfuzz-db" #else "./" #endif ); memset(&options, 0, sizeof(options)); gettimeofday(&tv, NULL); birth = tv.tv_sec; options.pFilename = malloc(MAX_FILENAME_SIZE); options.pLogFilename = malloc(MAX_FILENAME_SIZE); options.host_spec = malloc(MAX_HOSTSPEC_SIZE); options.port_spec = malloc(MAX_PORTSPEC_SIZE); options.repl_pol = 2; /* once ! for always, choose 1. */ memset(options.pFilename, 0, MAX_FILENAME_SIZE-1); memset(options.pLogFilename, 0, MAX_FILENAME_SIZE-1); /*default line terminator*/ options.line_term[0] = '\n'; options.line_terminator_size = 1; options.state = CMD_LINE_OPTS; process_opts(argc, argv, &options); options.state = INIT_READ; read_config(&options); if(options.pLogFilename[0] != 0) { if(options.new_logfile) { strncat(options.pLogFilename, ".0", MAX_FILENAME_SIZE); } log = fopen(options.pLogFilename, "w"); if(log != NULL) { options.fp_log = log; } else { fprintf(stderr, "[%s] error: using stdout - unable to open log.\n", get_time_as_log()); log = stdout; } } if(options.verbosity == VERBOSE) dump_options(&options); if(options.verbosity != QUIET) { fprintf(log, "[%s] info: beginning fuzz - method:", get_time_as_log()); if(options.tcp_flag) { fprintf(log, " tcp,"); } else if(options.udp_flag) { fprintf(log, " udp,"); } else { fprintf(log, " io,"); } fprintf(log, " config from: [%s], out: [%s:%d]\n", options.pFilename, options.host_spec, options.port); } options.state = FUZZ; execute_fuzz(&options); if(options.verbosity != QUIET) fprintf(log, "[%s] completed fuzzing.\n", get_time_as_log()); free( options.pFilename ); free( options.pLogFilename ); free( options.host_spec ); for(i = 0; i < options.num_litr; ++i) { free(options.litr[i]); } free(options.litr); free(options.litr_lens); for(i = 0; i < options.num_seq; ++i) { free(options.seq[i]); } free(options.seq); free(options.seq_lens); /*this might be the better way of doing things =)*/ if(options.sym_count) free(options.syms_array); return 0; }
int ssl_transport_insecure_send(option_block *opts, void *d, int i) { FILE *log = stdout; char spec[2048] = {0}; struct timeval tv; int sockfd; fd_set fds; unsigned long int to = MAX(100, opts->time_out); int ret; if(opts->fp_log) log = opts->fp_log; if(ssl_bio == NULL) { snprintf(spec, 2048, "%s:%d", opts->host_spec, opts->port); ssl_bio = BIO_new_connect(spec); if(ssl_bio == NULL) { fprintf(stderr, "<ssl_transport:i-send> failure to acquire BIO: [%s]\n", spec); return -1; } if(BIO_do_connect(ssl_bio) <= 0) { fprintf(stderr, "<ssl_transport:i-send> failure to simple connect to: [%s]\n", spec); return -1; } } retx: if(BIO_write(ssl_bio, d, i) <= 0) { if(!BIO_should_retry(ssl_bio)) { fprintf(stderr, "<ssl_transport:i-send> failure to transmit!\n"); ssl_transport_close(); } goto retx; } if(opts->verbosity != QUIET) fprintf(log, "[%s] <ssl_transport:send> tx fuzz - scanning for reply.\n", get_time_as_log()); BIO_get_fd(ssl_bio, &sockfd); FD_ZERO(&fds); FD_SET(sockfd, &fds); tv.tv_sec = to / 1000; tv.tv_usec = (to % 1000) * 1000; /*time out*/ ret = select(sockfd+1, &fds, NULL, NULL, &tv); if(ret > 0) { if(FD_ISSET(sockfd, &fds)) { char buf[8192] = {0}; int r_len = 0; ret = BIO_read(ssl_bio, buf, 8192); if(ret == 0) { fprintf(stderr, "<ssl_transport:send> remote closed xon\n"); ssl_transport_close(); } else if(ret > 0) { if(opts->verbosity != QUIET) fprintf(log, "[%s] read:\n%s\n===============================================================================\n", get_time_as_log(), buf); } } } if((opts->close_conn) || ((opts->close_conn) && (!opts->forget_conn))) { ssl_transport_close(); } mssleep(opts->reqw_inms); return 0; }