Mercurial > dropbear
annotate fuzz-wrapfd.c @ 1715:3974f087d9c0
Disallow leading lines before the ident for server (#102)
Per RFC4253 4.2 clients must be able to process other lines of data
before the version string, server behavior is not defined neither
with MUST/SHOULD nor with MAY.
If server process up to 50 lines too - it may cause too long hanging
session with invalid/evil client that consume host resources and
potentially may lead to DDoS on poor embedded boxes.
Let's require first line from client to be version string and fail
early if it's not - matches both RFC and real OpenSSH behavior.
| author | Vladislav Grishenko <themiron@users.noreply.github.com> |
|---|---|
| date | Mon, 15 Jun 2020 18:22:18 +0500 |
| parents | 60fceff95858 |
| children | dfbe947bdf0d |
| rev | line source |
|---|---|
| 1357 | 1 #define FUZZ_SKIP_WRAP 1 |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 #include "includes.h" |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 #include "fuzz-wrapfd.h" |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 |
|
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1587
diff
changeset
|
5 #include "dbutil.h" |
|
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1587
diff
changeset
|
6 |
| 1357 | 7 #include "fuzz.h" |
| 8 | |
| 1528 | 9 #define IOWRAP_MAXFD (FD_SETSIZE-1) |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 static const int MAX_RANDOM_IN = 50000; |
|
1587
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
11 static const double CHANCE_CLOSE = 1.0 / 600; |
|
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
12 static const double CHANCE_INTR = 1.0 / 900; |
|
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
13 static const double CHANCE_READ1 = 0.96; |
|
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
14 static const double CHANCE_READ2 = 0.5; |
|
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
15 static const double CHANCE_WRITE1 = 0.96; |
|
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
16 static const double CHANCE_WRITE2 = 0.5; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 struct fdwrap { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 enum wrapfd_mode mode; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 buffer *buf; |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
21 int closein; |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
22 int closeout; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 }; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 static struct fdwrap wrap_fds[IOWRAP_MAXFD+1]; |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
26 /* for quick selection of in-use descriptors */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 static int wrap_used[IOWRAP_MAXFD+1]; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 static unsigned int nused; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 static unsigned short rand_state[3]; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 |
|
1575
e75dab5bec71
some linting after fuzz merge (#60)
François Perrad <francois.perrad@gadz.org>
parents:
1559
diff
changeset
|
31 void wrapfd_setup(void) { |
|
1382
4b864fd12b22
fix building with DEBUG_TRACE
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
32 TRACE(("wrapfd_setup")) |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 nused = 0; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 memset(wrap_fds, 0x0, sizeof(wrap_fds)); |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
35 memset(wrap_used, 0x0, sizeof(wrap_used)); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
37 memset(rand_state, 0x0, sizeof(rand_state)); |
|
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1360
diff
changeset
|
38 wrapfd_setseed(50); |
|
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1360
diff
changeset
|
39 } |
|
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1360
diff
changeset
|
40 |
|
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1360
diff
changeset
|
41 void wrapfd_setseed(uint32_t seed) { |
| 1528 | 42 memcpy(rand_state, &seed, sizeof(seed)); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 nrand48(rand_state); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 void wrapfd_add(int fd, buffer *buf, enum wrapfd_mode mode) { |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
47 TRACE(("wrapfd_add %d buf %p mode %d", fd, buf, mode)) |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 assert(fd >= 0); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 assert(fd <= IOWRAP_MAXFD); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 assert(wrap_fds[fd].mode == UNUSED); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 assert(buf || mode == RANDOMIN); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 wrap_fds[fd].mode = mode; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 wrap_fds[fd].buf = buf; |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
55 wrap_fds[fd].closein = 0; |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
56 wrap_fds[fd].closeout = 0; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
57 wrap_used[nused] = fd; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 nused++; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
60 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
62 void wrapfd_remove(int fd) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
63 unsigned int i, j; |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
64 TRACE(("wrapfd_remove %d", fd)) |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 assert(fd >= 0); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 assert(fd <= IOWRAP_MAXFD); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 assert(wrap_fds[fd].mode != UNUSED); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 wrap_fds[fd].mode = UNUSED; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 |
| 1357 | 70 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
71 /* remove from used list */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
72 for (i = 0, j = 0; i < nused; i++) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 if (wrap_used[i] != fd) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 wrap_used[j] = wrap_used[i]; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 j++; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
76 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
77 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
78 nused--; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
79 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
80 |
|
1360
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
81 int wrapfd_close(int fd) { |
| 1528 | 82 if (fd >= 0 && fd <= IOWRAP_MAXFD && wrap_fds[fd].mode != UNUSED) { |
|
1360
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
83 wrapfd_remove(fd); |
|
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
84 return 0; |
| 1528 | 85 } else { |
|
1360
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
86 return close(fd); |
|
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
87 } |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
88 } |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
90 int wrapfd_read(int fd, void *out, size_t count) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
91 size_t maxread; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
92 buffer *buf; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
93 |
| 1357 | 94 if (!fuzz.wrapfds) { |
| 95 return read(fd, out, count); | |
| 96 } | |
| 97 | |
| 98 if (fd < 0 || fd > IOWRAP_MAXFD || wrap_fds[fd].mode == UNUSED) { | |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
99 /* XXX - assertion failure? */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 TRACE(("Bad read descriptor %d\n", fd)) |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
101 errno = EBADF; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
102 return -1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
103 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
104 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
105 assert(count != 0); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
107 if (wrap_fds[fd].closein || erand48(rand_state) < CHANCE_CLOSE) { |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
108 wrap_fds[fd].closein = 1; |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
109 errno = ECONNRESET; |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
110 return -1; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
