Discription
During fuzz testing of the Profinet RPC path in p-net, a malformed multi-request sequence was found that causes the sample device process to stop responding. It has been confirmed that this issue is not triggered by a single random corrupted packet, but by a malformed RPC sequence with clear stateful dependencies.
The basic structure of the sequence is:
RPC_Connect_ReqRPC_Write_Req_ParamRPC_Read_Req_ParamRPC_PrmEnd_ReqRPC_Release_Req
From external observation, after the sequence is triggered, the target no longer responds to new Profinet RPC liveness probes.
The attached replay_inputs_to_dut.py script is used to trigger this issue, and check_pnet_alive.py is used as the liveness check script. The tested target is p-net release version v1.0.2 on Linux.
check_pnet_alive.py
replay_inputs_to_dut.py
Discription
During fuzz testing of the Profinet RPC path in p-net, a malformed multi-request sequence was found that causes the sample device process to stop responding. It has been confirmed that this issue is not triggered by a single random corrupted packet, but by a malformed RPC sequence with clear stateful dependencies.
The basic structure of the sequence is:
RPC_Connect_ReqRPC_Write_Req_ParamRPC_Read_Req_ParamRPC_PrmEnd_ReqRPC_Release_ReqFrom external observation, after the sequence is triggered, the target no longer responds to new Profinet RPC liveness probes.
The attached
replay_inputs_to_dut.pyscript is used to trigger this issue, andcheck_pnet_alive.pyis used as the liveness check script. The tested target is p-net release versionv1.0.2on Linux.check_pnet_alive.py
replay_inputs_to_dut.py