boofuzz issue with big s_bytes value

[xristos8574]

I am using boofuzz in an application to fuzz specific functions. The block I create for my fuzzing vector is as shown below: with s_block("getPasswd"): s_byte(0, name="usID", fuzzable=False) s_bytes(value=bytes([0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]), name="dataChoose", size=16, max_len=16, fuzzable=False) # THIS IS 16 BYTES s_byte(0,name="paswd", fuzzable=False) s_byte(0,name="2fA", fuzzable=False) s_byte(0,name="status", fuzzable=False) s_word(0x0000, name="subData",fuzzable=False) s_byte(0,name="adminUsr", fuzzable=True) s_bytes(value=bytes([0x00]*170),name="hashOfPswd", size=170, max_len=170, fuzzable=False)

My fuzzing code worked perfectly until I changed the size of hashOfPswd to 170 ( as you can see ). Initially it was 50 and there was no issue, but after looking at the function I wanted to fuzz this is the size and therefore I had to do it 170. When I did that, I got the following error: `[2021-05-21 15:47:54,825] Check Failed: Target connection reset. [2021-05-21 15:47:54,836] Error!!!! A custom post_send callback function raised an uncought error. Traceback (most recent call last): File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\boofuzz\connections\tcp_socket_connection.py", line 98, in recv data = self._sock.recv(max_bytes) TimeoutError: [WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond

                          During handling of the above exception, another exception occurred:

                          Traceback (most recent call last):
                            File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\boofuzz\sessions.py", line 1272, in transmit_fuzz
                              self.last_recv = self.targets[0].recv()
                            File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\boofuzz\sessions.py", line 172, in recv
                              data = self._target_connection.recv(max_bytes=max_bytes)
                            File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\boofuzz\connections\tcp_socket_connection.py", line 109, in recv
                              raise_(exception.BoofuzzTargetConnectionReset(), None, sys.exc_info()[2])
                            File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\future\utils\__init__.py", line 440, in raise_
                              raise exc.with_traceback(tb)
                            File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\boofuzz\connections\tcp_socket_connection.py", line 98, in recv
                              data = self._sock.recv(max_bytes)
                          boofuzz.exception.BoofuzzTargetConnectionReset

                          During handling of the above exception, another exception occurred:

                          Traceback (most recent call last):
                            File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\boofuzz\sessions.py", line 1568, in _fuzz_current_case
                              self.transmit_fuzz(target, self.fuzz_node, path[-1], callback_data=callback_data)
                            File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\boofuzz\sessions.py", line 1275, in transmit_fuzz
                              raise BoofuzzFailure(message=constants.ERR_CONN_RESET)
                          boofuzz.exception.BoofuzzFailure

                          During handling of the above exception, another exception occurred:

                          Traceback (most recent call last):
                            File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\boofuzz\monitors\callback_monitor.py", line 67, in post_send
                              f(target=target, fuzz_data_logger=fuzz_data_logger, session=session, sock=target)
                            File "C:\Users/chxenofo/common/py_tests\Fuzzer.py", line 169, in postCallback
                              if returnCode.hex() != "55":
                          AttributeError: 'NoneType' object has no attribute 'hex'`

Which is a series of exceptions in the boofuzz library.I am suspecting tcp_socket_connection.py but it's a bit strange since usually tcp sockets are allowed up to 1GB of data.

Does anyone know how to create such block with this size of fuzzing vectors and run it properly? Or maybe what I should change to it so it is able to run properly ? Thank you in advance You can find the corresponding issue also posted in StackOverflow

[SR4ven]

From the stacktrace it looks like you are using the callback_monitor?

Here is what I think is happening: By increasing the amount of data in hashOfPswd, your target closes the connection for some reason (could be indicating a crash). The OS raises an exception which we catch and handle (and re-raise) in boofuzz. Finally, the callback monitor of boofuzz calls your postCallback method with returnCode == None. Now you try to call returnCode.hex() on None which fails.

So you'll have to add some kind of NoneType checks to your postCallback. That should solve the issue. If it doesn't, post the full callback method please.