112 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
113 if (erand48(rand_state) < CHANCE_INTR) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
114 errno = EINTR; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
115 return -1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
117 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
118 buf = wrap_fds[fd].buf; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 if (buf) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
120 maxread = MIN(buf->len - buf->pos, count); |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
121 /* returns 0 if buf is EOF, as intended */ |
| 1357 | 122 if (maxread > 0) { |
| 123 maxread = nrand48(rand_state) % maxread + 1; | |
| 124 } | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 memcpy(out, buf_getptr(buf, maxread), maxread); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
126 buf_incrpos(buf, maxread); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
127 return maxread; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
128 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 maxread = MIN(MAX_RANDOM_IN, count); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
131 maxread = nrand48(rand_state) % maxread + 1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
132 memset(out, 0xef, maxread); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 return maxread; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
134 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
135 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
136 int wrapfd_write(int fd, const void* in, size_t count) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
137 unsigned const volatile char* volin = in; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
138 unsigned int i; |
| 1357 | 139 |
| 140 if (!fuzz.wrapfds) { | |
| 141 return write(fd, in, count); | |
| 142 } | |
| 143 | |
| 144 if (fd < 0 || fd > IOWRAP_MAXFD || wrap_fds[fd].mode == UNUSED) { | |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
145 /* XXX - assertion failure? */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
146 TRACE(("Bad read descriptor %d\n", fd)) |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
147 errno = EBADF; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
148 return -1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
149 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
150 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
151 assert(count != 0); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
152 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
153 /* force read to exercise sanitisers */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
154 for (i = 0; i < count; i++) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
155 (void)volin[i]; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
156 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
157 |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
158 if (wrap_fds[fd].closeout || erand48(rand_state) < CHANCE_CLOSE) { |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
159 wrap_fds[fd].closeout = 1; |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
160 errno = ECONNRESET; |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
161 return -1; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
162 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
163 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
164 if (erand48(rand_state) < CHANCE_INTR) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
165 errno = EINTR; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
166 return -1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
167 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
168 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
169 return nrand48(rand_state) % (count+1); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
170 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
171 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
172 int wrapfd_select(int nfds, fd_set *readfds, fd_set *writefds, |
| 1357 | 173 fd_set *exceptfds, struct timeval *timeout) { |
| 174 int i, nset, sel; | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
175 int ret = 0; |
| 1528 | 176 int fdlist[IOWRAP_MAXFD+1]; |
| 177 | |
| 178 memset(fdlist, 0x0, sizeof(fdlist)); | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
179 |
| 1357 | 180 if (!fuzz.wrapfds) { |
| 181 return select(nfds, readfds, writefds, exceptfds, timeout); | |
| 182 } | |
| 183 | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
184 assert(nfds <= IOWRAP_MAXFD+1); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
185 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
186 if (erand48(rand_state) < CHANCE_INTR) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 errno = EINTR; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 return -1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
189 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
190 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
191 /* read */ |
| 1357 | 192 if (readfds != NULL && erand48(rand_state) < CHANCE_READ1) { |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
193 for (i = 0, nset = 0; i < nfds; i++) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
194 if (FD_ISSET(i, readfds)) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
195 assert(wrap_fds[i].mode != UNUSED); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
196 fdlist[nset] = i; |
| 1357 | 197 nset++; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 } |
|
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1587
diff
changeset
|
200 DROPBEAR_FD_ZERO(readfds); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
201 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
202 if (nset > 0) { |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
203 /* set one */ |
| 1357 | 204 sel = fdlist[nrand48(rand_state) % nset]; |
| 205 FD_SET(sel, readfds); | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
206 ret++; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 if (erand48(rand_state) < CHANCE_READ2) { |
| 1357 | 209 sel = fdlist[nrand48(rand_state) % nset]; |
| 210 if (!FD_ISSET(sel, readfds)) { | |
| 211 FD_SET(sel, readfds); | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
212 ret++; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
213 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
214 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
215 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
216 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
217 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
218 /* write */ |
| 1357 | 219 if (writefds != NULL && erand48(rand_state) < CHANCE_WRITE1) { |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
220 for (i = 0, nset = 0; i < nfds; i++) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
221 if (FD_ISSET(i, writefds)) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
222 assert(wrap_fds[i].mode != UNUSED); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
223 fdlist[nset] = i; |
| 1357 | 224 nset++; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
225 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
226 } |
|
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1587
diff
changeset
|
227 DROPBEAR_FD_ZERO(writefds); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
228 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
229 /* set one */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
230 if (nset > 0) { |
| 1357 | 231 sel = fdlist[nrand48(rand_state) % nset]; |
| 232 FD_SET(sel, writefds); | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
233 ret++; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
234 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
235 if (erand48(rand_state) < CHANCE_WRITE2) { |
| 1357 | 236 sel = fdlist[nrand48(rand_state) % nset]; |
| 237 if (!FD_ISSET(sel, writefds)) { | |
| 238 FD_SET(sel, writefds); | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
239 ret++; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
240 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
241 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
242 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
243 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
244 return ret; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
245 } |
| 1357 | 246 |