Mercurial > dropbear
comparison fuzz/fuzz-common.c @ 1777:97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 13 Nov 2020 23:18:05 +0800 |
parents | 8179eabe16c9 |
children | 19cdeb3d2aac |
comparison
equal
deleted
inserted
replaced
1776:290caf301a4f | 1777:97ad26e397a5 |
---|---|
215 finish_kexhashbuf(); | 215 finish_kexhashbuf(); |
216 } | 216 } |
217 | 217 |
218 /* fake version of spawn_command() */ | 218 /* fake version of spawn_command() */ |
219 int fuzz_spawn_command(int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid) { | 219 int fuzz_spawn_command(int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid) { |
220 *ret_writefd = wrapfd_new(); | 220 *ret_writefd = wrapfd_new_dummy(); |
221 *ret_readfd = wrapfd_new(); | 221 *ret_readfd = wrapfd_new_dummy(); |
222 if (ret_errfd) { | 222 if (ret_errfd) { |
223 *ret_errfd = wrapfd_new(); | 223 *ret_errfd = wrapfd_new_dummy(); |
224 } | 224 } |
225 *ret_pid = 999; | 225 *ret_pid = 999; |
226 return DROPBEAR_SUCCESS; | 226 return DROPBEAR_SUCCESS; |
227 } | 227 } |
228 | 228 |
229 int fuzz_run_preauth(const uint8_t *Data, size_t Size, int skip_kexmaths) { | 229 |
230 struct dropbear_progress_connection *fuzz_connect_remote(const char* UNUSED(remotehost), const char* UNUSED(remoteport), | |
231 connect_callback cb, void* cb_data, | |
232 const char* UNUSED(bind_address), const char* UNUSED(bind_port)) { | |
233 char r; | |
234 genrandom((void*)&r, 1); | |
235 if (r & 1) { | |
236 int sock = wrapfd_new_dummy(); | |
237 cb(DROPBEAR_SUCCESS, sock, cb_data, NULL); | |
238 } else { | |
239 cb(DROPBEAR_FAILURE, -1, cb_data, "errorstring"); | |
240 } | |
241 return NULL; | |
242 } | |
243 | |
244 int fuzz_run_server(const uint8_t *Data, size_t Size, int skip_kexmaths, int authdone) { | |
230 static int once = 0; | 245 static int once = 0; |
231 if (!once) { | 246 if (!once) { |
232 fuzz_svr_setup(); | 247 fuzz_svr_setup(); |
233 fuzz.skip_kexmaths = skip_kexmaths; | 248 fuzz.skip_kexmaths = skip_kexmaths; |
234 once = 1; | 249 once = 1; |
240 | 255 |
241 uint32_t wrapseed; | 256 uint32_t wrapseed; |
242 genrandom((void*)&wrapseed, sizeof(wrapseed)); | 257 genrandom((void*)&wrapseed, sizeof(wrapseed)); |
243 wrapfd_setseed(wrapseed); | 258 wrapfd_setseed(wrapseed); |
244 | 259 |
245 int fakesock = wrapfd_new(); | 260 int fakesock = wrapfd_new_fuzzinput(); |
261 | |
262 if (authdone) { | |
263 ses.authstate.authdone = 1; | |
264 char *me = getpwuid(getuid())->pw_name; | |
265 fill_passwd(me); | |
266 } | |
246 | 267 |
247 m_malloc_set_epoch(1); | 268 m_malloc_set_epoch(1); |
248 fuzz.do_jmp = 1; | 269 fuzz.do_jmp = 1; |
249 if (setjmp(fuzz.jmp) == 0) { | 270 if (setjmp(fuzz.jmp) == 0) { |
250 svr_session(fakesock, fakesock); | 271 svr_session(fakesock, fakesock); |
271 return 0; | 292 return 0; |
272 } | 293 } |
273 | 294 |
274 // Allow to proceed sooner | 295 // Allow to proceed sooner |
275 ses.kexstate.donefirstkex = 1; | 296 ses.kexstate.donefirstkex = 1; |
297 ses.kexstate.authdone = 1; | |
276 | 298 |
277 uint32_t wrapseed; | 299 uint32_t wrapseed; |
278 genrandom((void*)&wrapseed, sizeof(wrapseed)); | 300 genrandom((void*)&wrapseed, sizeof(wrapseed)); |
279 wrapfd_setseed(wrapseed); | 301 wrapfd_setseed(wrapseed); |
280 | 302 |
281 int fakesock = wrapfd_new(); | 303 int fakesock = wrapfd_new_fuzzinput(); |
282 | 304 |
283 m_malloc_set_epoch(1); | 305 m_malloc_set_epoch(1); |
284 fuzz.do_jmp = 1; | 306 fuzz.do_jmp = 1; |
285 if (setjmp(fuzz.jmp) == 0) { | 307 if (setjmp(fuzz.jmp) == 0) { |
286 cli_session(fakesock, fakesock, NULL, 0); | 308 cli_session(fakesock, fakesock, NULL, 0); |