Mercurial > dropbear
comparison netio.c @ 1801:4983a6bc1f51
fuzz: fix crash in newtcpdirect(), don't close the channel too early
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 05 Mar 2021 22:51:11 +0800 |
| parents | f680a19bd559 |
| children | 6022df862942 |
comparison
equal
deleted
inserted
replaced
| 1800:c584b5602bd8 | 1801:4983a6bc1f51 |
|---|---|
| 177 { | 177 { |
| 178 struct dropbear_progress_connection *c = NULL; | 178 struct dropbear_progress_connection *c = NULL; |
| 179 int err; | 179 int err; |
| 180 struct addrinfo hints; | 180 struct addrinfo hints; |
| 181 | 181 |
| 182 #if DROPBEAR_FUZZ | |
| 183 if (fuzz.fuzzing) { | |
| 184 return fuzz_connect_remote(remotehost, remoteport, cb, cb_data, bind_address, bind_port); | |
| 185 } | |
| 186 #endif | |
| 187 | |
| 188 c = m_malloc(sizeof(*c)); | 182 c = m_malloc(sizeof(*c)); |
| 189 c->remotehost = m_strdup(remotehost); | 183 c->remotehost = m_strdup(remotehost); |
| 190 c->remoteport = m_strdup(remoteport); | 184 c->remoteport = m_strdup(remoteport); |
| 191 c->sock = -1; | 185 c->sock = -1; |
| 192 c->cb = cb; | 186 c->cb = cb; |
| 193 c->cb_data = cb_data; | 187 c->cb_data = cb_data; |
| 194 | 188 |
| 195 list_append(&ses.conn_pending, c); | 189 list_append(&ses.conn_pending, c); |
| 190 | |
| 191 #if DROPBEAR_FUZZ | |
| 192 if (fuzz.fuzzing) { | |
| 193 c->errstring = m_strdup("fuzzing connect_remote always fails"); | |
| 194 return c; | |
| 195 } | |
| 196 #endif | |
| 196 | 197 |
| 197 memset(&hints, 0, sizeof(hints)); | 198 memset(&hints, 0, sizeof(hints)); |
| 198 hints.ai_socktype = SOCK_STREAM; | 199 hints.ai_socktype = SOCK_STREAM; |
| 199 hints.ai_family = AF_UNSPEC; | 200 hints.ai_family = AF_UNSPEC; |
| 200 | 201 |