Mercurial > dropbear
annotate fuzz/fuzz-wrapfd.c @ 1861:2b3a8026a6ce
Add re-exec for server
This allows ASLR to re-randomize the address
space for every connection, preventing some
vulnerabilities from being exploitable by
repeated probing.
Overhead (memory and time) is yet to be confirmed.
At present this is only enabled on Linux. Other BSD platforms
with fexecve() would probably also work though have not been tested.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 30 Jan 2022 10:14:56 +0800 |
| parents | 1b160ed94749 |
| children |
| rev | line source |
|---|---|
| 1357 | 1 #define FUZZ_SKIP_WRAP 1 |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 #include "includes.h" |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 #include "fuzz-wrapfd.h" |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 |
|
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1587
diff
changeset
|
5 #include "dbutil.h" |
|
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1587
diff
changeset
|
6 |
| 1357 | 7 #include "fuzz.h" |
| 8 | |
|
1810
1b160ed94749
fuzz: don't push wrapfd descriptors larger than needed
Matt Johnston <matt@ucc.asn.au>
parents:
1802
diff
changeset
|
9 #define IOWRAP_MAXFD (FD_SETSIZE-1) |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 static const int MAX_RANDOM_IN = 50000; |
|
1587
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
11 static const double CHANCE_CLOSE = 1.0 / 600; |
|
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
12 static const double CHANCE_INTR = 1.0 / 900; |
|
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
13 static const double CHANCE_READ1 = 0.96; |
|
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
14 static const double CHANCE_READ2 = 0.5; |
|
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
15 static const double CHANCE_WRITE1 = 0.96; |
|
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
16 static const double CHANCE_WRITE2 = 0.5; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 struct fdwrap { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 enum wrapfd_mode mode; |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
20 int closein; |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
21 int closeout; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 }; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 |
| 1746 | 24 static struct fdwrap wrap_fds[IOWRAP_MAXFD+1] = {{UNUSED, 0, 0}}; |
|
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
25 static int wrapfd_maxfd = -1; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 static unsigned short rand_state[3]; |
|
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
27 static buffer *input_buf; |
|
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
28 static int devnull_fd = -1; |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
29 |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
30 static void wrapfd_remove(int fd); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 |
|
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
32 void wrapfd_setup(buffer *buf) { |
|
1382
4b864fd12b22
fix building with DEBUG_TRACE
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
33 TRACE(("wrapfd_setup")) |
|
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
34 |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
35 // clean old ones |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
36 int i; |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
37 for (i = 0; i <= wrapfd_maxfd; i++) { |
|
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
38 if (wrap_fds[i].mode != UNUSED) { |
|
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
39 wrapfd_remove(i); |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
40 } |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
41 } |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
42 wrapfd_maxfd = -1; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
44 memset(rand_state, 0x0, sizeof(rand_state)); |
|
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1360
diff
changeset
|
45 wrapfd_setseed(50); |
|
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
46 input_buf = buf; |
|
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1360
diff
changeset
|
47 } |
|
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1360
diff
changeset
|
48 |
|
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1360
diff
changeset
|
49 void wrapfd_setseed(uint32_t seed) { |
| 1528 | 50 memcpy(rand_state, &seed, sizeof(seed)); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 nrand48(rand_state); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 |
|
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
54 int wrapfd_new_fuzzinput() { |
|
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
55 if (devnull_fd == -1) { |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
56 devnull_fd = open("/dev/null", O_RDONLY); |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
57 assert(devnull_fd != -1); |
|
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
58 } |
|
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
59 |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
60 int fd = dup(devnull_fd); |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
61 assert(fd != -1); |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
62 assert(wrap_fds[fd].mode == UNUSED); |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
63 wrap_fds[fd].mode = COMMONBUF; |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
64 wrap_fds[fd].closein = 0; |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
65 wrap_fds[fd].closeout = 0; |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
66 wrapfd_maxfd = MAX(fd, wrapfd_maxfd); |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
67 |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
68 return fd; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 |
|
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
71 int wrapfd_new_dummy() { |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
72 if (devnull_fd == -1) { |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
73 devnull_fd = open("/dev/null", O_RDONLY); |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
74 assert(devnull_fd != -1); |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
75 } |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
76 |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
77 int fd = dup(devnull_fd); |
|
1802
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
