Mercurial > dropbear
annotate fuzz/fuzz-wrapfd.c @ 1802:19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sat, 06 Mar 2021 22:58:57 +0800 |
parents | 685b47d8faf7 |
children | 1b160ed94749 |
rev | line source |
---|---|
1357 | 1 #define FUZZ_SKIP_WRAP 1 |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 #include "includes.h" |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 #include "fuzz-wrapfd.h" |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 |
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1587
diff
changeset
|
5 #include "dbutil.h" |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1587
diff
changeset
|
6 |
1357 | 7 #include "fuzz.h" |
8 | |
1802
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
9 // +100 might catch some limits... |
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
10 #define IOWRAP_MAXFD (FD_SETSIZE-1 + 100) |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 static const int MAX_RANDOM_IN = 50000; |
1587
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
12 static const double CHANCE_CLOSE = 1.0 / 600; |
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
13 static const double CHANCE_INTR = 1.0 / 900; |
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
14 static const double CHANCE_READ1 = 0.96; |
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
15 static const double CHANCE_READ2 = 0.5; |
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
16 static const double CHANCE_WRITE1 = 0.96; |
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
17 static const double CHANCE_WRITE2 = 0.5; |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 struct fdwrap { |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 enum wrapfd_mode mode; |
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
21 int closein; |
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
22 int closeout; |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 }; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
1746 | 25 static struct fdwrap wrap_fds[IOWRAP_MAXFD+1] = {{UNUSED, 0, 0}}; |
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
26 static int wrapfd_maxfd = -1; |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 static unsigned short rand_state[3]; |
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
28 static buffer *input_buf; |
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
29 static int devnull_fd = -1; |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
30 |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
31 static void wrapfd_remove(int fd); |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 |
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
33 void wrapfd_setup(buffer *buf) { |
1382
4b864fd12b22
fix building with DEBUG_TRACE
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
34 TRACE(("wrapfd_setup")) |
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
35 |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
36 // clean old ones |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
37 int i; |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
38 for (i = 0; i <= wrapfd_maxfd; i++) { |
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
39 if (wrap_fds[i].mode != UNUSED) { |
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
40 wrapfd_remove(i); |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
41 } |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
42 } |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
43 wrapfd_maxfd = -1; |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 |
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
45 memset(rand_state, 0x0, sizeof(rand_state)); |
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1360
diff
changeset
|
46 wrapfd_setseed(50); |
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
47 input_buf = buf; |
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1360
diff
changeset
|
48 } |
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1360
diff
changeset
|
49 |
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1360
diff
changeset
|
50 void wrapfd_setseed(uint32_t seed) { |
1528 | 51 memcpy(rand_state, &seed, sizeof(seed)); |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 nrand48(rand_state); |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 |
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
55 int wrapfd_new_fuzzinput() { |
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
56 if (devnull_fd == -1) { |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
57 devnull_fd = open("/dev/null", O_RDONLY); |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
58 assert(devnull_fd != -1); |
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
59 } |
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
60 |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
61 int fd = dup(devnull_fd); |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
62 assert(fd != -1); |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
63 assert(wrap_fds[fd].mode == UNUSED); |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
64 wrap_fds[fd].mode = COMMONBUF; |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
65 wrap_fds[fd].closein = 0; |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
66 wrap_fds[fd].closeout = 0; |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
67 wrapfd_maxfd = MAX(fd, wrapfd_maxfd); |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
68 |
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
69 return fd; |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 |
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
72 int wrapfd_new_dummy() { |
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
73 if (devnull_fd == -1) { |
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
74 devnull_fd = open("/dev/null", O_RDONLY); |
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
75 assert(devnull_fd != -1); |
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
76 } |
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
77 |
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
78 int fd = dup(devnull_fd); |
1802
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
79 if (fd == -1) { |
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
80 return -1; |
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
81 } |
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
