Mercurial > dropbear
annotate fuzz.h @ 1883:f54451afc046
use buf_getptr and m_free on every iteration before m_malloc to insure no memory leaks are happening
author | HansH111 <hans@atbas.org> |
---|---|
date | Tue, 15 Mar 2022 18:57:21 +0000 |
parents | 4983a6bc1f51 |
children |
rev | line source |
---|---|
1348 | 1 #ifndef DROPBEAR_FUZZ_H |
2 #define DROPBEAR_FUZZ_H | |
3 | |
1357 | 4 #include "config.h" |
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
5 |
1558
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
6 #if DROPBEAR_FUZZ |
1357 | 7 |
1348 | 8 #include "includes.h" |
9 #include "buffer.h" | |
1357 | 10 #include "algo.h" |
1778 | 11 #include "netio.h" |
1357 | 12 #include "fuzz-wrapfd.h" |
1348 | 13 |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1348
diff
changeset
|
14 // once per process |
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
15 void fuzz_common_setup(void); |
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
16 void fuzz_svr_setup(void); |
1741
d1b279aa5ed1
Get client fuzzer building and starting (fails straight away)
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
17 void fuzz_cli_setup(void); |
1348 | 18 |
1758
1365661f6be6
Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents:
1757
diff
changeset
|
19 // constructor attribute so it runs before main(), including |
1365661f6be6
Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents:
1757
diff
changeset
|
20 // in non-fuzzing mode. |
1365661f6be6
Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents:
1757
diff
changeset
|
21 void fuzz_early_setup(void) __attribute__((constructor)); |
1365661f6be6
Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents:
1757
diff
changeset
|
22 |
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
23 // must be called once per fuzz iteration. |
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
24 // returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE |
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
25 int fuzz_set_input(const uint8_t *Data, size_t Size); |
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
26 |
1782
a6da10ac64b5
fuzz: make postauth set authdone properly
Matt Johnston <matt@ucc.asn.au>
parents:
1779
diff
changeset
|
27 int fuzz_run_server(const uint8_t *Data, size_t Size, int skip_kexmaths, int postauth); |
1746 | 28 int fuzz_run_client(const uint8_t *Data, size_t Size, int skip_kexmaths); |
1589
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1561
diff
changeset
|
29 const void* fuzz_get_algo(const algo_type *algos, const char* name); |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1348
diff
changeset
|
30 |
1369 | 31 // fuzzer functions that intrude into general code |
1357 | 32 void fuzz_kex_fakealgos(void); |
1369 | 33 int fuzz_checkpubkey_line(buffer* line, int line_num, char* filename, |
34 const char* algo, unsigned int algolen, | |
35 const unsigned char* keyblob, unsigned int keybloblen); | |
36 extern const char * const * fuzz_signkey_names; | |
1757
517fb7b62438
Add some more variation to fuzzer random number generation
Matt Johnston <matt@ucc.asn.au>
parents:
1751
diff
changeset
|
37 void fuzz_seed(const unsigned char* dat, unsigned int len); |
1782
a6da10ac64b5
fuzz: make postauth set authdone properly
Matt Johnston <matt@ucc.asn.au>
parents:
1779
diff
changeset
|
38 void fuzz_svr_hook_preloop(void); |
1741
d1b279aa5ed1
Get client fuzzer building and starting (fails straight away)
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
39 |
1786
a3b39df57c8b
fuzz: add an always-failing dropbear_listen() replacement
Matt Johnston <matt@ucc.asn.au>
parents:
1782
diff
changeset
|
40 int fuzz_dropbear_listen(const char* address, const char* port, |
a3b39df57c8b
fuzz: add an always-failing dropbear_listen() replacement
Matt Johnston <matt@ucc.asn.au>
parents:
1782
diff
changeset
|
41 int *socks, unsigned int sockcount, char **errstring, int *maxfd); |
a3b39df57c8b
fuzz: add an always-failing dropbear_listen() replacement
Matt Johnston <matt@ucc.asn.au>
parents:
1782
diff
changeset
|
42 |
1741
d1b279aa5ed1
Get client fuzzer building and starting (fails straight away)
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
43 // helpers |
1383
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
44 void fuzz_get_socket_address(int fd, char **local_host, char **local_port, |
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
45 char **remote_host, char **remote_port, int host_lookup); |
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
46 void fuzz_fake_send_kexdh_reply(void); |
1740
dfbe947bdf0d
Make wrapfd share a common buffer for all FDs
Matt Johnston <matt@ucc.asn.au>
parents:
1589
diff
changeset
|
47 int fuzz_spawn_command(int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid); |
1751
3b9b427925a0
Load password and key for client fuzzer.
