Mercurial > dropbear
annotate fuzz/fuzz-wrapfd.c @ 1790:42745af83b7d
Introduce extra delay before closing unauthenticated sessions
To make it harder for attackers, introduce a delay to keep an
unauthenticated session open a bit longer, thus blocking a connection
slot until after the delay.
Without this, while there is a limit on the amount of attempts an attacker
can make at the same time (MAX_UNAUTH_PER_IP), the time taken by dropbear to
handle one attempt is still short and thus for each of the allowed parallel
attempts many attempts can be chained one after the other. The attempt rate
is then:
"MAX_UNAUTH_PER_IP / <process time of one attempt>".
With the delay, this rate becomes:
"MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".
| author | Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> |
|---|---|
| date | Wed, 15 Feb 2017 13:53:04 +0100 |
| parents | 97ad26e397a5 |
| children | 685b47d8faf7 |
| rev | line source |
|---|---|
| 1357 | 1 #define FUZZ_SKIP_WRAP 1 |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 #include "includes.h" |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 #include "fuzz-wrapfd.h" |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 |
|
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1587
diff
changeset
|
5 #include "dbutil.h" |
|
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1587
diff
changeset
|
6 |
| 1357 | 7 #include "fuzz.h" |
| 8 | |
| 1528 | 9 #define IOWRAP_MAXFD (FD_SETSIZE-1) |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 static const int MAX_RANDOM_IN = 50000; |
|
1587
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
11 static const double CHANCE_CLOSE = 1.0 / 600; |
|
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
12 static const double CHANCE_INTR = 1.0 / 900; |
|
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
13 static const double CHANCE_READ1 = 0.96; |
|
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
14 static const double CHANCE_READ2 = 0.5; |
|
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
15 static const double CHANCE_WRITE1 = 0.96; |
|
b579ec254988
try and improve the odds of useful fuzzer activity
Matt Johnston <matt@ucc.asn.au>
parents:
1575
diff
changeset
|
16 static const double CHANCE_WRITE2 = 0.5; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 struct fdwrap { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 enum wrapfd_mode mode; |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
20 int closein; |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
21 int closeout; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 }; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 |
| 1746 | 24 static struct fdwrap wrap_fds[IOWRAP_MAXFD+1] = {{UNUSED, 0, 0}}; |
|
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
25 static int wrapfd_maxfd = -1; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 static unsigned short rand_state[3]; |
|
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
27 static buffer *input_buf; |
|
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
28 static int devnull_fd = -1; |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
29 |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
30 static void wrapfd_remove(int fd); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 |
|
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
32 void wrapfd_setup(buffer *buf) { |
|
1382
4b864fd12b22
fix building with DEBUG_TRACE
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
33 TRACE(("wrapfd_setup")) |
|
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
34 |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
35 // clean old ones |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
36 int i; |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
37 for (i = 0; i <= wrapfd_maxfd; i++) { |
|
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
38 if (wrap_fds[i].mode != UNUSED) { |
|
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
39 wrapfd_remove(i); |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
40 } |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
41 } |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
42 wrapfd_maxfd = -1; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
44 memset(rand_state, 0x0, sizeof(rand_state)); |
|
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1360
diff
changeset
|
45 wrapfd_setseed(50); |
|
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
46 input_buf = buf; |
|
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1360
diff
changeset
|
47 } |
|
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1360
diff
changeset
|
48 |
|
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1360
diff
changeset
|
49 void wrapfd_setseed(uint32_t seed) { |
| 1528 | 50 memcpy(rand_state, &seed, sizeof(seed)); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 nrand48(rand_state); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 |
|
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
54 int wrapfd_new_fuzzinput() { |
|
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
55 if (devnull_fd == -1) { |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
56 devnull_fd = open("/dev/null", O_RDONLY); |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
57 assert(devnull_fd != -1); |
|
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
58 } |
|
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
59 |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
60 int fd = dup(devnull_fd); |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
61 assert(fd != -1); |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
62 assert(wrap_fds[fd].mode == UNUSED); |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
63 wrap_fds[fd].mode = COMMONBUF; |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
64 wrap_fds[fd].closein = 0; |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
65 wrap_fds[fd].closeout = 0; |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
66 wrapfd_maxfd = MAX(fd, wrapfd_maxfd); |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
67 |
|
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
68 return fd; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 |
|
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
71 int wrapfd_new_dummy() { |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
