Procmon "freezes" multithreaded software
henryreed opened this issue · comments
Report
Hi folks,
I am attempting to fuzz NASA's Core Flight System (cFS) using Boofuzz and its Process Monitor for unix. Unfortunately, when Procmon hooks into cFS it seems to also break its UDP input. This can be seen by capturing packets on the loopback interface, where the kernel sends ICMP packets back indicating the port is closed. Additionally, while normally cFS complains when it receives a broken message, in this case there is no standard error or standard output relating to any broken messages.
If I do not use Procmon and launch cFS normally, it can receive messages from Boofuzz as normal. I would like to get Procmon to work with cFS. I suspect that because cFS is a multithreaded application, Procmon somehow breaks cFS, but I am not sure how to debug this any further. Any assistance or pointers are appreciated.
Expected behavior
I expected Procmon to not freeze cFS and instead let it run like normal and receive command messages.
Actual behavior
Procmon "freezes" (for a lack of a better term) cFS, disavowing it from binding to listening port 1234/UDP and from receiving any data.
Steps to reproduce the problem
- Install cFS as per instructions in the Setup and Build and Run sections of the GitHub repository: https://github.com/nasa/cfs#setup
- Launch process_monitor_unix.py
- Launch the Boofuzz script attached
boofuzz script
from boofuzz import *
def define_proto(session):
cfe_es_noop_cc = Request("CFE_ES_NOOP_CC", children=(
Block("Packet_Identification", children=(
Bytes(name="CFE_PLATFORM_CMD_MID_BASE", default_value=b'\x18', max_len=1),
Bytes(name="CFE_MISSION_ES_CMD_MSG", default_value=b'\x06', max_len=1),
Bytes(name="Packet_Sequence_Control", default_value=b'\xC0\x00', max_len=2)
)),
Size("Packet_Length", block_name="Packet_Data", offset=-1, length=2, endian='>'),
Block("Packet_Data", children=(
Bytes(name="NOOP_CC", default_value=b'\x00\x20')
))
))
session.connect(cfe_es_noop_cc)
if __name__ == "__main__":
port = 1234
host = "127.0.0.1"
options = {"start_commands": ['/home/user/cFS/build/exe/cpu1/core-cpu1']}
procmon = ProcessMonitor(host,26002)
procmon.set_options(**options)
monitors = [procmon]
session = Session(
target=Target(
connection=UDPSocketConnection(host, port),
monitors=monitors,
),
)
define_proto(session)
session.fuzz()
boofuzz version
0.4.0
Python version
3.8
Platform
Linux
Anything else?
No response