comparison packet.c @ 1347:b28624698130 fuzz

copy over some fuzzing code from AFL branch
author Matt Johnston <matt@ucc.asn.au>
date Fri, 12 May 2017 23:14:54 +0800
parents 9169e4e7cbee
children 5c2899e35b63
comparison
equal deleted inserted replaced
1346:78b7e0634117 1347:b28624698130
33 #include "dbrandom.h" 33 #include "dbrandom.h"
34 #include "service.h" 34 #include "service.h"
35 #include "auth.h" 35 #include "auth.h"
36 #include "channel.h" 36 #include "channel.h"
37 #include "netio.h" 37 #include "netio.h"
38 #include "runopts.h"
38 39
39 static int read_packet_init(void); 40 static int read_packet_init(void);
40 static void make_mac(unsigned int seqno, const struct key_context_directional * key_state, 41 static void make_mac(unsigned int seqno, const struct key_context_directional * key_state,
41 buffer * clear_buf, unsigned int clear_len, 42 buffer * clear_buf, unsigned int clear_len,
42 unsigned char *output_mac); 43 unsigned char *output_mac);
74 75
75 packet_queue_to_iovec(&ses.writequeue, iov, &iov_count); 76 packet_queue_to_iovec(&ses.writequeue, iov, &iov_count);
76 /* This may return EAGAIN. The main loop sometimes 77 /* This may return EAGAIN. The main loop sometimes
77 calls write_packet() without bothering to test with select() since 78 calls write_packet() without bothering to test with select() since
78 it's likely to be necessary */ 79 it's likely to be necessary */
80 #ifdef DROPBEAR_FUZZ
81 if (opts.fuzz.fuzzing) {
82 // pretend to write one packet at a time
83 // TODO(fuzz): randomise amount written based on the fuzz input
84 written = iov[0].iov_len;
85 }
86 else
87 #endif
88 {
79 written = writev(ses.sock_out, iov, iov_count); 89 written = writev(ses.sock_out, iov, iov_count);
80 if (written < 0) { 90 if (written < 0) {
81 if (errno == EINTR || errno == EAGAIN) { 91 if (errno == EINTR || errno == EAGAIN) {
82 TRACE2(("leave write_packet: EINTR")) 92 TRACE2(("leave write_packet: EINTR"))
83 return; 93 return;
84 } else { 94 } else {
85 dropbear_exit("Error writing: %s", strerror(errno)); 95 dropbear_exit("Error writing: %s", strerror(errno));
86 } 96 }
87 } 97 }
98 }
88 99
89 packet_queue_consume(&ses.writequeue, written); 100 packet_queue_consume(&ses.writequeue, written);
90 ses.writequeue_len -= written; 101 ses.writequeue_len -= written;
91 102
92 if (written == 0) { 103 if (written == 0) {
93 ses.remoteclosed(); 104 ses.remoteclosed();
94 } 105 }
95 106
96 #else /* No writev () */ 107 #else /* No writev () */
108 #ifdef DROPBEAR_FUZZ
109 _Static_assert(0, "No fuzzing code for no-writev writes");
110 #endif
97 /* Get the next buffer in the queue of encrypted packets to write*/ 111 /* Get the next buffer in the queue of encrypted packets to write*/
98 writebuf = (buffer*)examine(&ses.writequeue); 112 writebuf = (buffer*)examine(&ses.writequeue);
99 113
100 /* The last byte of the buffer is not to be transmitted, but is 114 /* The last byte of the buffer is not to be transmitted, but is
101 * a cleartext packet_type indicator */ 115 * a cleartext packet_type indicator */