annotate fuzz.h @ 1857:6022df862942

Use DSCP for IP QoS traffic classes The previous TOS values are deprecated and not used by modern traffic classifiers. This sets AF21 for "interactive" traffic (with a tty). Non-tty traffic sets AF11 - that indicates high throughput but is not lowest priority (which would be CS1 or LE). This differs from the CS1 used by OpenSSH, it lets interactive git over SSH have higher priority than background least effort traffic. Dropbear's settings here should be suitable with the diffservs used by CAKE qdisc.
author Matt Johnston <matt@ucc.asn.au>
date Tue, 25 Jan 2022 17:32:20 +0800
parents 4983a6bc1f51
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 #ifndef DROPBEAR_FUZZ_H
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 #define DROPBEAR_FUZZ_H
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3
1357
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
4 #include "config.h"
1559
92c93b4a3646 Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents: 1558
diff changeset
5
1558
2f64cb3d3007 - #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents: 1456
diff changeset
6 #if DROPBEAR_FUZZ
1357
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
7
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 #include "includes.h"
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9 #include "buffer.h"
1357
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
10 #include "algo.h"
1778
19cdeb3d2aac Fix fuzzing build
Matt Johnston <matt@ucc.asn.au>
parents: 1777
diff changeset
11 #include "netio.h"
1357
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
12 #include "fuzz-wrapfd.h"
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13
1356
3677a510f545 add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
14 // once per process
1456
a90fdd2d2ed8 add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents: 1385
diff changeset
15 void fuzz_common_setup(void);
a90fdd2d2ed8 add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents: 1385
diff changeset
16 void fuzz_svr_setup(void);
1741
d1b279aa5ed1 Get client fuzzer building and starting (fails straight away)
Matt Johnston <matt@ucc.asn.au>
parents: 1740
diff changeset
17 void fuzz_cli_setup(void);
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18
1758
1365661f6be6 Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents: 1757
diff changeset
19 // constructor attribute so it runs before main(), including
1365661f6be6 Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents: 1757
diff changeset
20 // in non-fuzzing mode.
1365661f6be6 Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents: 1757
diff changeset
21 void fuzz_early_setup(void) __attribute__((constructor));
1365661f6be6 Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents: 1757
diff changeset
22
1377
d4cc85e6c569 rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents: 1369
diff changeset
23 // must be called once per fuzz iteration.
d4cc85e6c569 rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents: 1369
diff changeset
24 // returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE
1456
a90fdd2d2ed8 add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents: 1385
diff changeset
25 int fuzz_set_input(const uint8_t *Data, size_t Size);
a90fdd2d2ed8 add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents: 1385
diff changeset
26
1782
a6da10ac64b5 fuzz: make postauth set authdone properly
Matt Johnston <matt@ucc.asn.au>
parents: 1779
diff changeset
27 int fuzz_run_server(const uint8_t *Data, size_t Size, int skip_kexmaths, int postauth);
1746
28ab2cdb84bf Fix fuzzer build
Matt Johnston <matt@ucc.asn.au>
parents: 1741
diff changeset
28 int fuzz_run_client(const uint8_t *Data, size_t Size, int skip_kexmaths);
1589
35af85194268 Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents: 1561
diff changeset
29 const void* fuzz_get_algo(const algo_type *algos, const char* name);
1356
3677a510f545 add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
30
1369
ddfcadca3c4c fuzzer-pubkey
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
31 // fuzzer functions that intrude into general code
1357
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
32 void fuzz_kex_fakealgos(void);
1369
ddfcadca3c4c fuzzer-pubkey
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
33 int fuzz_checkpubkey_line(buffer* line, int line_num, char* filename,
ddfcadca3c4c fuzzer-pubkey
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
34 const char* algo, unsigned int algolen,
ddfcadca3c4c fuzzer-pubkey
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
35 const unsigned char* keyblob, unsigned int keybloblen);
ddfcadca3c4c fuzzer-pubkey
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
36 extern const char * const * fuzz_signkey_names;
1757
517fb7b62438 Add some more variation to fuzzer random number generation
Matt Johnston <matt@ucc.asn.au>
parents: 1751
diff changeset
37 void fuzz_seed(const unsigned char* dat, unsigned int len);
1782
a6da10ac64b5 fuzz: make postauth set authdone properly
Matt Johnston <matt@ucc.asn.au>
parents: 1779
diff changeset
38 void fuzz_svr_hook_preloop(void);
1741
d1b279aa5ed1 Get client fuzzer building and starting (fails straight away)
