Removed polling mechanism and TLS/SSL workaround

2026-03-20 00:24:06 +01:00 · 2019-10-31 21:01:53 +01:00
parent ef8e725451
commit 695a2a06fe
6 changed files with 18 additions and 47 deletions
--- a/fuzzer/src/configuration_manager.py
+++ b/fuzzer/src/configuration_manager.py
@@ -38,6 +38,10 @@ class ConfigurationManager:
    def _get_payloads_to_json_primitives_mapping():
        return ConfigurationManager.config["payloads_to_json_primitives_mapping"] if "payloads_to_json_primitives_mapping" in ConfigurationManager.config else None

+    @staticmethod
+    def get_receive_timeout():
+        return ConfigurationManager.config["receive_timeout"]
+
    @staticmethod
    def get_reporting_interval():
        return ConfigurationManager.config["reporting_interval"]
@@ -56,16 +60,10 @@ class ConfigurationManager:

    def _config_validation(self):
        reporting_interval: Union[int, float] = self.config["reporting_interval"]
-        response_timeout: Union[int, float] = self.config["response_timeout"]
-        polling_interval: Union[int, float] = self.config["polling_interval"]
+        receive_timeout: Union[int, float] = self.config["receive_timeout"]
        http_fuzzing: bool = self.config["http_fuzzing"]

-        if response_timeout <= polling_interval or polling_interval <= 0:
-            print("Wrong timeout and polling interval. Timeout has to be greater than polling interval" +
-                  " and polling interval has to be greater than zero.")
-            sys.exit(-1)
-
-        if reporting_interval <= 0 or reporting_interval < response_timeout:
+        if reporting_interval <= 0 or reporting_interval < receive_timeout:
            print("Wrong reporting interval. Should be smaller than response_timeout.")
            sys.exit(-1)

--- a/fuzzer/src/fuzzer.py
+++ b/fuzzer/src/fuzzer.py
@@ -1,6 +1,5 @@
 import sys
 import ssl
-import os
 from typing import List
 from boofuzz import Session, Target, SocketConnection, s_get, pedrpc
 from progress_reporter import report_progress
@@ -38,19 +37,14 @@ class Fuzzer:
            ssl_context.check_hostname = False
            ssl_context.verify_mode = ssl.CERT_NONE

-        # Workaround for issue with TLS with Boofuzz on Windows
-        # https://github.com/jtpereyda/boofuzz/pull/300#issuecomment-548108378
-        send_and_rcv_timeout = 5.0
-        if os.name == 'nt':
-            send_and_rcv_timeout = 5000.0
+        recv_timeout = ConfigurationManager.get_receive_timeout()

        remote_connection = SocketConnection(
            target_config["hostname"],
            target_config["port"],
            proto=self._protocol,
            sslcontext=ssl_context,
-            send_timeout=send_and_rcv_timeout,
-            recv_timeout=send_and_rcv_timeout
+            recv_timeout=recv_timeout
        )
        if startup_command:
            process_monitor = pedrpc.Client(target_config["hostname"], 26002)
--- a/fuzzer/src/post_test_case_callback.py
+++ b/fuzzer/src/post_test_case_callback.py
@@ -1,43 +1,25 @@
-import time
-import threading
 import json
 from http.client import HTTPResponse
 from boofuzz import exception
-from configuration_manager import ConfigurationManager
 from fake_socket import get_response_object


 class PostTestCaseCallback(object):
-    timeout_flag: bool = False
-
-    @staticmethod
-    def set_timeout():
-        PostTestCaseCallback.timeout_flag = True
+    timeout_message = "Timeout or closed connection"

    @staticmethod
    def post_test_callback(target, fuzz_data_logger, session, sock, *args, **kwargs):
        fuzz_data_logger.log_info("Mutation: " + session.fuzz_node.mutant._rendered.decode('utf-8', errors='ignore'))
        fuzz_data_logger.log_info("Original value: " + session.fuzz_node.mutant.original_value.decode('utf-8', errors='ignore'))

-        response_timeout = ConfigurationManager.config["response_timeout"]
-        polling_interval = ConfigurationManager.config["polling_interval"]
-
-        timer = threading.Timer(response_timeout, PostTestCaseCallback.set_timeout)
-
-        response_string = None
-        PostTestCaseCallback.timeout_flag = False
-        timer.start()
-        while not PostTestCaseCallback.timeout_flag:
-            try:
-                response_string = target.recv()
-                timer.cancel()
-                break
-            except exception.BoofuzzTargetConnectionReset:
-                time.sleep(polling_interval)
-                continue
+        try:
+            response_string = target.recv()
+        except exception.BoofuzzTargetConnectionReset:
+            fuzz_data_logger.log_fail(PostTestCaseCallback.timeout_message)
+            return

        if not response_string:
-            fuzz_data_logger.log_fail("Timeout or closed connection")
+            fuzz_data_logger.log_fail(PostTestCaseCallback.timeout_message)
            return

        response = get_response_object(response_string)