Simplifies packet-mangling routines, fixes a few one-off bugs

2025-12-06 04:31:29 +00:00 · 2018-08-23 17:13:56 +00:00
parent 8bca8af23e
commit c1fa8219bd
1 changed files with 21 additions and 51 deletions
--- a/scripts/dns-fuzz.nse
+++ b/scripts/dns-fuzz.nse
@@ -1,4 +1,3 @@
-local bit = require "bit"
 local comm = require "comm"
 local dns = require "dns"
 local math = require "math"
@@ -168,18 +167,18 @@ end
 -- @param dnsPacket  A packet, generated by makePacket()
 -- @return           The same packet, but with bit flip errors
 function nudgePacket (dnsPacket)
-  local newPacket = {}
-  -- Iterate over every byte in the packet
-  dnsPacket:gsub(".", function(c)
-      -- Induce bit errors at a rate of 1/50.
-      if math.random(50) == 25 then
-        -- Bitflip algorithm: c ^ 1<<(rand()%7)
-        newPacket[#newPacket+1] = string.char( bit.bxor(c:byte(), bit.lshift(1, math.random(0,7))) )
-      else
-        newPacket[#newPacket+1] = c
-      end
-    end)
-  return table.concat(newPacket)
+  local chunks = {}
+  local pos = 1
+  for i = 1, #dnsPacket do
+    -- Induce bit errors at a rate of 1/50.
+    if math.random(50) == 25 then
+      table.insert(chunks, dnsPacket:sub(pos, i - 1))
+      table.insert(chunks, string.char(dnsPacket:byte(i) ~ (1 << math.random(0, 7))))
+      pos = i + 1
+    end
+  end
+  table.insert(chunks, dnsPacket:sub(pos))
+  return table.concat(chunks)
 end

 ---
@@ -187,56 +186,27 @@ end
 -- @param dnsPacket  A packet, generated by makePacket()
 -- @return           The same packet, but with a single byte missing
 function dropByte (dnsPacket)
-  local newPacket = {}
-  local byteToDrop = math.random(dnsPacket:len())-1
-  local i = 0
-  -- Iterate over every byte in the packet
-  dnsPacket:gsub(".", function(c)
-      i=i+1
-      if i ~= byteToDrop then
-        newPacket[#newPacket+1] = c
-      end
-    end)
-  return table.concat(newPacket)
+  local pos = math.random(#dnsPacket)
+  return dnsPacket:sub(1, pos - 1) .. dnsPacket:sub(pos + 1)
 end

 ---
-- Instead of dropping an entire byte, in insert a random byte
+-- Instead of dropping an entire byte, insert a random byte
 -- @param dnsPacket  A packet, generated by makePacket()
 -- @return           The same packet, but with a single byte missing
 function injectByte (dnsPacket)
-  local newPacket = {}
-  local byteToInject = math.random(dnsPacket:len())-1
-  local i = 0
-  -- Iterate over every byte in the packet
-  dnsPacket:gsub(".", function(c)
-      i=i+1
-      if i==byteToInject then
-        newPacket[#newPacket+1] = string.char(math.random(0,255))
-      end
-      newPacket[#newPacket+1] = c
-    end)
-  return table.concat(newPacket)
+  local pos = math.random(#dnsPacket + 1)
+  return dnsPacket:sub(1, pos - 1) .. string.char(math.random(0,255)) .. dnsPacket:sub(pos)
 end

 ---
-- Instead of dropping an entire byte, in insert a random byte
+-- Instead of inserting a byte, truncate the packet at random position
 -- @param dnsPacket  A packet, generated by makePacket()
-- @return           The same packet, but with a single byte missing
+-- @return           The same packet, but truncated
 function truncatePacket (dnsPacket)
-  local newPacket = {}
  -- at least 12 bytes to make sure the packet isn't dropped as a tinygram
-  local eatPacketPos = math.random(12,dnsPacket:len())-1
-  local i = 0
-  -- Iterate over every byte in the packet
-  dnsPacket:gsub(".", function(c)
-      i=i+1
-      if i==eatPacketPos then
-        return
-      end
-      newPacket[#newPacket+1] = c
-    end)
-  return table.concat(newPacket)
+  local pos = math.random(12, #dnsPacket - 1)
+  return dnsPacket:sub(1, pos)
 end

 ---