72 if (devnull_fd == -1) { |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
73 devnull_fd = open("/dev/null", O_RDONLY); |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
74 assert(devnull_fd != -1); |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
75 } |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
76 |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
77 int fd = dup(devnull_fd); |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
78 assert(fd != -1); |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
79 assert(wrap_fds[fd].mode == UNUSED); |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
80 wrap_fds[fd].mode = DUMMY; |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
81 wrap_fds[fd].closein = 0; |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
82 wrap_fds[fd].closeout = 0; |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
83 wrapfd_maxfd = MAX(fd, wrapfd_maxfd); |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
84 |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
85 return fd; |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
86 } |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
87 |
|
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
88 |
|
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
89 static void wrapfd_remove(int fd) { |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
90 TRACE(("wrapfd_remove %d", fd)) |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
91 assert(fd >= 0); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
92 assert(fd <= IOWRAP_MAXFD); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
93 assert(wrap_fds[fd].mode != UNUSED); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
94 wrap_fds[fd].mode = UNUSED; |
|
1744
6cf465af5d9f
Allocate real file descriptors for fuzz input with dup()
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
95 m_close(fd); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
96 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
97 |
|
1360
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
98 int wrapfd_close(int fd) { |
| 1528 | 99 if (fd >= 0 && fd <= IOWRAP_MAXFD && wrap_fds[fd].mode != UNUSED) { |
|
1360
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
100 wrapfd_remove(fd); |
|
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
101 return 0; |
| 1528 | 102 } else { |
|
1360
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
103 return close(fd); |
|
16f45f2df38f
ignore wrapfd_close for unknown
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
104 } |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
105 } |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
107 int wrapfd_read(int fd, void *out, size_t count) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
108 size_t maxread; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
109 |
| 1357 | 110 if (!fuzz.wrapfds) { |
| 111 return read(fd, out, count); | |
| 112 } | |
| 113 | |
| 114 if (fd < 0 || fd > IOWRAP_MAXFD || wrap_fds[fd].mode == UNUSED) { | |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
115 /* XXX - assertion failure? */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 TRACE(("Bad read descriptor %d\n", fd)) |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
117 errno = EBADF; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
118 return -1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
120 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
121 assert(count != 0); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
122 |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
123 if (wrap_fds[fd].closein || erand48(rand_state) < CHANCE_CLOSE) { |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
124 wrap_fds[fd].closein = 1; |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
125 errno = ECONNRESET; |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
126 return -1; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
127 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
128 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 if (erand48(rand_state) < CHANCE_INTR) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 errno = EINTR; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
131 return -1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
132 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 |
|
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
134 if (input_buf && wrap_fds[fd].mode == COMMONBUF) { |
|
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
135 maxread = MIN(input_buf->len - input_buf->pos, count); |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
136 /* returns 0 if buf is EOF, as intended */ |
| 1357 | 137 if (maxread > 0) { |
| 138 maxread = nrand48(rand_state) % maxread + 1; | |
| 139 } | |
|
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
140 memcpy(out, buf_getptr(input_buf, maxread), maxread); |
|
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1596
diff
changeset
|
141 buf_incrpos(input_buf, maxread); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
142 return maxread; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
143 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
144 |
|
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
145 // return fixed output, of random length |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
146 maxread = MIN(MAX_RANDOM_IN, count); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
147 maxread = nrand48(rand_state) % maxread + 1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
148 memset(out, 0xef, maxread); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
149 return maxread; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
150 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
151 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
152 int wrapfd_write(int fd, const void* in, size_t count) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
153 unsigned const volatile char* volin = in; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
154 unsigned int i; |
| 1357 | 155 |
| 156 if (!fuzz.wrapfds) { | |
| 157 return write(fd, in, count); | |
| 158 } | |
| 159 | |
| 160 if (fd < 0 || fd > IOWRAP_MAXFD || wrap_fds[fd].mode == UNUSED) { | |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
