# HG changeset patch
# User Matt Johnston <matt@ucc.asn.au>
# Date 1615042737 -28800
# Node ID 19b28d2fbe30f82e9114e92d5414be3c12a84b55
# Parent  4983a6bc1f51d39aae506f911540ac58bc5d1896
fuzz: handle errors from wrapfd_new_dummy()

diff -r 4983a6bc1f51 -r 19b28d2fbe30 fuzz/fuzz-common.c
--- a/fuzz/fuzz-common.c	Fri Mar 05 22:51:11 2021 +0800
+++ b/fuzz/fuzz-common.c	Sat Mar 06 22:58:57 2021 +0800
@@ -230,11 +230,20 @@
     if (ret_errfd) {
         *ret_errfd = wrapfd_new_dummy();
     }
-    *ret_pid = 999;
-    return DROPBEAR_SUCCESS;
+    if (*ret_writefd == -1 || *ret_readfd == -1 || (ret_errfd && *ret_errfd == -1)) {
+        m_close(*ret_writefd);
+        m_close(*ret_readfd);
+        if (ret_errfd) {
+            m_close(*ret_errfd);
+        }
+        return DROPBEAR_FAILURE;
+    } else {
+        *ret_pid = 999;
+        return DROPBEAR_SUCCESS;
+
+    }
 }
 
-
 /* Fake dropbear_listen, always returns failure for now.
 TODO make it sometimes return success with wrapfd_new_dummy() sockets.
 Making the listeners fake a new incoming connection will be harder. */
diff -r 4983a6bc1f51 -r 19b28d2fbe30 fuzz/fuzz-wrapfd.c
--- a/fuzz/fuzz-wrapfd.c	Fri Mar 05 22:51:11 2021 +0800
+++ b/fuzz/fuzz-wrapfd.c	Sat Mar 06 22:58:57 2021 +0800
@@ -6,7 +6,8 @@
 
 #include "fuzz.h"
 
-#define IOWRAP_MAXFD (FD_SETSIZE-1)
+// +100 might catch some limits...
+#define IOWRAP_MAXFD (FD_SETSIZE-1 + 100)
 static const int MAX_RANDOM_IN = 50000;
 static const double CHANCE_CLOSE = 1.0 / 600;
 static const double CHANCE_INTR = 1.0 / 900;
@@ -75,7 +76,14 @@
 	}
 
 	int fd = dup(devnull_fd);
-	assert(fd != -1);
+	if (fd == -1) {
+		return -1;
+	}
+	if (fd > IOWRAP_MAXFD) {
+		close(fd);
+		errno = EMFILE;
+		return -1;
+	}
 	assert(wrap_fds[fd].mode == UNUSED);
 	wrap_fds[fd].mode = DUMMY;
 	wrap_fds[fd].closein = 0;
@@ -92,7 +100,7 @@
 	assert(fd <= IOWRAP_MAXFD);
 	assert(wrap_fds[fd].mode != UNUSED);
 	wrap_fds[fd].mode = UNUSED;
-	m_close(fd);
+	close(fd);
 }
 
 int wrapfd_close(int fd) {