78 if (fd == -1) { |
|
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
79 return -1; |
|
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
80 } |
|
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
81 if (fd > IOWRAP_MAXFD) { |
|
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
82 close(fd); |
|
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
83 errno = EMFILE; |
|
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
84 return -1; |
|
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
85 } |
|
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
86 assert(wrap_fds[fd].mode == UNUSED); |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
87 wrap_fds[fd].mode = DUMMY; |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
88 wrap_fds[fd].closein = 0; |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
89 wrap_fds[fd].closeout = 0; |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
90 wrapfd_maxfd = MAX(fd, wrapfd_maxfd); |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
91 |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
92 return fd; |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
93 } |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
94 |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
95 |
|
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
96 static void wrapfd_remove(int fd) { |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
97 TRACE(("wrapfd_remove %d", fd)) |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
98 assert(fd >= 0); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
99 assert(fd <= IOWRAP_MAXFD); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 assert(wrap_fds[fd].mode != UNUSED); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
101 wrap_fds[fd].mode = UNUSED; |
|
1802
19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
102 close(fd); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
103 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
104 |
|
1360
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
105 int wrapfd_close(int fd) { |
| 1528 | 106 if (fd >= 0 && fd <= IOWRAP_MAXFD && wrap_fds[fd].mode != UNUSED) { |
|
1360
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
107 wrapfd_remove(fd); |
|
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
108 return 0; |
| 1528 | 109 } else { |
|
1360
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
110 return close(fd); |
|
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
111 } |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
112 } |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
113 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
114 int wrapfd_read(int fd, void *out, size_t count) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
115 size_t maxread; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 |
| 1357 | 117 if (!fuzz.wrapfds) { |
| 118 return read(fd, out, count); | |
| 119 } | |
| 120 | |
| 121 if (fd < 0 || fd > IOWRAP_MAXFD || wrap_fds[fd].mode == UNUSED) { | |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
122 /* XXX - assertion failure? */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
123 TRACE(("Bad read descriptor %d\n", fd)) |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
124 errno = EBADF; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 return -1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
126 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
127 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
128 assert(count != 0); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
130 if (wrap_fds[fd].closein || erand48(rand_state) < CHANCE_CLOSE) { |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
131 wrap_fds[fd].closein = 1; |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
132 errno = ECONNRESET; |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
133 return -1; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
134 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
135 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
136 if (erand48(rand_state) < CHANCE_INTR) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
137 errno = EINTR; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
138 return -1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
139 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
140 |
|
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
141 if (input_buf && wrap_fds[fd].mode == COMMONBUF) { |
|
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
142 maxread = MIN(input_buf->len - input_buf->pos, count); |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
143 /* returns 0 if buf is EOF, as intended */ |
| 1357 | 144 if (maxread > 0) { |
| 145 maxread = nrand48(rand_state) % maxread + 1; | |
| 146 } | |
|
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
147 memcpy(out, buf_getptr(input_buf, maxread), maxread); |
|
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
148 buf_incrpos(input_buf, maxread); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
149 return maxread; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
150 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
151 |
|
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
152 // return fixed output, of random length |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
153 maxread = MIN(MAX_RANDOM_IN, count); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
154 maxread = nrand48(rand_state) % maxread + 1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
155 memset(out, 0xef, maxread); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
156 return maxread; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
157 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
158 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
159 int wrapfd_write(int fd, const void* in, size_t count) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
160 unsigned const volatile char* volin = in; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
161 unsigned int i; |
| 1357 | 162 |
| 163 if (!fuzz.wrapfds) { | |
| 164 return write(fd, in, count); | |
| 165 } | |
| 166 | |
| 167 if (fd < 0 || fd > IOWRAP_MAXFD || wrap_fds[fd].mode == UNUSED) { | |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
168 /* XXX - assertion failure? */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
169 TRACE(("Bad read descriptor %d\n", fd)) |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
