Mercurial > dropbear
changeset 1786:a3b39df57c8b
fuzz: add an always-failing dropbear_listen() replacement
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sun, 06 Dec 2020 21:54:01 +0800 |
parents | 9026f976eee8 |
children | ce3ce75a6e04 |
files | fuzz.h fuzz/fuzz-common.c netio.c |
diffstat | 3 files changed, 26 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/fuzz.h Sun Dec 06 21:27:25 2020 +0800 +++ b/fuzz.h Sun Dec 06 21:54:01 2020 +0800 @@ -42,6 +42,9 @@ connect_callback cb, void* cb_data, const char* bind_address, const char* bind_port); +int fuzz_dropbear_listen(const char* address, const char* port, + int *socks, unsigned int sockcount, char **errstring, int *maxfd); + // helpers void fuzz_get_socket_address(int fd, char **local_host, char **local_port, char **remote_host, char **remote_port, int host_lookup);
--- a/fuzz/fuzz-common.c Sun Dec 06 21:27:25 2020 +0800 +++ b/fuzz/fuzz-common.c Sun Dec 06 21:54:01 2020 +0800 @@ -255,6 +255,23 @@ return NULL; } +/* Fake dropbear_listen, always returns failure for now. +TODO make it sometimes return success with wrapfd_new_dummy() sockets. +Making the listeners fake a new incoming connection will be harder. */ +/* Listen on address:port. + * Special cases are address of "" listening on everything, + * and address of NULL listening on localhost only. + * Returns the number of sockets bound on success, or -1 on failure. On + * failure, if errstring wasn't NULL, it'll be a newly malloced error + * string.*/ +int fuzz_dropbear_listen(const char* UNUSED(address), const char* UNUSED(port), + int *UNUSED(socks), unsigned int UNUSED(sockcount), char **errstring, int *UNUSED(maxfd)) { + if (errstring) { + *errstring = m_strdup("fuzzing can't listen (yet)"); + } + return -1; +} + int fuzz_run_server(const uint8_t *Data, size_t Size, int skip_kexmaths, int postauth) { static int once = 0; if (!once) {
--- a/netio.c Sun Dec 06 21:27:25 2020 +0800 +++ b/netio.c Sun Dec 06 21:54:01 2020 +0800 @@ -461,6 +461,12 @@ int sock; TRACE(("enter dropbear_listen")) + +#if DROPBEAR_FUZZ + if (fuzz.fuzzing) { + return fuzz_dropbear_listen(address, port, socks, sockcount, errstring, maxfd); + } +#endif memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; /* TODO: let them flag v4 only etc */