Matt Johnston <matt@ucc.asn.au>
parents:
1746
diff
changeset
|
48 void fuzz_dump(const unsigned char* data, size_t len); |
1357 | 49 |
50 // fake IO wrappers | |
51 #ifndef FUZZ_SKIP_WRAP | |
52 #define select(nfds, readfds, writefds, exceptfds, timeout) \ | |
53 wrapfd_select(nfds, readfds, writefds, exceptfds, timeout) | |
54 #define write(fd, buf, count) wrapfd_write(fd, buf, count) | |
55 #define read(fd, buf, count) wrapfd_read(fd, buf, count) | |
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
56 #define close(fd) wrapfd_close(fd) |
1791 | 57 #define kill(pid, sig) fuzz_kill(pid, sig) |
1357 | 58 #endif // FUZZ_SKIP_WRAP |
59 | |
1348 | 60 struct dropbear_fuzz_options { |
61 int fuzzing; | |
62 | |
63 // fuzzing input | |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1348
diff
changeset
|
64 buffer *input; |
1357 | 65 struct dropbear_cipher recv_cipher; |
66 struct dropbear_hash recv_mac; | |
67 int wrapfds; | |
1348 | 68 |
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
69 // whether to skip slow bignum maths |
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
70 int skip_kexmaths; |
1782
a6da10ac64b5
fuzz: make postauth set authdone properly
Matt Johnston <matt@ucc.asn.au>
parents:
1779
diff
changeset
|
71 // whether is svr_postauth mode |
a6da10ac64b5
fuzz: make postauth set authdone properly
Matt Johnston <matt@ucc.asn.au>
parents:
1779
diff
changeset
|
72 int svr_postauth; |
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
73 |
1348 | 74 // dropbear_exit() jumps back |
1385
6c92e97553f1
Add a flag whether to longjmp, missed that last commit
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
75 int do_jmp; |
1348 | 76 sigjmp_buf jmp; |
1751
3b9b427925a0
Load password and key for client fuzzer.
Matt Johnston <matt@ucc.asn.au>
parents:
1746
diff
changeset
|
77 |
1798
8dc43b30c6bf
Define _GNU_SOURCE properly, other header fixes
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
78 // write out decrypted session data to this FD if it is set |
1751
3b9b427925a0
Load password and key for client fuzzer.
Matt Johnston <matt@ucc.asn.au>
parents:
1746
diff
changeset
|
79 // flag - this needs to be set manually in cli-main.c etc |
3b9b427925a0
Load password and key for client fuzzer.
Matt Johnston <matt@ucc.asn.au>
parents:
1746
diff
changeset
|
80 int dumping; |
3b9b427925a0
Load password and key for client fuzzer.
Matt Johnston <matt@ucc.asn.au>
parents:
1746
diff
changeset
|
81 // the file descriptor |
3b9b427925a0
Load password and key for client fuzzer.
