changeset 1786:a3b39df57c8b

fuzz: add an always-failing dropbear_listen() replacement
author Matt Johnston <matt@ucc.asn.au>
date Sun, 06 Dec 2020 21:54:01 +0800
parents 9026f976eee8
children ce3ce75a6e04
files fuzz.h fuzz/fuzz-common.c netio.c
diffstat 3 files changed, 26 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/fuzz.h	Sun Dec 06 21:27:25 2020 +0800
+++ b/fuzz.h	Sun Dec 06 21:54:01 2020 +0800
@@ -42,6 +42,9 @@
     connect_callback cb, void* cb_data,
     const char* bind_address, const char* bind_port);
 
+int fuzz_dropbear_listen(const char* address, const char* port,
+        int *socks, unsigned int sockcount, char **errstring, int *maxfd);
+
 // helpers
 void fuzz_get_socket_address(int fd, char **local_host, char **local_port,
                         char **remote_host, char **remote_port, int host_lookup);
--- a/fuzz/fuzz-common.c	Sun Dec 06 21:27:25 2020 +0800
+++ b/fuzz/fuzz-common.c	Sun Dec 06 21:54:01 2020 +0800
@@ -255,6 +255,23 @@
     return NULL;
 }
 
+/* Fake dropbear_listen, always returns failure for now.
+TODO make it sometimes return success with wrapfd_new_dummy() sockets.
+Making the listeners fake a new incoming connection will be harder. */
+/* Listen on address:port. 
+ * Special cases are address of "" listening on everything,
+ * and address of NULL listening on localhost only.
+ * Returns the number of sockets bound on success, or -1 on failure. On
+ * failure, if errstring wasn't NULL, it'll be a newly malloced error
+ * string.*/
+int fuzz_dropbear_listen(const char* UNUSED(address), const char* UNUSED(port),
+        int *UNUSED(socks), unsigned int UNUSED(sockcount), char **errstring, int *UNUSED(maxfd)) {
+    if (errstring) {
+        *errstring = m_strdup("fuzzing can't listen (yet)");
+    }
+    return -1;
+}
+
 int fuzz_run_server(const uint8_t *Data, size_t Size, int skip_kexmaths, int postauth) {
     static int once = 0;
     if (!once) {
--- a/netio.c	Sun Dec 06 21:27:25 2020 +0800
+++ b/netio.c	Sun Dec 06 21:54:01 2020 +0800
@@ -461,6 +461,12 @@
 	int sock;
 
 	TRACE(("enter dropbear_listen"))
+
+#if DROPBEAR_FUZZ
+	if (fuzz.fuzzing) {
+		return fuzz_dropbear_listen(address, port, socks, sockcount, errstring, maxfd);
+	}
+#endif
 	
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = AF_UNSPEC; /* TODO: let them flag v4 only etc */