Mercurial > dropbear
diff fuzz/fuzz-common.c @ 1779:36d4c027cba7
fuzzing: add workaround getpwuid/getpwnam
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 16 Nov 2020 22:44:30 +0800 |
parents | 19cdeb3d2aac |
children | b5aedadc0008 |
line wrap: on
line diff
--- a/fuzz/fuzz-common.c Sun Nov 15 21:22:08 2020 +0800 +++ b/fuzz/fuzz-common.c Mon Nov 16 22:44:30 2020 +0800 @@ -1,4 +1,5 @@ #define FUZZ_NO_REPLACE_STDERR +#define FUZZ_NO_REPLACE_GETPW #include "includes.h" #include "includes.h" @@ -261,7 +262,7 @@ if (authdone) { ses.authstate.authdone = 1; - char *me = getpwuid(getuid())->pw_name; + char *me = fuzz_getpwuid(getuid())->pw_name; fill_passwd(me); } @@ -332,3 +333,51 @@ assert(atomicio(vwrite, fuzz.recv_dumpfd, (void*)data, len) == len); } } + +static struct passwd pwd_root = { + .pw_name = "root", + .pw_passwd = "!", + .pw_uid = 0, + .pw_gid = 0, + .pw_dir = "/root", + .pw_shell = "/bin/sh", +}; + +static struct passwd pwd_other = { + .pw_name = "other", + .pw_passwd = "!", + .pw_uid = 100, + .pw_gid = 100, + .pw_dir = "/home/other", + .pw_shell = "/bin/sh", +}; + + +/* oss-fuzz runs fuzzers under minijail, without /etc/passwd. +We provide sufficient values for the fuzzers to run */ +struct passwd* fuzz_getpwnam(const char *login) { + if (!fuzz.fuzzing) { + return getpwnam(login); + } + if (strcmp(login, pwd_other.pw_name) == 0) { + return &pwd_other; + } + if (strcmp(login, pwd_root.pw_name) == 0) { + return &pwd_root; + } + return NULL; +} + +struct passwd* fuzz_getpwuid(uid_t uid) { + if (!fuzz.fuzzing) { + return getpwuid(uid); + } + if (uid == pwd_other.pw_uid) { + return &pwd_other; + } + if (uid == pwd_root.pw_uid) { + return &pwd_root; + } + return NULL; +} +