Mercurial > dropbear
comparison fuzz-wrapfd.c @ 1744:6cf465af5d9f fuzz
Allocate real file descriptors for fuzz input with dup()
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 18 Oct 2020 22:52:24 +0800 |
| parents | dfbe947bdf0d |
| children | 28ab2cdb84bf |
comparison
equal
deleted
inserted
replaced
| 1743:7d8462677355 | 1744:6cf465af5d9f |
|---|---|
| 5 #include "dbutil.h" | 5 #include "dbutil.h" |
| 6 | 6 |
| 7 #include "fuzz.h" | 7 #include "fuzz.h" |
| 8 | 8 |
| 9 #define IOWRAP_MAXFD (FD_SETSIZE-1) | 9 #define IOWRAP_MAXFD (FD_SETSIZE-1) |
| 10 // hopefully above any real fd... | |
| 11 static const int WRAPFD_STARTFD = 400; | |
| 12 static const int MAX_RANDOM_IN = 50000; | 10 static const int MAX_RANDOM_IN = 50000; |
| 13 static const double CHANCE_CLOSE = 1.0 / 600; | 11 static const double CHANCE_CLOSE = 1.0 / 600; |
| 14 static const double CHANCE_INTR = 1.0 / 900; | 12 static const double CHANCE_INTR = 1.0 / 900; |
| 15 static const double CHANCE_READ1 = 0.96; | 13 static const double CHANCE_READ1 = 0.96; |
| 16 static const double CHANCE_READ2 = 0.5; | 14 static const double CHANCE_READ2 = 0.5; |
| 21 enum wrapfd_mode mode; | 19 enum wrapfd_mode mode; |
| 22 int closein; | 20 int closein; |
| 23 int closeout; | 21 int closeout; |
| 24 }; | 22 }; |
| 25 | 23 |
| 26 static struct fdwrap wrap_fds[IOWRAP_MAXFD+1]; | 24 static struct fdwrap wrap_fds[IOWRAP_MAXFD+1] = {0}; |
| 25 static int wrapfd_maxfd = -1; | |
| 27 static unsigned short rand_state[3]; | 26 static unsigned short rand_state[3]; |
| 28 static buffer *input_buf; | 27 static buffer *input_buf; |
| 28 static int devnull_fd = -1; | |
| 29 | |
| 30 static void wrapfd_remove(int fd); | |
| 29 | 31 |
| 30 void wrapfd_setup(buffer *buf) { | 32 void wrapfd_setup(buffer *buf) { |
| 31 TRACE(("wrapfd_setup")) | 33 TRACE(("wrapfd_setup")) |
| 32 memset(wrap_fds, 0x0, sizeof(wrap_fds)); | 34 |
| 35 // clean old ones | |
| 36 int i; | |
| 37 for (i = 0; i <= wrapfd_maxfd; i++) { | |
| 38 if (wrap_fds[i].mode == COMMONBUF) { | |
| 39 wrapfd_remove(i); | |
| 40 } | |
| 41 } | |
| 42 wrapfd_maxfd = -1; | |
| 33 | 43 |
| 34 memset(rand_state, 0x0, sizeof(rand_state)); | 44 memset(rand_state, 0x0, sizeof(rand_state)); |
| 35 wrapfd_setseed(50); | 45 wrapfd_setseed(50); |
| 36 input_buf = buf; | 46 input_buf = buf; |
| 37 } | 47 } |
| 40 memcpy(rand_state, &seed, sizeof(seed)); | 50 memcpy(rand_state, &seed, sizeof(seed)); |
| 41 nrand48(rand_state); | 51 nrand48(rand_state); |
| 42 } | 52 } |
| 43 | 53 |
| 44 int wrapfd_new() { | 54 int wrapfd_new() { |
| 45 int fd; | 55 if (devnull_fd == -1) { |
| 46 // Find a spare file descriptor to use | 56 devnull_fd = open("/dev/null", O_RDONLY); |
| 47 for (fd = WRAPFD_STARTFD; fd < IOWRAP_MAXFD; fd++) { | 57 assert(devnull_fd != -1); |
| 48 if (wrap_fds[fd].mode == UNUSED) { | 58 } |
| 49 // check real file descriptors haven't got as far as WRAPFD_STARTFD | 59 |
| 50 assert(close(fd) == -1 && errno == EBADF); | 60 int fd = dup(devnull_fd); |
| 51 wrap_fds[fd].mode = COMMONBUF; | 61 assert(fd != -1); |
| 52 wrap_fds[fd].closein = 0; | 62 assert(wrap_fds[fd].mode == UNUSED); |
| 53 wrap_fds[fd].closeout = 0; | 63 wrap_fds[fd].mode = COMMONBUF; |
| 54 return fd; | 64 wrap_fds[fd].closein = 0; |
| 55 } | 65 wrap_fds[fd].closeout = 0; |
| 56 } | 66 wrapfd_maxfd = MAX(fd, wrapfd_maxfd); |
| 57 errno = EMFILE; | 67 |
| 58 return -1; | 68 return fd; |
| 59 } | 69 } |
| 60 | 70 |
| 61 void wrapfd_remove(int fd) { | 71 static void wrapfd_remove(int fd) { |
| 62 TRACE(("wrapfd_remove %d", fd)) | 72 TRACE(("wrapfd_remove %d", fd)) |
| 63 assert(fd >= 0); | 73 assert(fd >= 0); |
| 64 assert(fd <= IOWRAP_MAXFD); | 74 assert(fd <= IOWRAP_MAXFD); |
| 65 assert(wrap_fds[fd].mode != UNUSED); | 75 assert(wrap_fds[fd].mode != UNUSED); |
| 66 wrap_fds[fd].mode = UNUSED; | 76 wrap_fds[fd].mode = UNUSED; |
| 77 m_close(fd); | |
| 67 } | 78 } |
| 68 | 79 |
| 69 int wrapfd_close(int fd) { | 80 int wrapfd_close(int fd) { |
| 70 if (fd >= 0 && fd <= IOWRAP_MAXFD && wrap_fds[fd].mode != UNUSED) { | 81 if (fd >= 0 && fd <= IOWRAP_MAXFD && wrap_fds[fd].mode != UNUSED) { |
| 71 wrapfd_remove(fd); | 82 wrapfd_remove(fd); |
| 159 int wrapfd_select(int nfds, fd_set *readfds, fd_set *writefds, | 170 int wrapfd_select(int nfds, fd_set *readfds, fd_set *writefds, |
| 160 fd_set *exceptfds, struct timeval *timeout) { | 171 fd_set *exceptfds, struct timeval *timeout) { |
| 161 int i, nset, sel; | 172 int i, nset, sel; |
| 162 int ret = 0; | 173 int ret = 0; |
| 163 int fdlist[IOWRAP_MAXFD+1]; | 174 int fdlist[IOWRAP_MAXFD+1]; |
| 164 | |
| 165 memset(fdlist, 0x0, sizeof(fdlist)); | |
| 166 | 175 |
| 167 if (!fuzz.wrapfds) { | 176 if (!fuzz.wrapfds) { |
| 168 return select(nfds, readfds, writefds, exceptfds, timeout); | 177 return select(nfds, readfds, writefds, exceptfds, timeout); |
| 169 } | 178 } |
| 170 | 179 |