Mercurial > dropbear
diff fuzz-wrapfd.c @ 1358:6b89eb92f872 fuzz
glaring wrapfd problems fixed
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sat, 20 May 2017 22:47:19 +0800 |
parents | 08f4fa4dc6a0 |
children | 16f45f2df38f |
line wrap: on
line diff
--- a/fuzz-wrapfd.c Sat May 20 13:23:16 2017 +0800 +++ b/fuzz-wrapfd.c Sat May 20 22:47:19 2017 +0800 @@ -16,6 +16,8 @@ struct fdwrap { enum wrapfd_mode mode; buffer *buf; + int closein; + int closeout; }; static struct fdwrap wrap_fds[IOWRAP_MAXFD+1]; @@ -28,21 +30,25 @@ TRACE(("wrapfd_setup %x", seed)) nused = 0; memset(wrap_fds, 0x0, sizeof(wrap_fds)); + memset(wrap_used, 0x0, sizeof(wrap_used)); + memset(rand_state, 0x0, sizeof(rand_state)); *((uint32_t*)rand_state) = seed; nrand48(rand_state); } void wrapfd_add(int fd, buffer *buf, enum wrapfd_mode mode) { + TRACE(("wrapfd_add %d buf %p mode %d", fd, buf, mode)) assert(fd >= 0); assert(fd <= IOWRAP_MAXFD); assert(wrap_fds[fd].mode == UNUSED); assert(buf || mode == RANDOMIN); - TRACE(("wrapfd_add %d buf %p mode %d", fd, buf, mode)) wrap_fds[fd].mode = mode; wrap_fds[fd].buf = buf; + wrap_fds[fd].closein = 0; + wrap_fds[fd].closeout = 0; wrap_used[nused] = fd; nused++; @@ -50,12 +56,12 @@ void wrapfd_remove(int fd) { unsigned int i, j; + TRACE(("wrapfd_remove %d", fd)) assert(fd >= 0); assert(fd <= IOWRAP_MAXFD); assert(wrap_fds[fd].mode != UNUSED); wrap_fds[fd].mode = UNUSED; - TRACE(("wrapfd_remove %d", fd)) // remove from used list for (i = 0, j = 0; i < nused; i++) { @@ -67,6 +73,9 @@ nused--; } +void wrapfd_close(int fd) { + wrapfd_remove(fd); +} int wrapfd_read(int fd, void *out, size_t count) { size_t maxread; @@ -85,9 +94,10 @@ assert(count != 0); - if (erand48(rand_state) < CHANCE_CLOSE) { - wrapfd_remove(fd); - return 0; + if (wrap_fds[fd].closein || erand48(rand_state) < CHANCE_CLOSE) { + wrap_fds[fd].closein = 1; + errno = ECONNRESET; + return -1; } if (erand48(rand_state) < CHANCE_INTR) { @@ -135,9 +145,10 @@ (void)volin[i]; } - if (erand48(rand_state) < CHANCE_CLOSE) { - wrapfd_remove(fd); - return 0; + if (wrap_fds[fd].closeout || erand48(rand_state) < CHANCE_CLOSE) { + wrap_fds[fd].closeout = 1; + errno = ECONNRESET; + return -1; } if (erand48(rand_state) < CHANCE_INTR) {