Simplifies packet-mangling routines, fixes a few one-off bugs

scripts/dns-fuzz.nse

@@ -1,4 +1,3 @@
-local bit = require "bit"
 local comm = require "comm"
 local dns = require "dns"
 local math = require "math"
@@ -168,18 +167,18 @@ end
 -- @param dnsPacket  A packet, generated by makePacket()
 -- @return           The same packet, but with bit flip errors
 function nudgePacket (dnsPacket)
-  local newPacket = {}
+  local chunks = {}
-  -- Iterate over every byte in the packet
+  local pos = 1
-  dnsPacket:gsub(".", function(c)
+  for i = 1, #dnsPacket do
-      -- Induce bit errors at a rate of 1/50.
+    -- Induce bit errors at a rate of 1/50.
-      if math.random(50) == 25 then
+    if math.random(50) == 25 then
-        -- Bitflip algorithm: c ^ 1<<(rand()%7)
+      table.insert(chunks, dnsPacket:sub(pos, i - 1))
-        newPacket[#newPacket+1] = string.char( bit.bxor(c:byte(), bit.lshift(1, math.random(0,7))) )
+      table.insert(chunks, string.char(dnsPacket:byte(i) ~ (1 << math.random(0, 7))))
-      else
+      pos = i + 1
-        newPacket[#newPacket+1] = c
+    end
-      end
+  end
-    end)
+  table.insert(chunks, dnsPacket:sub(pos))
-  return table.concat(newPacket)
+  return table.concat(chunks)
 end
 
 ---
@@ -187,56 +186,27 @@ end
 -- @param dnsPacket  A packet, generated by makePacket()
 -- @return           The same packet, but with a single byte missing
 function dropByte (dnsPacket)
-  local newPacket = {}
+  local pos = math.random(#dnsPacket)
-  local byteToDrop = math.random(dnsPacket:len())-1
+  return dnsPacket:sub(1, pos - 1) .. dnsPacket:sub(pos + 1)
-  local i = 0
-  -- Iterate over every byte in the packet
-  dnsPacket:gsub(".", function(c)
-      i=i+1
-      if i ~= byteToDrop then
-        newPacket[#newPacket+1] = c
-      end
-    end)
-  return table.concat(newPacket)
 end
 
 ---
--- Instead of dropping an entire byte, in insert a random byte
+-- Instead of dropping an entire byte, insert a random byte
 -- @param dnsPacket  A packet, generated by makePacket()
 -- @return           The same packet, but with a single byte missing
 function injectByte (dnsPacket)
-  local newPacket = {}
+  local pos = math.random(#dnsPacket + 1)
-  local byteToInject = math.random(dnsPacket:len())-1
+  return dnsPacket:sub(1, pos - 1) .. string.char(math.random(0,255)) .. dnsPacket:sub(pos)
-  local i = 0
-  -- Iterate over every byte in the packet
-  dnsPacket:gsub(".", function(c)
-      i=i+1
-      if i==byteToInject then
-        newPacket[#newPacket+1] = string.char(math.random(0,255))
-      end
-      newPacket[#newPacket+1] = c
-    end)
-  return table.concat(newPacket)
 end
 
 ---
--- Instead of dropping an entire byte, in insert a random byte
+-- Instead of inserting a byte, truncate the packet at random position
 -- @param dnsPacket  A packet, generated by makePacket()
--- @return           The same packet, but with a single byte missing
+-- @return           The same packet, but truncated
 function truncatePacket (dnsPacket)
-  local newPacket = {}
   -- at least 12 bytes to make sure the packet isn't dropped as a tinygram
-  local eatPacketPos = math.random(12,dnsPacket:len())-1
+  local pos = math.random(12, #dnsPacket - 1)
-  local i = 0
+  return dnsPacket:sub(1, pos)
-  -- Iterate over every byte in the packet
-  dnsPacket:gsub(".", function(c)
-      i=i+1
-      if i==eatPacketPos then
-        return
-      end
-      newPacket[#newPacket+1] = c
-    end)
-  return table.concat(newPacket)
 end
 
 ---