Mercurial > dropbear

diff fuzz/fuzz-common.c @ 1785:9026f976eee8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fuzz: work around fuzz_connect_remote() limitations
author Matt Johnston <matt@ucc.asn.au>
date Sun, 06 Dec 2020 21:27:25 +0800
parents a6da10ac64b5
children a3b39df57c8b
line wrap: on
line diff
--- a/fuzz/fuzz-common.c	Sat Dec 05 14:56:53 2020 +0800
+++ b/fuzz/fuzz-common.c	Sun Dec 06 21:27:25 2020 +0800
@@ -238,6 +238,12 @@
 struct dropbear_progress_connection *fuzz_connect_remote(const char* UNUSED(remotehost), const char* UNUSED(remoteport),
     connect_callback cb, void* cb_data, 
     const char* UNUSED(bind_address), const char* UNUSED(bind_port)) {
+    /* This replacement for connect_remote() has slightly different semantics
+    to the real thing. It should probably be replaced with something more sophisticated.
+    It calls the callback cb() immediately rather than
+    in a future session loop iteration with set_connect_fds()/handle_connect_fds().
+    This could cause problems depending on how connect_remote() is used. In particular
+    the callback can close a channel - that can cause use-after-free. */
     char r;
     genrandom((void*)&r, 1);
     if (r & 1) {