Mercurial > dropbear
comparison fuzz-common.c @ 1740:dfbe947bdf0d fuzz
Make wrapfd share a common buffer for all FDs
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 15 Oct 2020 22:46:24 +0800 |
parents | 1051e4eea25a |
children | d1b279aa5ed1 |
comparison
equal
deleted
inserted
replaced
1739:13d834efc376 | 1740:dfbe947bdf0d |
---|---|
34 fuzz.input->len = Size; | 34 fuzz.input->len = Size; |
35 fuzz.input->pos = 0; | 35 fuzz.input->pos = 0; |
36 | 36 |
37 memset(&ses, 0x0, sizeof(ses)); | 37 memset(&ses, 0x0, sizeof(ses)); |
38 memset(&svr_ses, 0x0, sizeof(svr_ses)); | 38 memset(&svr_ses, 0x0, sizeof(svr_ses)); |
39 wrapfd_setup(); | 39 wrapfd_setup(fuzz.input); |
40 | 40 |
41 fuzz_seed(); | 41 fuzz_seed(); |
42 | 42 |
43 return DROPBEAR_SUCCESS; | 43 return DROPBEAR_SUCCESS; |
44 } | 44 } |
76 fuzz.pw_passwd = m_strdup("!!zzznope"); | 76 fuzz.pw_passwd = m_strdup("!!zzznope"); |
77 | 77 |
78 load_fixed_hostkeys(); | 78 load_fixed_hostkeys(); |
79 } | 79 } |
80 | 80 |
81 #if 0 | |
82 void fuzz_cli_setup(void) { | |
83 fuzz_common_setup(); | |
84 | |
85 _dropbear_exit = cli_dropbear_exit; | |
86 | |
87 char *argv[] = { | |
88 "-E", | |
89 }; | |
90 | |
91 int argc = sizeof(argv) / sizeof(*argv); | |
92 cli_getopts(argc, argv); | |
93 | |
94 /* user lookups might be slow, cache it */ | |
95 fuzz.pw_name = m_strdup("person"); | |
96 fuzz.pw_dir = m_strdup("/tmp"); | |
97 fuzz.pw_shell = m_strdup("/bin/zsh"); | |
98 fuzz.pw_passwd = m_strdup("!!zzznope"); | |
99 | |
100 load_fixed_hostkeys(); | |
101 } | |
102 #endif | |
103 | |
81 static void load_fixed_hostkeys(void) { | 104 static void load_fixed_hostkeys(void) { |
82 #include "fuzz-hostkeys.c" | 105 #include "fuzz-hostkeys.c" |
83 | 106 |
84 buffer *b = buf_new(3000); | 107 buffer *b = buf_new(3000); |
85 enum signkey_type type; | 108 enum signkey_type type; |
147 void fuzz_fake_send_kexdh_reply(void) { | 170 void fuzz_fake_send_kexdh_reply(void) { |
148 assert(!ses.dh_K); | 171 assert(!ses.dh_K); |
149 m_mp_alloc_init_multi(&ses.dh_K, NULL); | 172 m_mp_alloc_init_multi(&ses.dh_K, NULL); |
150 mp_set_ul(ses.dh_K, 12345678uL); | 173 mp_set_ul(ses.dh_K, 12345678uL); |
151 finish_kexhashbuf(); | 174 finish_kexhashbuf(); |
175 } | |
176 | |
177 /* fake version of spawn_command() */ | |
178 int fuzz_spawn_command(int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid) { | |
179 *ret_writefd = wrapfd_new(); | |
180 *ret_readfd = wrapfd_new(); | |
181 if (ret_errfd) { | |
182 *ret_errfd = wrapfd_new(); | |
183 } | |
184 ret_pid = 999; | |
185 return DROPBEAR_SUCCESS; | |
152 } | 186 } |
153 | 187 |
154 int fuzz_run_preauth(const uint8_t *Data, size_t Size, int skip_kexmaths) { | 188 int fuzz_run_preauth(const uint8_t *Data, size_t Size, int skip_kexmaths) { |
155 static int once = 0; | 189 static int once = 0; |
156 if (!once) { | 190 if (!once) { |
180 return 0; | 214 return 0; |
181 } | 215 } |
182 uint32_t wrapseed = buf_getint(fuzz.input); | 216 uint32_t wrapseed = buf_getint(fuzz.input); |
183 wrapfd_setseed(wrapseed); | 217 wrapfd_setseed(wrapseed); |
184 | 218 |
185 int fakesock = 20; | 219 int fakesock = wrapfd_new(); |
186 wrapfd_add(fakesock, fuzz.input, PLAIN); | |
187 | 220 |
188 m_malloc_set_epoch(1); | 221 m_malloc_set_epoch(1); |
189 if (setjmp(fuzz.jmp) == 0) { | 222 if (setjmp(fuzz.jmp) == 0) { |
190 svr_session(fakesock, fakesock); | 223 svr_session(fakesock, fakesock); |
191 m_malloc_free_epoch(1, 0); | 224 m_malloc_free_epoch(1, 0); |