Mercurial > dropbear
changeset 1559:92c93b4a3646 fuzz
Fix to be able to compile normal(ish) binaries with --enable-fuzz
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 28 Feb 2018 22:02:12 +0800 |
parents | 2f64cb3d3007 |
children | 02b226c2675e |
files | Makefile.in configure.ac dbutil.c fuzz-common.c fuzz-harness.c fuzz-wrapfd.c fuzz.h fuzzer-pubkey.c fuzzer-verify.c packet.c svr-session.c |
diffstat | 11 files changed, 49 insertions(+), 38 deletions(-) [+] |
line wrap: on
line diff
--- a/Makefile.in Wed Feb 28 21:40:08 2018 +0800 +++ b/Makefile.in Wed Feb 28 22:02:12 2018 +0800 @@ -61,14 +61,22 @@ SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o compat.o ifeq (@DROPBEAR_FUZZ@, 1) - COMMONOBJS += fuzz-common.o fuzz-wrapfd.o -endif + allobjs = $(COMMONOBJS) fuzz-common.o fuzz-wrapfd.o $(CLISVROBJS) $(CLIOBJS) $(SVROBJS) + allobjs:=$(subst svr-main.o, ,$(allobjs)) + allobjs:=$(subst cli-main.o, ,$(allobjs)) + allobjs:=$(sort $(allobjs)) -dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) -dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS) -dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS) -dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS) -scpobjs=$(SCPOBJS) + dropbearobjs=$(allobjs) svr-main.o + dbclientobjs=$(allobjs) cli-main.o + dropbearkeyobjs=$(allobjs) $(KEYOBJS) + dropbearconvertobjs=$(allobjs) $(CONVERTOBJS) +else + dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) + dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS) + dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS) + dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS) + scpobjs=$(SCPOBJS) +endif VPATH=@srcdir@ srcdir=@srcdir@ @@ -185,7 +193,7 @@ $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) dropbearkey dropbearconvert: $(HEADERS) $(LIBTOM_DEPS) Makefile - $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) + $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) # scp doesn't use the libs so is special. scp: $(SCPOBJS) $(HEADERS) Makefile @@ -260,7 +268,7 @@ svrfuzzobjs=$(subst svr-main.o, ,$(dropbearobjs)) # build all the fuzzers. This will require fail to link unless built with -# make fuzzers LIBS=-lFuzzer.a +# make fuzz-targetsk FUZZLIB=-lFuzzer.a # or similar - the library provides main(). fuzz-targets: $(FUZZ_TARGETS) $(FUZZER_OPTIONS)
--- a/configure.ac Wed Feb 28 21:40:08 2018 +0800 +++ b/configure.ac Wed Feb 28 22:02:12 2018 +0800 @@ -323,7 +323,7 @@ ) AC_ARG_ENABLE(fuzz, - [ --enable-fuzz Build fuzzing], + [ --enable-fuzz Build fuzzing. Not recommended for deployment.], [ AC_DEFINE(DROPBEAR_FUZZ, 1, Fuzzing) AC_MSG_NOTICE(Enabling fuzzing)
--- a/dbutil.c Wed Feb 28 21:40:08 2018 +0800 +++ b/dbutil.c Wed Feb 28 22:02:12 2018 +0800 @@ -121,7 +121,7 @@ _dropbear_log(LOG_INFO, fmtbuf, param); #if DROPBEAR_FUZZ - // longjmp before cleaning up svr_opts + /* longjmp before cleaning up svr_opts */ if (fuzz.do_jmp) { longjmp(fuzz.jmp, 1); }
--- a/fuzz-common.c Wed Feb 28 21:40:08 2018 +0800 +++ b/fuzz-common.c Wed Feb 28 22:02:12 2018 +0800 @@ -154,13 +154,15 @@ return 0; } - // get prefix. input format is - // string prefix - // uint32 wrapfd seed - // ... to be extended later - // [bytes] ssh input stream + /* + get prefix. input format is + string prefix + uint32 wrapfd seed + ... to be extended later + [bytes] ssh input stream + */ - // be careful to avoid triggering buffer.c assertions + /* be careful to avoid triggering buffer.c assertions */ if (fuzz.input->len < 8) { return 0; } @@ -181,7 +183,7 @@ } else { m_malloc_free_epoch(1, 1); TRACE(("dropbear_exit longjmped")) - // dropbear_exit jumped here + /* dropbear_exit jumped here */ } return 0;
--- a/fuzz-harness.c Wed Feb 28 21:40:08 2018 +0800 +++ b/fuzz-harness.c Wed Feb 28 22:02:12 2018 +0800 @@ -19,7 +19,7 @@ for (i = 1; i < argc; i++) { if (argv[i][0] == '-') { - // ignore arguments + /* ignore arguments */ continue; }