82 if (fd > IOWRAP_MAXFD) { |
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
83 close(fd); |
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
84 errno = EMFILE; |
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
85 return -1; |
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
86 } |
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
87 assert(wrap_fds[fd].mode == UNUSED); |
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
88 wrap_fds[fd].mode = DUMMY; |
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
89 wrap_fds[fd].closein = 0; |
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
90 wrap_fds[fd].closeout = 0; |
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
91 wrapfd_maxfd = MAX(fd, wrapfd_maxfd); |
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
92 |
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
93 return fd; |
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
94 } |
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
95 |
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
96 |
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
97 static void wrapfd_remove(int fd) { |
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
98 TRACE(("wrapfd_remove %d", fd)) |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
99 assert(fd >= 0); |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 assert(fd <= IOWRAP_MAXFD); |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
101 assert(wrap_fds[fd].mode != UNUSED); |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
102 wrap_fds[fd].mode = UNUSED; |
1802
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
103 close(fd); |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
104 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
105 |
1360
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
106 int wrapfd_close(int fd) { |
1528 | 107 if (fd >= 0 && fd <= IOWRAP_MAXFD && wrap_fds[fd].mode != UNUSED) { |
1360
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
108 wrapfd_remove(fd); |
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
109 return 0; |
1528 | 110 } else { |
1360
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
111 return close(fd); |
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
112 } |
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
113 } |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
114 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
115 int wrapfd_read(int fd, void *out, size_t count) { |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 size_t maxread; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
117 |
1357 | 118 if (!fuzz.wrapfds) { |
119 return read(fd, out, count); | |
120 } | |
121 | |
122 if (fd < 0 || fd > IOWRAP_MAXFD || wrap_fds[fd].mode == UNUSED) { | |
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
123 /* XXX - assertion failure? */ |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
124 TRACE(("Bad read descriptor %d\n", fd)) |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 errno = EBADF; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
126 return -1; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
127 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
128 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 assert(count != 0); |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 |
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
131 if (wrap_fds[fd].closein || erand48(rand_state) < CHANCE_CLOSE) { |
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
132 wrap_fds[fd].closein = 1; |
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
133 errno = ECONNRESET; |
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
134 return -1; |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
135 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
136 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
137 if (erand48(rand_state) < CHANCE_INTR) { |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
138 errno = EINTR; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
139 return -1; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
140 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 |
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
142 if (input_buf && wrap_fds[fd].mode == COMMONBUF) { |
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
143 maxread = MIN(input_buf->len - input_buf->pos, count); |
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
144 /* returns 0 if buf is EOF, as intended */ |
1357 | 145 if (maxread > 0) { |
146 maxread = nrand48(rand_state) % maxread + 1; | |
147 } | |
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
148 memcpy(out, buf_getptr(input_buf, maxread), maxread); |
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
149 buf_incrpos(input_buf, maxread); |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
150 return maxread; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
151 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
152 |
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
153 // return fixed output, of random length |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
154 maxread = MIN(MAX_RANDOM_IN, count); |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
155 maxread = nrand48(rand_state) % maxread + 1; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
156 memset(out, 0xef, maxread); |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
157 return maxread; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
158 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
159 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
160 int wrapfd_write(int fd, const void* in, size_t count) { |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
161 unsigned const volatile char* volin = in; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
162 unsigned int i; |
1357 | 163 |
164 if (!fuzz.wrapfds) { | |
165 return write(fd, in, count); | |
166 } | |
167 | |
168 if (fd < 0 || fd > IOWRAP_MAXFD || wrap_fds[fd].mode == UNUSED) { | |
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
169 /* XXX - assertion failure? */ |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
170 TRACE(("Bad read descriptor %d\n", fd)) |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
171 errno = EBADF; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
