# HG changeset patch # User Matt Johnston # Date 1495807851 -28800 # Node ID f03cfe9c76ac1705f4d7425ce2b1aca136e0ea2f # Parent 4b864fd12b22bf2039375c229d7f1de6f687ac5d Disable setnonblocking(), get_socket_address(), set_sock_priority() for fuzzing diff -r 4b864fd12b22 -r f03cfe9c76ac dbutil.c --- a/dbutil.c Fri May 26 22:09:30 2017 +0800 +++ b/dbutil.c Fri May 26 22:10:51 2017 +0800 @@ -531,22 +531,21 @@ TRACE(("setnonblocking: %d", fd)) +#ifdef DROPBEAR_FUZZ + if (fuzz.fuzzing) { + return; + } +#endif + if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) { if (errno == ENODEV) { /* Some devices (like /dev/null redirected in) * can't be set to non-blocking */ TRACE(("ignoring ENODEV for setnonblocking")) } else { -#ifdef DROPBEAR_FUZZ - if (fuzz.fuzzing) - { - TRACE(("fuzzing ignore setnonblocking failure for %d", fd)) - } - else -#endif - { - dropbear_exit("Couldn't set nonblocking"); - } + { + dropbear_exit("Couldn't set nonblocking"); + } } } TRACE(("leave setnonblocking")) diff -r 4b864fd12b22 -r f03cfe9c76ac fuzz-common.c --- a/fuzz-common.c Fri May 26 22:09:30 2017 +0800 +++ b/fuzz-common.c Fri May 26 22:10:51 2017 +0800 @@ -115,3 +115,19 @@ void fuzz_kex_fakealgos(void) { ses.newkeys->recv.crypt_mode = &dropbear_mode_none; } + +void fuzz_get_socket_address(int UNUSED(fd), char **local_host, char **local_port, + char **remote_host, char **remote_port, int UNUSED(host_lookup)) { + if (local_host) { + *local_host = m_strdup("fuzzlocalhost"); + } + if (local_port) { + *local_port = m_strdup("1234"); + } + if (remote_host) { + *remote_host = m_strdup("fuzzremotehost"); + } + if (remote_port) { + *remote_port = m_strdup("9876"); + } +} diff -r 4b864fd12b22 -r f03cfe9c76ac fuzz.h --- a/fuzz.h Fri May 26 22:09:30 2017 +0800 +++ b/fuzz.h Fri May 26 22:10:51 2017 +0800 @@ -24,6 +24,8 @@ const unsigned char* keyblob, unsigned int keybloblen); extern const char * const * fuzz_signkey_names; void fuzz_seed(void); +void fuzz_get_socket_address(int fd, char **local_host, char **local_port, + char **remote_host, char **remote_port, int host_lookup); // fake IO wrappers #ifndef FUZZ_SKIP_WRAP diff -r 4b864fd12b22 -r f03cfe9c76ac fuzzer-preauth.c --- a/fuzzer-preauth.c Fri May 26 22:09:30 2017 +0800 +++ b/fuzzer-preauth.c Fri May 26 22:10:51 2017 +0800 @@ -36,7 +36,7 @@ uint32_t wrapseed = buf_getint(fuzz.input); wrapfd_setseed(wrapseed); - int fakesock = 1; + int fakesock = 20; wrapfd_add(fakesock, fuzz.input, PLAIN); m_malloc_set_epoch(1); diff -r 4b864fd12b22 -r f03cfe9c76ac fuzzer-pubkey.c --- a/fuzzer-pubkey.c Fri May 26 22:09:30 2017 +0800 +++ b/fuzzer-pubkey.c Fri May 26 22:10:51 2017 +0800 @@ -32,8 +32,8 @@ if (setjmp(fuzz.jmp) == 0) { fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys", algoname, strlen(algoname), - keyblob, strlen(keyblob)); - m_malloc_free_epoch(1, 0); + (unsigned char*)keyblob, strlen(keyblob)); + m_malloc_free_epoch(1, 0); } else { m_malloc_free_epoch(1, 1); TRACE(("dropbear_exit longjmped")) diff -r 4b864fd12b22 -r f03cfe9c76ac netio.c --- a/netio.c Fri May 26 22:09:30 2017 +0800 +++ b/netio.c Fri May 26 22:10:51 2017 +0800 @@ -311,6 +311,12 @@ int so_prio_val = 0; #endif +#ifdef DROPBEAR_FUZZ + if (fuzz.fuzzing) { + TRACE(("fuzzing skips set_sock_prio")) + return; + } +#endif /* Don't log ENOTSOCK errors so that this can harmlessly be called * on a client '-J' proxy pipe */ @@ -482,40 +488,25 @@ { struct sockaddr_storage addr; socklen_t addrlen; + +#if DROPBEAR_FUZZ + if (fuzz.fuzzing) { + fuzz_get_socket_address(fd, local_host, local_port, remote_host, remote_port, host_lookup); + return; + } +#endif if (local_host || local_port) { addrlen = sizeof(addr); if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) < 0) { - if (errno == ENOTSOCK) { - // FUZZ - if (local_host) { - *local_host = m_strdup("notsocket"); - } - if (local_port) { - *local_port = m_strdup("999"); - } - return; - } else { - dropbear_exit("Failed socket address: %s", strerror(errno)); - } + dropbear_exit("Failed socket address: %s", strerror(errno)); } getaddrstring(&addr, local_host, local_port, host_lookup); } if (remote_host || remote_port) { addrlen = sizeof(addr); if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) < 0) { - if (errno == ENOTSOCK) { - // FUZZ - if (remote_host) { - *remote_host = m_strdup("notsocket"); - } - if (remote_port) { - *remote_port = m_strdup("999"); - } - return; - } else { - dropbear_exit("Failed socket address: %s", strerror(errno)); - } + dropbear_exit("Failed socket address: %s", strerror(errno)); } getaddrstring(&addr, remote_host, remote_port, host_lookup); } @@ -569,18 +560,6 @@ return; } else { /* if we can't do a numeric lookup, something's gone terribly wrong */ - if (ret == EAI_FAMILY) { - // FUZZ - // Fake it for non-socket input - if (ret_host) { - *ret_host = m_strdup("0.0.0.0"); - } - if (ret_port) - { - *ret_port = m_strdup("999"); - } - return; - } dropbear_exit("Failed lookup: %s", gai_strerror(ret)); } }