Mercurial > dropbear
annotate fuzz-common.c @ 1386:f0990c284663 fuzz
fuzzer-preauth don't call getpwnam(), bring back longjmp
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 02 Jun 2017 00:03:51 +0800 |
| parents | 6c92e97553f1 |
| children | a90fdd2d2ed8 |
| rev | line source |
|---|---|
| 1348 | 1 #include "includes.h" |
| 2 | |
| 3 #include "includes.h" | |
| 4 #include "fuzz.h" | |
| 5 #include "dbutil.h" | |
| 6 #include "runopts.h" | |
| 1353 | 7 #include "crypto_desc.h" |
| 8 #include "session.h" | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
9 #include "dbrandom.h" |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
10 #include "fuzz-wrapfd.h" |
| 1348 | 11 |
| 12 struct dropbear_fuzz_options fuzz; | |
| 13 | |
|
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
14 static void fuzz_dropbear_log(int UNUSED(priority), const char* format, va_list param); |
| 1348 | 15 static void load_fixed_hostkeys(void); |
| 16 | |
| 1369 | 17 void common_setup_fuzzer(void) { |
| 1348 | 18 fuzz.fuzzing = 1; |
| 1357 | 19 fuzz.wrapfds = 1; |
|
1385
6c92e97553f1
Add a flag whether to longjmp, missed that last commit
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
20 fuzz.do_jmp = 1; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
21 fuzz.input = m_malloc(sizeof(buffer)); |
|
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
22 _dropbear_log = fuzz_dropbear_log; |
| 1350 | 23 crypto_init(); |
| 1348 | 24 } |
| 25 | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
26 int fuzzer_set_input(const uint8_t *Data, size_t Size) { |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
27 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
28 fuzz.input->data = (unsigned char*)Data; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
29 fuzz.input->size = Size; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
30 fuzz.input->len = Size; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
31 fuzz.input->pos = 0; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
32 |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
33 memset(&ses, 0x0, sizeof(ses)); |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
34 memset(&svr_ses, 0x0, sizeof(svr_ses)); |
|
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1373
diff
changeset
|
35 wrapfd_setup(); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
36 |
| 1369 | 37 fuzz_seed(); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
38 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
39 return DROPBEAR_SUCCESS; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
40 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
41 |
|
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
42 static void fuzz_dropbear_log(int UNUSED(priority), const char* format, va_list param) { |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
43 |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
44 char printbuf[1024]; |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
45 |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
46 #if DEBUG_TRACE |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
47 if (debug_trace) { |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
48 vsnprintf(printbuf, sizeof(printbuf), format, param); |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
49 fprintf(stderr, "%s\n", printbuf); |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
50 } |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
51 #endif |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
52 } |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
53 |
| 1348 | 54 void svr_setup_fuzzer(void) { |
| 55 struct passwd *pw; | |
| 56 | |
| 57 common_setup_fuzzer(); | |
| 1353 | 58 |
| 59 _dropbear_exit = svr_dropbear_exit; | |
| 1348 | 60 |
| 61 char *argv[] = { | |
| 62 "-E", | |
| 63 }; | |
| 64 | |
| 65 int argc = sizeof(argv) / sizeof(*argv); | |
| 66 svr_getopts(argc, argv); | |
| 67 | |
| 68 /* user lookups might be slow, cache it */ | |
|
1386
f0990c284663
fuzzer-preauth don't call getpwnam(), bring back longjmp
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
69 fuzz.pw_name = m_strdup("person"); |
|
f0990c284663
fuzzer-preauth don't call getpwnam(), bring back longjmp
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
70 fuzz.pw_dir = m_strdup("/tmp"); |
|
f0990c284663
fuzzer-preauth don't call getpwnam(), bring back longjmp
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
71 fuzz.pw_shell = m_strdup("/bin/zsh"); |
| 1348 | 72 fuzz.pw_passwd = m_strdup("!!zzznope"); |
| 73 | |
| 74 load_fixed_hostkeys(); | |
| 75 } | |
| 76 | |
| 77 static void load_fixed_hostkeys(void) { | |
| 78 #include "fuzz-hostkeys.c" | |
| 79 | |
| 80 buffer *b = buf_new(3000); | |
| 81 enum signkey_type type; | |
| 82 | |
| 83 TRACE(("load fixed hostkeys")) | |
| 84 | |
| 85 svr_opts.hostkey = new_sign_key(); | |
| 86 | |
| 87 buf_setlen(b, 0); | |
| 88 buf_putbytes(b, keyr, keyr_len); | |
| 89 buf_setpos(b, 0); | |
| 90 type = DROPBEAR_SIGNKEY_RSA; | |
| 91 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
| 92 dropbear_exit("failed fixed rsa hostkey"); | |
| 93 } | |
| 94 | |
| 95 buf_setlen(b, 0); | |
| 96 buf_putbytes(b, keyd, keyd_len); | |
| 97 buf_setpos(b, 0); | |
| 98 type = DROPBEAR_SIGNKEY_DSS; | |
| 99 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
| 100 dropbear_exit("failed fixed dss hostkey"); | |
| 101 } | |
| 102 | |
| 103 buf_setlen(b, 0); | |
| 104 buf_putbytes(b, keye, keye_len); | |
| 105 buf_setpos(b, 0); | |
| 106 type = DROPBEAR_SIGNKEY_ECDSA_NISTP256; | |
| 107 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
| 108 dropbear_exit("failed fixed ecdsa hostkey"); | |
| 109 } | |
| 110 | |
| 111 buf_free(b); | |
| 112 } | |
| 113 | |
| 1357 | 114 void fuzz_kex_fakealgos(void) { |
| 115 ses.newkeys->recv.crypt_mode = &dropbear_mode_none; | |
| 116 } | |
|
1383
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
117 |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
118 void fuzz_get_socket_address(int UNUSED(fd), char **local_host, char **local_port, |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
119 char **remote_host, char **remote_port, int UNUSED(host_lookup)) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
120 if (local_host) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
121 *local_host = m_strdup("fuzzlocalhost"); |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
122 } |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
123 if (local_port) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
124 *local_port = m_strdup("1234"); |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
125 } |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
126 if (remote_host) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
127 *remote_host = m_strdup("fuzzremotehost"); |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
128 } |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
129 if (remote_port) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
130 *remote_port = m_strdup("9876"); |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
131 } |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
132 } |