Matt Johnston <matt@ucc.asn.au>
parents: 1740
diff changeset
39
1786
a3b39df57c8b fuzz: add an always-failing dropbear_listen() replacement
Matt Johnston <matt@ucc.asn.au>
parents: 1782
diff changeset
40 int fuzz_dropbear_listen(const char* address, const char* port,
a3b39df57c8b fuzz: add an always-failing dropbear_listen() replacement
Matt Johnston <matt@ucc.asn.au>
parents: 1782
diff changeset
41 int *socks, unsigned int sockcount, char **errstring, int *maxfd);
a3b39df57c8b fuzz: add an always-failing dropbear_listen() replacement
Matt Johnston <matt@ucc.asn.au>
parents: 1782
diff changeset
42
1741
d1b279aa5ed1 Get client fuzzer building and starting (fails straight away)
Matt Johnston <matt@ucc.asn.au>
parents: 1740
diff changeset
43 // helpers
1383
f03cfe9c76ac Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents: 1377
diff changeset
44 void fuzz_get_socket_address(int fd, char **local_host, char **local_port,
f03cfe9c76ac Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents: 1377
diff changeset
45 char **remote_host, char **remote_port, int host_lookup);
1456
a90fdd2d2ed8 add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents: 1385
diff changeset
46 void fuzz_fake_send_kexdh_reply(void);
1740
dfbe947bdf0d Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents: 1589
diff changeset
47 int fuzz_spawn_command(int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid);
1751
3b9b427925a0 Load password and key for client fuzzer.
Matt Johnston <matt@ucc.asn.au>
parents: 1746
diff changeset
48 void fuzz_dump(const unsigned char* data, size_t len);
1357
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
49
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
50 // fake IO wrappers
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
51 #ifndef FUZZ_SKIP_WRAP
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
52 #define select(nfds, readfds, writefds, exceptfds, timeout) \
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
53 wrapfd_select(nfds, readfds, writefds, exceptfds, timeout)
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
54 #define write(fd, buf, count) wrapfd_write(fd, buf, count)
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
55 #define read(fd, buf, count) wrapfd_read(fd, buf, count)
1358
6b89eb92f872 glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents: 1357
diff changeset
56 #define close(fd) wrapfd_close(fd)
1791
685b47d8faf7 fuzz: wrap kill()
Matt Johnston <matt@ucc.asn.au>
parents: 1786
diff changeset
57 #define kill(pid, sig) fuzz_kill(pid, sig)
1357
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
58 #endif // FUZZ_SKIP_WRAP
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
59
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60 struct dropbear_fuzz_options {
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
61 int fuzzing;
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
62
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
63 // fuzzing input
1356
3677a510f545 add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
64 buffer *input;
1357
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
65 struct dropbear_cipher recv_cipher;
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
66 struct dropbear_hash recv_mac;
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
67 int wrapfds;
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
68
1456
a90fdd2d2ed8 add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents: 1385
diff changeset
69 // whether to skip slow bignum maths
a90fdd2d2ed8 add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents: 1385
diff changeset
70 int skip_kexmaths;
1782
a6da10ac64b5 fuzz: make postauth set authdone properly
Matt Johnston <matt@ucc.asn.au>
parents: 1779
diff changeset
71 // whether is svr_postauth mode
a6da10ac64b5 fuzz: make postauth set authdone properly
Matt Johnston <matt@ucc.asn.au>
parents: 1779
diff changeset
72 int svr_postauth;
1456
a90fdd2d2ed8 add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents: 1385
diff changeset
73
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
74 // dropbear_exit() jumps back
1385
6c92e97553f1 Add a flag whether to longjmp, missed that last commit
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
75 int do_jmp;
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
76 sigjmp_buf jmp;
1751
3b9b427925a0 Load password and key for client fuzzer.
Matt Johnston <matt@ucc.asn.au>
parents: 1746
diff changeset
77
1798
8dc43b30c6bf Define _GNU_SOURCE properly, other header fixes
Matt Johnston <matt@ucc.asn.au>
parents: 1791
diff changeset
78 // write out decrypted session data to this FD if it is set
1751
3b9b427925a0 Load password and key for client fuzzer.
Matt Johnston <matt@ucc.asn.au>
parents: 1746
diff changeset
79 // flag - this needs to be set manually in cli-main.c etc
3b9b427925a0 Load password and key for client fuzzer.
Matt Johnston <matt@ucc.asn.au>
parents: 1746
diff changeset
80 int dumping;
3b9b427925a0 Load password and key for client fuzzer.
Matt Johnston <matt@ucc.asn.au>
parents: 1746
diff changeset
81 // the file descriptor
3b9b427925a0 Load password and key for client fuzzer.
