Mercurial > dropbear
changeset 1802:19b28d2fbe30
fuzz: handle errors from wrapfd_new_dummy()
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sat, 06 Mar 2021 22:58:57 +0800 |
| parents | 4983a6bc1f51 |
| children | 837cc354b388 |
| files | fuzz/fuzz-common.c fuzz/fuzz-wrapfd.c |
| diffstat | 2 files changed, 23 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/fuzz/fuzz-common.c Fri Mar 05 22:51:11 2021 +0800 +++ b/fuzz/fuzz-common.c Sat Mar 06 22:58:57 2021 +0800 @@ -230,11 +230,20 @@ if (ret_errfd) { *ret_errfd = wrapfd_new_dummy(); } - *ret_pid = 999; - return DROPBEAR_SUCCESS; + if (*ret_writefd == -1 || *ret_readfd == -1 || (ret_errfd && *ret_errfd == -1)) { + m_close(*ret_writefd); + m_close(*ret_readfd); + if (ret_errfd) { + m_close(*ret_errfd); + } + return DROPBEAR_FAILURE; + } else { + *ret_pid = 999; + return DROPBEAR_SUCCESS; + + } } - /* Fake dropbear_listen, always returns failure for now. TODO make it sometimes return success with wrapfd_new_dummy() sockets. Making the listeners fake a new incoming connection will be harder. */
--- a/fuzz/fuzz-wrapfd.c Fri Mar 05 22:51:11 2021 +0800 +++ b/fuzz/fuzz-wrapfd.c Sat Mar 06 22:58:57 2021 +0800 @@ -6,7 +6,8 @@ #include "fuzz.h" -#define IOWRAP_MAXFD (FD_SETSIZE-1) +// +100 might catch some limits... +#define IOWRAP_MAXFD (FD_SETSIZE-1 + 100) static const int MAX_RANDOM_IN = 50000; static const double CHANCE_CLOSE = 1.0 / 600; static const double CHANCE_INTR = 1.0 / 900; @@ -75,7 +76,14 @@ } int fd = dup(devnull_fd); - assert(fd != -1); + if (fd == -1) { + return -1; + } + if (fd > IOWRAP_MAXFD) { + close(fd); + errno = EMFILE; + return -1; + } assert(wrap_fds[fd].mode == UNUSED); wrap_fds[fd].mode = DUMMY; wrap_fds[fd].closein = 0; @@ -92,7 +100,7 @@ assert(fd <= IOWRAP_MAXFD); assert(wrap_fds[fd].mode != UNUSED); wrap_fds[fd].mode = UNUSED; - m_close(fd); + close(fd); } int wrapfd_close(int fd) {