170 errno = EBADF; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
171 return -1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
172 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
173 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
174 assert(count != 0); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
175 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
176 /* force read to exercise sanitisers */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
177 for (i = 0; i < count; i++) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
178 (void)volin[i]; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
179 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
180 |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
181 if (wrap_fds[fd].closeout || erand48(rand_state) < CHANCE_CLOSE) { |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
182 wrap_fds[fd].closeout = 1; |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
183 errno = ECONNRESET; |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
184 return -1; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
185 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
186 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 if (erand48(rand_state) < CHANCE_INTR) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 errno = EINTR; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
189 return -1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
190 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
191 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
192 return nrand48(rand_state) % (count+1); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
193 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
194 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
195 int wrapfd_select(int nfds, fd_set *readfds, fd_set *writefds, |
| 1357 | 196 fd_set *exceptfds, struct timeval *timeout) { |
| 197 int i, nset, sel; | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 int ret = 0; |
| 1528 | 199 int fdlist[IOWRAP_MAXFD+1]; |
| 200 | |
| 1357 | 201 if (!fuzz.wrapfds) { |
| 202 return select(nfds, readfds, writefds, exceptfds, timeout); | |
| 203 } | |
| 204 | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
205 assert(nfds <= IOWRAP_MAXFD+1); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
206 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 if (erand48(rand_state) < CHANCE_INTR) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 errno = EINTR; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
209 return -1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
211 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
212 /* read */ |
| 1357 | 213 if (readfds != NULL && erand48(rand_state) < CHANCE_READ1) { |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
214 for (i = 0, nset = 0; i < nfds; i++) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
215 if (FD_ISSET(i, readfds)) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
216 assert(wrap_fds[i].mode != UNUSED); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
217 fdlist[nset] = i; |
| 1357 | 218 nset++; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
219 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
220 } |
|
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1587
diff
changeset
|
221 DROPBEAR_FD_ZERO(readfds); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
222 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
223 if (nset > 0) { |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
224 /* set one */ |
| 1357 | 225 sel = fdlist[nrand48(rand_state) % nset]; |
| 226 FD_SET(sel, readfds); | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
227 ret++; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
228 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
229 if (erand48(rand_state) < CHANCE_READ2) { |
| 1357 | 230 sel = fdlist[nrand48(rand_state) % nset]; |
| 231 if (!FD_ISSET(sel, readfds)) { | |
| 232 FD_SET(sel, readfds); | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
233 ret++; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
234 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
235 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
236 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
237 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
238 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
239 /* write */ |
| 1357 | 240 if (writefds != NULL && erand48(rand_state) < CHANCE_WRITE1) { |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
241 for (i = 0, nset = 0; i < nfds; i++) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
242 if (FD_ISSET(i, writefds)) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
243 assert(wrap_fds[i].mode != UNUSED); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
244 fdlist[nset] = i; |
| 1357 | 245 nset++; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
246 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
247 } |
|
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1587
diff
changeset
|
248 DROPBEAR_FD_ZERO(writefds); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
249 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
250 /* set one */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
251 if (nset > 0) { |
| 1357 | 252 sel = fdlist[nrand48(rand_state) % nset]; |
| 253 FD_SET(sel, writefds); | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
254 ret++; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
255 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
256 if (erand48(rand_state) < CHANCE_WRITE2) { |
| 1357 | 257 sel = fdlist[nrand48(rand_state) % nset]; |
| 258 if (!FD_ISSET(sel, writefds)) { | |
| 259 FD_SET(sel, writefds); | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
260 ret++; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
261 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
262 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
263 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
264 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
265 return ret; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
266 } |
| 1357 | 267 |
| 1791 | 268 int fuzz_kill(pid_t pid, int sig) { |
| 269 if (fuzz.fuzzing) { | |
| 270 TRACE(("fuzz_kill ignoring pid %d signal %d", (pid), sig)) | |
| 271 if (sig >= 0) { | |
| 272 return 0; | |
| 273 } else { | |
| 274 errno = EINVAL; | |
| 275 return -1; | |
| 276 } | |
| 277 } | |
| 278 return kill(pid, sig); | |
| 279 } |