Mercurial > dropbear
comparison fuzz/fuzz-common.c @ 1785:9026f976eee8
fuzz: work around fuzz_connect_remote() limitations
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sun, 06 Dec 2020 21:27:25 +0800 |
parents | a6da10ac64b5 |
children | a3b39df57c8b |
comparison
equal
deleted
inserted
replaced
1784:94323a20e572 | 1785:9026f976eee8 |
---|---|
236 | 236 |
237 | 237 |
238 struct dropbear_progress_connection *fuzz_connect_remote(const char* UNUSED(remotehost), const char* UNUSED(remoteport), | 238 struct dropbear_progress_connection *fuzz_connect_remote(const char* UNUSED(remotehost), const char* UNUSED(remoteport), |
239 connect_callback cb, void* cb_data, | 239 connect_callback cb, void* cb_data, |
240 const char* UNUSED(bind_address), const char* UNUSED(bind_port)) { | 240 const char* UNUSED(bind_address), const char* UNUSED(bind_port)) { |
241 /* This replacement for connect_remote() has slightly different semantics | |
242 to the real thing. It should probably be replaced with something more sophisticated. | |
243 It calls the callback cb() immediately rather than | |
244 in a future session loop iteration with set_connect_fds()/handle_connect_fds(). | |
245 This could cause problems depending on how connect_remote() is used. In particular | |
246 the callback can close a channel - that can cause use-after-free. */ | |
241 char r; | 247 char r; |
242 genrandom((void*)&r, 1); | 248 genrandom((void*)&r, 1); |
243 if (r & 1) { | 249 if (r & 1) { |
244 int sock = wrapfd_new_dummy(); | 250 int sock = wrapfd_new_dummy(); |
245 cb(DROPBEAR_SUCCESS, sock, cb_data, NULL); | 251 cb(DROPBEAR_SUCCESS, sock, cb_data, NULL); |