Mercurial > dropbear
comparison fuzz-common.c @ 1740:dfbe947bdf0d fuzz
Make wrapfd share a common buffer for all FDs
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 15 Oct 2020 22:46:24 +0800 |
| parents | 1051e4eea25a |
| children | d1b279aa5ed1 |
comparison
equal
deleted
inserted
replaced
| 1739:13d834efc376 | 1740:dfbe947bdf0d |
|---|---|
| 34 fuzz.input->len = Size; | 34 fuzz.input->len = Size; |
| 35 fuzz.input->pos = 0; | 35 fuzz.input->pos = 0; |
| 36 | 36 |
| 37 memset(&ses, 0x0, sizeof(ses)); | 37 memset(&ses, 0x0, sizeof(ses)); |
| 38 memset(&svr_ses, 0x0, sizeof(svr_ses)); | 38 memset(&svr_ses, 0x0, sizeof(svr_ses)); |
| 39 wrapfd_setup(); | 39 wrapfd_setup(fuzz.input); |
| 40 | 40 |
| 41 fuzz_seed(); | 41 fuzz_seed(); |
| 42 | 42 |
| 43 return DROPBEAR_SUCCESS; | 43 return DROPBEAR_SUCCESS; |
| 44 } | 44 } |
| 76 fuzz.pw_passwd = m_strdup("!!zzznope"); | 76 fuzz.pw_passwd = m_strdup("!!zzznope"); |
| 77 | 77 |
| 78 load_fixed_hostkeys(); | 78 load_fixed_hostkeys(); |
| 79 } | 79 } |
| 80 | 80 |
| 81 #if 0 | |
| 82 void fuzz_cli_setup(void) { | |
| 83 fuzz_common_setup(); | |
| 84 | |
| 85 _dropbear_exit = cli_dropbear_exit; | |
| 86 | |
| 87 char *argv[] = { | |
| 88 "-E", | |
| 89 }; | |
| 90 | |
| 91 int argc = sizeof(argv) / sizeof(*argv); | |
| 92 cli_getopts(argc, argv); | |
| 93 | |
| 94 /* user lookups might be slow, cache it */ | |
| 95 fuzz.pw_name = m_strdup("person"); | |
| 96 fuzz.pw_dir = m_strdup("/tmp"); | |
| 97 fuzz.pw_shell = m_strdup("/bin/zsh"); | |
| 98 fuzz.pw_passwd = m_strdup("!!zzznope"); | |
| 99 | |
| 100 load_fixed_hostkeys(); | |
| 101 } | |
| 102 #endif | |
| 103 | |
| 81 static void load_fixed_hostkeys(void) { | 104 static void load_fixed_hostkeys(void) { |
| 82 #include "fuzz-hostkeys.c" | 105 #include "fuzz-hostkeys.c" |
| 83 | 106 |
| 84 buffer *b = buf_new(3000); | 107 buffer *b = buf_new(3000); |
| 85 enum signkey_type type; | 108 enum signkey_type type; |
| 147 void fuzz_fake_send_kexdh_reply(void) { | 170 void fuzz_fake_send_kexdh_reply(void) { |
| 148 assert(!ses.dh_K); | 171 assert(!ses.dh_K); |
| 149 m_mp_alloc_init_multi(&ses.dh_K, NULL); | 172 m_mp_alloc_init_multi(&ses.dh_K, NULL); |
| 150 mp_set_ul(ses.dh_K, 12345678uL); | 173 mp_set_ul(ses.dh_K, 12345678uL); |
| 151 finish_kexhashbuf(); | 174 finish_kexhashbuf(); |
| 175 } | |
| 176 | |
| 177 /* fake version of spawn_command() */ | |
| 178 int fuzz_spawn_command(int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid) { | |
| 179 *ret_writefd = wrapfd_new(); | |
| 180 *ret_readfd = wrapfd_new(); | |
| 181 if (ret_errfd) { | |
| 182 *ret_errfd = wrapfd_new(); | |
| 183 } | |
| 184 ret_pid = 999; | |
| 185 return DROPBEAR_SUCCESS; | |
| 152 } | 186 } |
| 153 | 187 |
| 154 int fuzz_run_preauth(const uint8_t *Data, size_t Size, int skip_kexmaths) { | 188 int fuzz_run_preauth(const uint8_t *Data, size_t Size, int skip_kexmaths) { |
| 155 static int once = 0; | 189 static int once = 0; |
| 156 if (!once) { | 190 if (!once) { |
| 180 return 0; | 214 return 0; |
| 181 } | 215 } |
| 182 uint32_t wrapseed = buf_getint(fuzz.input); | 216 uint32_t wrapseed = buf_getint(fuzz.input); |
| 183 wrapfd_setseed(wrapseed); | 217 wrapfd_setseed(wrapseed); |
| 184 | 218 |
| 185 int fakesock = 20; | 219 int fakesock = wrapfd_new(); |
| 186 wrapfd_add(fakesock, fuzz.input, PLAIN); | |
| 187 | 220 |
| 188 m_malloc_set_epoch(1); | 221 m_malloc_set_epoch(1); |
| 189 if (setjmp(fuzz.jmp) == 0) { | 222 if (setjmp(fuzz.jmp) == 0) { |
| 190 svr_session(fakesock, fakesock); | 223 svr_session(fakesock, fakesock); |
| 191 m_malloc_free_epoch(1, 0); | 224 m_malloc_free_epoch(1, 0); |