Closed spwpun closed 1 year ago
SR4ven
commented
1 year ago The reason for this is that every single bit filed is currently padded to the next full byte. https://github.com/jtpereyda/boofuzz/blob/63406302badae78a00619bcacf24c529f0c41957/boofuzz/primitives/bit_field.py#L165
To get the expected behavior, we'd have to merge consecutive bit fields before applying the padding. If I remember correctly, someone had already implemented that but wasn't able to open source it sadly.
spwpun
commented
1 year ago The reason for this is that every single bit filed is currently padded to the next full byte.
To get the expected behavior, we'd have to merge consecutive bit fields before applying the padding. If I remember correctly, someone had already implemented that but wasn't able to open source it sadly.
Thanks for replying,I got it.
jtpereyda
commented
1 year ago Long time feature request
jtpereyda
commented
1 year ago
Report
the primitive
s_bits()is use to create a bit field for the packet, but in default, it will extend it's size to byte. For example:Expected behavior
The code above should render a byte size value, such as b'0xc0'
Actual behavior
But it rendered 4 bytes size value, like b'\x01\x01\x00\x00'
Steps to reproduce the problem
s_initialize("QUIC_RESET") if s_block_start("Long Header Packet"): s_bit(value = 1, name = "Header Form", width = 1, fuzzable = False) s_bit(value = 1, name = "Fixed Bit", width = 1, fuzzable = False) s_bit(value = 0, name = "Long Packet Type", width = 2, fuzzable = False) s_bit(value = 0, name = "Type-Specific Bits", width = 4, fuzzable = False) s_block_end()
See the default value of this packet
pkt_data = s_get("QUIC_RESET") print("[+] Num_mutations of %s:"%(file[:-3]), pkt_data.num_mutations()) print("[+] Default value of this packet:", pkt_data.render())
boofuzz version
0.4.1
Python version
3.8
Platform
Linux
Anything else?
No response