161 /* XXX - assertion failure? */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
162 TRACE(("Bad read descriptor %d\n", fd)) |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
163 errno = EBADF; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
164 return -1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
165 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
166 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
167 assert(count != 0); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
168 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
169 /* force read to exercise sanitisers */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
170 for (i = 0; i < count; i++) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
171 (void)volin[i]; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
172 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
173 |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
174 if (wrap_fds[fd].closeout || erand48(rand_state) < CHANCE_CLOSE) { |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
175 wrap_fds[fd].closeout = 1; |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
176 errno = ECONNRESET; |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
177 return -1; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
178 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
179 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
180 if (erand48(rand_state) < CHANCE_INTR) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
181 errno = EINTR; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
182 return -1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
183 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
184 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
185 return nrand48(rand_state) % (count+1); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
186 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 int wrapfd_select(int nfds, fd_set *readfds, fd_set *writefds, |
| 1357 | 189 fd_set *exceptfds, struct timeval *timeout) { |
| 190 int i, nset, sel; | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
191 int ret = 0; |
| 1528 | 192 int fdlist[IOWRAP_MAXFD+1]; |
| 193 | |
| 1357 | 194 if (!fuzz.wrapfds) { |
| 195 return select(nfds, readfds, writefds, exceptfds, timeout); | |
| 196 } | |
| 197 | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 assert(nfds <= IOWRAP_MAXFD+1); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
200 if (erand48(rand_state) < CHANCE_INTR) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
201 errno = EINTR; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
202 return -1; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
203 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
204 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
205 /* read */ |
| 1357 | 206 if (readfds != NULL && erand48(rand_state) < CHANCE_READ1) { |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 for (i = 0, nset = 0; i < nfds; i++) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 if (FD_ISSET(i, readfds)) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
209 assert(wrap_fds[i].mode != UNUSED); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 fdlist[nset] = i; |
| 1357 | 211 nset++; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
212 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
213 } |
|
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1587
diff
changeset
|
214 DROPBEAR_FD_ZERO(readfds); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
215 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
216 if (nset > 0) { |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
217 /* set one */ |
| 1357 | 218 sel = fdlist[nrand48(rand_state) % nset]; |
| 219 FD_SET(sel, readfds); | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
220 ret++; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
221 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
222 if (erand48(rand_state) < CHANCE_READ2) { |
| 1357 | 223 sel = fdlist[nrand48(rand_state) % nset]; |
| 224 if (!FD_ISSET(sel, readfds)) { | |
| 225 FD_SET(sel, readfds); | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
226 ret++; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
227 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
228 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
229 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
230 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
231 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
232 /* write */ |
| 1357 | 233 if (writefds != NULL && erand48(rand_state) < CHANCE_WRITE1) { |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
234 for (i = 0, nset = 0; i < nfds; i++) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
235 if (FD_ISSET(i, writefds)) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
236 assert(wrap_fds[i].mode != UNUSED); |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
237 fdlist[nset] = i; |
| 1357 | 238 nset++; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
239 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
240 } |
|
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1587
diff
changeset
|
241 DROPBEAR_FD_ZERO(writefds); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
242 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1528
diff
changeset
|
243 /* set one */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
244 if (nset > 0) { |
| 1357 | 245 sel = fdlist[nrand48(rand_state) % nset]; |
| 246 FD_SET(sel, writefds); | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
247 ret++; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
248 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
249 if (erand48(rand_state) < CHANCE_WRITE2) { |
| 1357 | 250 sel = fdlist[nrand48(rand_state) % nset]; |
| 251 if (!FD_ISSET(sel, writefds)) { | |
| 252 FD_SET(sel, writefds); | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
253 ret++; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
254 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
255 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
256 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
257 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
258 return ret; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
259 } |
| 1357 | 260 |