Matt Johnston <matt@ucc.asn.au>
parents: 1746
diff changeset
82 int recv_dumpfd;
1758
1365661f6be6 Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents: 1757
diff changeset
83
1365661f6be6 Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents: 1757
diff changeset
84 // avoid filling fuzzing logs, this points to /dev/null
1768
096a66e45212 Fix fuzzing stderr override on os x
Matt Johnston <matt@ucc.asn.au>
parents: 1758
diff changeset
85 FILE *fake_stderr;
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
86 };
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
87
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
88 extern struct dropbear_fuzz_options fuzz;
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
89
1768
096a66e45212 Fix fuzzing stderr override on os x
Matt Johnston <matt@ucc.asn.au>
parents: 1758
diff changeset
90 /* guard for when fuzz.h is included by fuzz-common.c */
096a66e45212 Fix fuzzing stderr override on os x
Matt Johnston <matt@ucc.asn.au>
parents: 1758
diff changeset
91 #ifndef FUZZ_NO_REPLACE_STDERR
096a66e45212 Fix fuzzing stderr override on os x
Matt Johnston <matt@ucc.asn.au>
parents: 1758
diff changeset
92
1758
1365661f6be6 Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents: 1757
diff changeset
93 /* This is a bodge but seems to work.
1365661f6be6 Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents: 1757
diff changeset
94 glibc stdio.h has the comment
1365661f6be6 Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents: 1757
diff changeset
95 "C89/C99 say they're macros. Make them happy." */
1768
096a66e45212 Fix fuzzing stderr override on os x
Matt Johnston <matt@ucc.asn.au>
parents: 1758
diff changeset
96 /* OS X has it as a macro */
1758
1365661f6be6 Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents: 1757
diff changeset
97 #ifdef stderr
1365661f6be6 Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents: 1757
diff changeset
98 #undef stderr
1365661f6be6 Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents: 1757
diff changeset
99 #endif
1768
096a66e45212 Fix fuzzing stderr override on os x
Matt Johnston <matt@ucc.asn.au>
parents: 1758
diff changeset
100 #define stderr (fuzz.fake_stderr)
096a66e45212 Fix fuzzing stderr override on os x
Matt Johnston <matt@ucc.asn.au>
parents: 1758
diff changeset
101
096a66e45212 Fix fuzzing stderr override on os x
Matt Johnston <matt@ucc.asn.au>
parents: 1758
diff changeset
102 #endif /* FUZZ_NO_REPLACE_STDERR */
1758
1365661f6be6 Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents: 1757
diff changeset
103
1779
36d4c027cba7 fuzzing: add workaround getpwuid/getpwnam
Matt Johnston <matt@ucc.asn.au>
parents: 1778
diff changeset
104 struct passwd* fuzz_getpwuid(uid_t uid);
36d4c027cba7 fuzzing: add workaround getpwuid/getpwnam
Matt Johnston <matt@ucc.asn.au>
parents: 1778
diff changeset
105 struct passwd* fuzz_getpwnam(const char *login);
36d4c027cba7 fuzzing: add workaround getpwuid/getpwnam
Matt Johnston <matt@ucc.asn.au>
parents: 1778
diff changeset
106 /* guard for when fuzz.h is included by fuzz-common.c */
36d4c027cba7 fuzzing: add workaround getpwuid/getpwnam
Matt Johnston <matt@ucc.asn.au>
parents: 1778
diff changeset
107 #ifndef FUZZ_NO_REPLACE_GETPW
36d4c027cba7 fuzzing: add workaround getpwuid/getpwnam
Matt Johnston <matt@ucc.asn.au>
parents: 1778
diff changeset
108 #define getpwnam(x) fuzz_getpwnam(x)
36d4c027cba7 fuzzing: add workaround getpwuid/getpwnam
Matt Johnston <matt@ucc.asn.au>
parents: 1778
diff changeset
109 #define getpwuid(x) fuzz_getpwuid(x)
36d4c027cba7 fuzzing: add workaround getpwuid/getpwnam
Matt Johnston <matt@ucc.asn.au>
parents: 1778
diff changeset
110 #endif // FUZZ_NO_REPLACE_GETPW
36d4c027cba7 fuzzing: add workaround getpwuid/getpwnam
Matt Johnston <matt@ucc.asn.au>
parents: 1778
diff changeset
111
1798
8dc43b30c6bf Define _GNU_SOURCE properly, other header fixes
Matt Johnston <matt@ucc.asn.au>
parents: 1791
diff changeset
112 #endif /* DROPBEAR_FUZZ */
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
113
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
114 #endif /* DROPBEAR_FUZZ_H */