--- a/fuzz-wrapfd.c Wed Feb 28 21:40:08 2018 +0800 +++ b/fuzz-wrapfd.c Wed Feb 28 22:02:12 2018 +0800 @@ -21,7 +21,7 @@ }; static struct fdwrap wrap_fds[IOWRAP_MAXFD+1]; -// for quick selection of in-use descriptors +/* for quick selection of in-use descriptors */ static int wrap_used[IOWRAP_MAXFD+1]; static unsigned int nused; static unsigned short rand_state[3]; @@ -66,7 +66,7 @@ wrap_fds[fd].mode = UNUSED; - // remove from used list + /* remove from used list */ for (i = 0, j = 0; i < nused; i++) { if (wrap_used[i] != fd) { wrap_used[j] = wrap_used[i]; @@ -94,7 +94,7 @@ } if (fd < 0 || fd > IOWRAP_MAXFD || wrap_fds[fd].mode == UNUSED) { - // XXX - assertion failure? + /* XXX - assertion failure? */ TRACE(("Bad read descriptor %d\n", fd)) errno = EBADF; return -1; @@ -116,7 +116,7 @@ buf = wrap_fds[fd].buf; if (buf) { maxread = MIN(buf->len - buf->pos, count); - // returns 0 if buf is EOF, as intended + /* returns 0 if buf is EOF, as intended */ if (maxread > 0) { maxread = nrand48(rand_state) % maxread + 1; } @@ -140,7 +140,7 @@ } if (fd < 0 || fd > IOWRAP_MAXFD || wrap_fds[fd].mode == UNUSED) { - // XXX - assertion failure? + /* XXX - assertion failure? */ TRACE(("Bad read descriptor %d\n", fd)) errno = EBADF; return -1; @@ -148,7 +148,7 @@ assert(count != 0); - // force read to exercise sanitisers + /* force read to exercise sanitisers */ for (i = 0; i < count; i++) { (void)volin[i]; } @@ -186,7 +186,7 @@ return -1; } - // read + /* read */ if (readfds != NULL && erand48(rand_state) < CHANCE_READ1) { for (i = 0, nset = 0; i < nfds; i++) { if (FD_ISSET(i, readfds)) { @@ -198,7 +198,7 @@ FD_ZERO(readfds); if (nset > 0) { - // set one + /* set one */ sel = fdlist[nrand48(rand_state) % nset]; FD_SET(sel, readfds); ret++; @@ -213,7 +213,7 @@ } } - // write + /* write */ if (writefds != NULL && erand48(rand_state) < CHANCE_WRITE1) { for (i = 0, nset = 0; i < nfds; i++) { if (FD_ISSET(i, writefds)) { @@ -224,7 +224,7 @@ } FD_ZERO(writefds); - // set one + /* set one */ if (nset > 0) { sel = fdlist[nrand48(rand_state) % nset]; FD_SET(sel, writefds);
--- a/fuzz.h Wed Feb 28 21:40:08 2018 +0800 +++ b/fuzz.h Wed Feb 28 22:02:12 2018 +0800 @@ -2,6 +2,7 @@ #define DROPBEAR_FUZZ_H #include "config.h" + #if DROPBEAR_FUZZ #include "includes.h"
--- a/fuzzer-pubkey.c Wed Feb 28 21:40:08 2018 +0800 +++ b/fuzzer-pubkey.c Wed Feb 28 22:02:12 2018 +0800 @@ -20,14 +20,14 @@ m_malloc_set_epoch(1); - // choose a keytype based on input + /* choose a keytype based on input */ uint8_t b = 0; size_t i; for (i = 0; i < Size; i++) { b ^= Data[i]; } const char* algoname = fuzz_signkey_names[b%DROPBEAR_SIGNKEY_NUM_NAMED]; - const char* keyblob = "blob"; // keep short + const char* keyblob = "blob"; /* keep short */ if (setjmp(fuzz.jmp) == 0) { fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys", @@ -37,7 +37,7 @@ } else { m_malloc_free_epoch(1, 1); TRACE(("dropbear_exit longjmped")) - // dropbear_exit jumped here + /* dropbear_exit jumped here */ } return 0;
--- a/fuzzer-verify.c Wed Feb 28 21:40:08 2018 +0800 +++ b/fuzzer-verify.c Wed Feb 28 22:02:12 2018 +0800 @@ -57,7 +57,7 @@ } else { m_malloc_free_epoch(1, 1); TRACE(("dropbear_exit longjmped")) - // dropbear_exit jumped here + /* dropbear_exit jumped here */ } return 0;
--- a/packet.c Wed Feb 28 21:40:08 2018 +0800 +++ b/packet.c Wed Feb 28 22:02:12 2018 +0800 @@ -79,8 +79,8 @@ it's likely to be necessary */ #if DROPBEAR_FUZZ if (fuzz.fuzzing) { - // pretend to write one packet at a time - // TODO(fuzz): randomise amount written based on the fuzz input + /* pretend to write one packet at a time */ + /* TODO(fuzz): randomise amount written based on the fuzz input */ written = iov[0].iov_len; } else @@ -368,8 +368,8 @@ #if DROPBEAR_FUZZ if (fuzz.fuzzing) { - // fail 1 in 2000 times to test error path. - // note that mac_bytes is all zero prior to kex, so don't test ==0 ! + /* fail 1 in 2000 times to test error path. + note that mac_bytes is all zero prior to kex, so don't test ==0 ! */ unsigned int value = *((unsigned int*)&mac_bytes); if (value % 2000 == 99) { return DROPBEAR_FAILURE;