172 return -1; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
173 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
174 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
175 assert(count != 0); |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
176 |
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
177 /* force read to exercise sanitisers */ |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
178 for (i = 0; i < count; i++) { |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
179 (void)volin[i]; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
180 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
181 |
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
182 if (wrap_fds[fd].closeout || erand48(rand_state) < CHANCE_CLOSE) { |
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
183 wrap_fds[fd].closeout = 1; |
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
184 errno = ECONNRESET; |
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
185 return -1; |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
186 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 if (erand48(rand_state) < CHANCE_INTR) { |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
189 errno = EINTR; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
190 return -1; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
191 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
192 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
193 return nrand48(rand_state) % (count+1); |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
194 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
195 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
196 int wrapfd_select(int nfds, fd_set *readfds, fd_set *writefds, |
1357 | 197 fd_set *exceptfds, struct timeval *timeout) { |
198 int i, nset, sel; | |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 int ret = 0; |
1528 | 200 int fdlist[IOWRAP_MAXFD+1]; |
201 | |
1357 | 202 if (!fuzz.wrapfds) { |
203 return select(nfds, readfds, writefds, exceptfds, timeout); | |
204 } | |
205 | |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
206 assert(nfds <= IOWRAP_MAXFD+1); |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 if (erand48(rand_state) < CHANCE_INTR) { |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
209 errno = EINTR; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 return -1; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
211 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
212 |
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
213 /* read */ |
1357 | 214 if (readfds != NULL && erand48(rand_state) < CHANCE_READ1) { |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
215 for (i = 0, nset = 0; i < nfds; i++) { |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
216 if (FD_ISSET(i, readfds)) { |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
217 assert(wrap_fds[i].mode != UNUSED); |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
218 fdlist[nset] = i; |
1357 | 219 nset++; |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
220 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
221 } |
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1587
diff
changeset
|
222 DROPBEAR_FD_ZERO(readfds); |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
223 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
224 if (nset > 0) { |
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
225 /* set one */ |
1357 | 226 sel = fdlist[nrand48(rand_state) % nset]; |
227 FD_SET(sel, readfds); | |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
228 ret++; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
229 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
230 if (erand48(rand_state) < CHANCE_READ2) { |
1357 | 231 sel = fdlist[nrand48(rand_state) % nset]; |
232 if (!FD_ISSET(sel, readfds)) { | |
233 FD_SET(sel, readfds); | |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
234 ret++; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
235 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
236 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
237 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
238 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
239 |
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
240 /* write */ |
1357 | 241 if (writefds != NULL && erand48(rand_state) < CHANCE_WRITE1) { |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
242 for (i = 0, nset = 0; i < nfds; i++) { |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
243 if (FD_ISSET(i, writefds)) { |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
244 assert(wrap_fds[i].mode != UNUSED); |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
245 fdlist[nset] = i; |
1357 | 246 nset++; |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
247 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
248 } |
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1587
diff
changeset
|
249 DROPBEAR_FD_ZERO(writefds); |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
250 |
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
251 /* set one */ |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
252 if (nset > 0) { |
1357 | 253 sel = fdlist[nrand48(rand_state) % nset]; |
254 FD_SET(sel, writefds); | |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
255 ret++; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
256 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
257 if (erand48(rand_state) < CHANCE_WRITE2) { |
1357 | 258 sel = fdlist[nrand48(rand_state) % nset]; |
259 if (!FD_ISSET(sel, writefds)) { | |
260 FD_SET(sel, writefds); | |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
261 ret++; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
262 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
263 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
264 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
265 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
266 return ret; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
267 } |
1357 | 268 |
1791 | 269 int fuzz_kill(pid_t pid, int sig) { |
270 if (fuzz.fuzzing) { | |
271 TRACE(("fuzz_kill ignoring pid %d signal %d", (pid), sig)) | |
272 if (sig >= 0) { | |
273 return 0; | |
274 } else { | |
275 errno = EINVAL; | |
276 return -1; | |
277 } | |
278 } | |
279 return kill(pid, sig); | |
280 } |