Matt Johnston <matt@ucc.asn.au>
parents:
1746
diff
changeset
|
82 int recv_dumpfd; |
1758
1365661f6be6
Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents:
1757
diff
changeset
|
83 |
1365661f6be6
Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents:
1757
diff
changeset
|
84 // avoid filling fuzzing logs, this points to /dev/null |
1768
096a66e45212
Fix fuzzing stderr override on os x
Matt Johnston <matt@ucc.asn.au>
parents:
1758
diff
changeset
|
85 FILE *fake_stderr; |
1348 | 86 }; |
87 | |
88 extern struct dropbear_fuzz_options fuzz; | |
89 | |
1768
096a66e45212
Fix fuzzing stderr override on os x
Matt Johnston <matt@ucc.asn.au>
parents:
1758
diff
changeset
|
90 /* guard for when fuzz.h is included by fuzz-common.c */ |
096a66e45212
Fix fuzzing stderr override on os x
Matt Johnston <matt@ucc.asn.au>
parents:
1758
diff
changeset
|
91 #ifndef FUZZ_NO_REPLACE_STDERR |
096a66e45212
Fix fuzzing stderr override on os x
Matt Johnston <matt@ucc.asn.au>
parents:
1758
diff
changeset
|
92 |
1758
1365661f6be6
Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents:
1757
diff
changeset
|
93 /* This is a bodge but seems to work. |
1365661f6be6
Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents:
1757
diff
changeset
|
94 glibc stdio.h has the comment |
1365661f6be6
Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents:
1757
diff
changeset
|
95 "C89/C99 say they're macros. Make them happy." */ |
1768
096a66e45212
Fix fuzzing stderr override on os x
Matt Johnston <matt@ucc.asn.au>
parents:
1758
diff
changeset
|
96 /* OS X has it as a macro */ |
1758
1365661f6be6
Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents:
1757
diff
changeset
|
97 #ifdef stderr |
1365661f6be6
Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents:
1757
diff
changeset
|
98 #undef stderr |
1365661f6be6
Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents:
1757
diff
changeset
|
99 #endif |
1768
096a66e45212
Fix fuzzing stderr override on os x
Matt Johnston <matt@ucc.asn.au>
parents:
1758
diff
changeset
|
100 #define stderr (fuzz.fake_stderr) |
096a66e45212
Fix fuzzing stderr override on os x
Matt Johnston <matt@ucc.asn.au>
parents:
1758
diff
changeset
|
101 |
096a66e45212
Fix fuzzing stderr override on os x
Matt Johnston <matt@ucc.asn.au>
parents:
1758
diff
changeset
|
102 #endif /* FUZZ_NO_REPLACE_STDERR */ |
1758
1365661f6be6
Disable stderr output for fuzzer by default
Matt Johnston <matt@ucc.asn.au>
parents:
1757
diff
changeset
|
103 |
1779
36d4c027cba7
fuzzing: add workaround getpwuid/getpwnam
Matt Johnston <matt@ucc.asn.au>
parents:
1778
diff
changeset
|
104 struct passwd* fuzz_getpwuid(uid_t uid); |
36d4c027cba7
fuzzing: add workaround getpwuid/getpwnam
Matt Johnston <matt@ucc.asn.au>
parents:
1778
diff
changeset
|
105 struct passwd* fuzz_getpwnam(const char *login); |
36d4c027cba7
fuzzing: add workaround getpwuid/getpwnam
Matt Johnston <matt@ucc.asn.au>
parents:
1778
diff
changeset
|
106 /* guard for when fuzz.h is included by fuzz-common.c */ |
36d4c027cba7
fuzzing: add workaround getpwuid/getpwnam
Matt Johnston <matt@ucc.asn.au>
parents:
1778
diff
changeset
|
107 #ifndef FUZZ_NO_REPLACE_GETPW |
36d4c027cba7
fuzzing: add workaround getpwuid/getpwnam
Matt Johnston <matt@ucc.asn.au>
parents:
1778
diff
changeset
|
108 #define getpwnam(x) fuzz_getpwnam(x) |
36d4c027cba7
fuzzing: add workaround getpwuid/getpwnam
Matt Johnston <matt@ucc.asn.au>
parents:
1778
diff
changeset
|
109 #define getpwuid(x) fuzz_getpwuid(x) |
36d4c027cba7
fuzzing: add workaround getpwuid/getpwnam
Matt Johnston <matt@ucc.asn.au>
parents:
1778
diff
changeset
|
110 #endif // FUZZ_NO_REPLACE_GETPW |
36d4c027cba7
fuzzing: add workaround getpwuid/getpwnam
Matt Johnston <matt@ucc.asn.au>
parents:
1778
diff
changeset
|
111 |
1798
8dc43b30c6bf
Define _GNU_SOURCE properly, other header fixes
Matt Johnston <matt@ucc.asn.au>
parents:
1791
diff
changeset
|
112 #endif /* DROPBEAR_FUZZ */ |
1348 | 113 |
114 #endif /* DROPBEAR_FUZZ_H */ |