tools/syz-trace2syz/proggen: convert strace byte arrays to int args

strace decodes certain arguments like sockaddr_in.sin_port or sin_addr
as hex strings under -Xraw. This is because the arguments are in network byte
order. This patch supports converting those hex strings to int args if the size
of the string is 1, 2, 4, or 8.

2 files changed, 50 insertions, 9 deletions

diff --git a/tools/syz-trace2syz/proggen/proggen.go b/tools/syz-trace2syz/proggen/proggen.go
index 6c484b29c..027befcef 100644
--- a/tools/syz-trace2syz/proggen/proggen.go
+++ b/tools/syz-trace2syz/proggen/proggen.go
@@ -333,8 +333,28 @@ func (ctx *context) genConst(syzType prog.Type, traceType parser.IrType) prog.Ar
 		}
 		return ctx.genConst(syzType, a.Elems[0])
 	case *parser.BufferType:
-		// The call almost certainly returned an errno
-		return syzType.DefaultArg()
+		// strace decodes some arguments as hex strings because those values are network ordered
+		// e.g. sin_port or sin_addr fields of sockaddr_in.
+		// network order is big endian byte order so if the len of byte array is 1, 2, 4, or 8 then
+		// it is a good chance that we are decoding one of those fields. If it isn't, then most likely
+		// we have an error i.e. a sockaddr_un struct passed to a connect call with an inet file descriptor
+		var val uint64
+		switch len(a.Val) {
+		case 8:
+			val = uint64(binary.BigEndian.Uint64([]byte(a.Val)))
+		case 4:
+			// int
+			val = uint64(binary.BigEndian.Uint32([]byte(a.Val)))
+		case 2:
+			// short
+			val = uint64(binary.BigEndian.Uint16([]byte(a.Val)))
+		case 1:
+			val = uint64(a.Val[0])
+		default:
+			// The call almost certainly returned an errno
+			return syzType.DefaultArg()
+		}
+		return prog.MakeConstArg(syzType, val)
 	default:
 		log.Fatalf("unsupported type for const: %#v", traceType)
 	}
diff --git a/tools/syz-trace2syz/proggen/proggen_test.go b/tools/syz-trace2syz/proggen/proggen_test.go
index 2d40e928d..a0fd8520d 100644
--- a/tools/syz-trace2syz/proggen/proggen_test.go
+++ b/tools/syz-trace2syz/proggen/proggen_test.go
@@ -157,19 +157,40 @@ r0 = socket$inet_tcp(0x2, 0x1, 0x0)
 connect$inet(r0, &(0x7f0000000000)={0x2, 0x4594}, 0x10)
 `,
 		}, {`
-socket(2, 1, 0) = 3
-connect(3, {sa_family=2, sin_port=17812, sin_addr=0x7f000001}, 16) = 0
-`, `
-r0 = socket$inet_tcp(0x2, 0x1, 0x0)
-connect$inet(r0, &(0x7f0000000000)={0x2, 0x4594, @rand_addr=0x7f000001}, 0x10)
-`,
-		}, {`
 open("\x2f\x64\x65\x76\x2f\x73\x6e\x64\x2f\x73\x65\x71", 0) = 3
 fsetxattr(3, "\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x73\x65\x6c\x69\x6e\x75\x78","\x73\x79\x73", 4, 0) = 0
 `, `
 r0 = open(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0)
 fsetxattr(r0, &(0x7f0000000040)=@known='security.selinux\x00', &(0x7f0000000080)='sys\x00', 0x4, 0x0)
 `,
+		}, {`
+socket(0x2, 0x1, 0) = 3
+connect(3, {sa_family=0x2, sin_port="\x1f\x90", sin_addr="\x7f\x00\x00\x01"}, 16) = -1
+`, `
+r0 = socket$inet_tcp(0x2, 0x1, 0x0)
+connect$inet(r0, &(0x7f0000000000)={0x2, 0x1f90, @rand_addr=0x7f000001}, 0x10)
+`,
+		}, {`
+socket(0x2, 0x1, 0) = 3
+connect(3, {sa_family=0x2, sin_port="\x1f\x90", sin_addr="\x00\x00\x00\x00\x7f\x00\x00\x01"}, 16) = -1
+`, `
+r0 = socket$inet_tcp(0x2, 0x1, 0x0)
+connect$inet(r0, &(0x7f0000000000)={0x2, 0x1f90, @rand_addr=0x7f000001}, 0x10)
+`,
+		}, {`
+socket(0x2, 0x1, 0) = 3
+connect(3, {sa_family=0x2, sin_port="\x1f\x90", sin_addr="\x00"}, 16) = -1
+`, `
+r0 = socket$inet_tcp(0x2, 0x1, 0x0)
+connect$inet(r0, &(0x7f0000000000)={0x2, 0x1f90}, 0x10)
+`,
+		}, {`
+socket(0x2, 0x1, 0) = 3
+connect(3, {sa_family=0x2, sin_port="\x1f\x90", sin_addr="\x00"}, 16) = -1
+`, `
+r0 = socket$inet_tcp(0x2, 0x1, 0x0)
+connect$inet(r0, &(0x7f0000000000)={0x2, 0x1f90}, 0x10)
+`,
 		},
 	}
 	target, err := prog.GetTarget("linux", "amd64")