changeset 1383:f03cfe9c76ac fuzz

Disable setnonblocking(), get_socket_address(), set_sock_priority() for fuzzing
author Matt Johnston <matt@ucc.asn.au>
date Fri, 26 May 2017 22:10:51 +0800
parents 4b864fd12b22
children ecdd4e8ae427
files dbutil.c fuzz-common.c fuzz.h fuzzer-preauth.c fuzzer-pubkey.c netio.c
diffstat 6 files changed, 45 insertions(+), 49 deletions(-) [+]
line wrap: on
line diff
--- a/dbutil.c	Fri May 26 22:09:30 2017 +0800
+++ b/dbutil.c	Fri May 26 22:10:51 2017 +0800
@@ -531,22 +531,21 @@
 
 	TRACE(("setnonblocking: %d", fd))
 
+#ifdef DROPBEAR_FUZZ
+	if (fuzz.fuzzing) {
+		return;
+	}
+#endif
+
 	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
 		if (errno == ENODEV) {
 			/* Some devices (like /dev/null redirected in)
 			 * can't be set to non-blocking */
 			TRACE(("ignoring ENODEV for setnonblocking"))
 		} else {
-#ifdef DROPBEAR_FUZZ
-			if (fuzz.fuzzing) 
-			{
-				TRACE(("fuzzing ignore setnonblocking failure for %d", fd))
-			} 
-			else 
-#endif
-			{
-				dropbear_exit("Couldn't set nonblocking");
-			}
+		{
+			dropbear_exit("Couldn't set nonblocking");
+		}
 		}
 	}
 	TRACE(("leave setnonblocking"))
--- a/fuzz-common.c	Fri May 26 22:09:30 2017 +0800
+++ b/fuzz-common.c	Fri May 26 22:10:51 2017 +0800
@@ -115,3 +115,19 @@
 void fuzz_kex_fakealgos(void) {
     ses.newkeys->recv.crypt_mode = &dropbear_mode_none;
 }
+
+void fuzz_get_socket_address(int UNUSED(fd), char **local_host, char **local_port,
+                        char **remote_host, char **remote_port, int UNUSED(host_lookup)) {
+    if (local_host) {
+        *local_host = m_strdup("fuzzlocalhost");
+    }
+    if (local_port) {
+        *local_port = m_strdup("1234");
+    }
+    if (remote_host) {
+        *remote_host = m_strdup("fuzzremotehost");
+    }
+    if (remote_port) {
+        *remote_port = m_strdup("9876");
+    }
+}
--- a/fuzz.h	Fri May 26 22:09:30 2017 +0800
+++ b/fuzz.h	Fri May 26 22:10:51 2017 +0800
@@ -24,6 +24,8 @@
         const unsigned char* keyblob, unsigned int keybloblen);
 extern const char * const * fuzz_signkey_names;
 void fuzz_seed(void);
+void fuzz_get_socket_address(int fd, char **local_host, char **local_port,
+                        char **remote_host, char **remote_port, int host_lookup);
 
 // fake IO wrappers
 #ifndef FUZZ_SKIP_WRAP
--- a/fuzzer-preauth.c	Fri May 26 22:09:30 2017 +0800
+++ b/fuzzer-preauth.c	Fri May 26 22:10:51 2017 +0800
@@ -36,7 +36,7 @@
     uint32_t wrapseed = buf_getint(fuzz.input);
     wrapfd_setseed(wrapseed);
 
-	int fakesock = 1;
+	int fakesock = 20;
 	wrapfd_add(fakesock, fuzz.input, PLAIN);
 
 	m_malloc_set_epoch(1);
--- a/fuzzer-pubkey.c	Fri May 26 22:09:30 2017 +0800
+++ b/fuzzer-pubkey.c	Fri May 26 22:10:51 2017 +0800
@@ -32,8 +32,8 @@
 	if (setjmp(fuzz.jmp) == 0) {
 		fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys", 
 			algoname, strlen(algoname),
-			keyblob, strlen(keyblob));
-			m_malloc_free_epoch(1, 0);
+			(unsigned char*)keyblob, strlen(keyblob));
+		m_malloc_free_epoch(1, 0);
 	} else {
 		m_malloc_free_epoch(1, 1);
 		TRACE(("dropbear_exit longjmped"))
--- a/netio.c	Fri May 26 22:09:30 2017 +0800
+++ b/netio.c	Fri May 26 22:10:51 2017 +0800
@@ -311,6 +311,12 @@
 	int so_prio_val = 0;
 #endif
 
+#ifdef DROPBEAR_FUZZ
+	if (fuzz.fuzzing) {
+		TRACE(("fuzzing skips set_sock_prio"))
+		return;
+	}
+#endif
 
 	/* Don't log ENOTSOCK errors so that this can harmlessly be called
 	 * on a client '-J' proxy pipe */
@@ -482,40 +488,25 @@
 {
 	struct sockaddr_storage addr;
 	socklen_t addrlen;
+
+#if DROPBEAR_FUZZ
+	if (fuzz.fuzzing) {
+		fuzz_get_socket_address(fd, local_host, local_port, remote_host, remote_port, host_lookup);
+		return;
+	}
+#endif
 	
 	if (local_host || local_port) {
 		addrlen = sizeof(addr);
 		if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
-			if (errno == ENOTSOCK) {
-				// FUZZ
-				if (local_host) {
-					*local_host = m_strdup("notsocket");
-				}
-				if (local_port) {
-					*local_port = m_strdup("999");
-				}
-				return;
-			} else {
-				dropbear_exit("Failed socket address: %s", strerror(errno));
-			}
+			dropbear_exit("Failed socket address: %s", strerror(errno));
 		}
 		getaddrstring(&addr, local_host, local_port, host_lookup);		
 	}
 	if (remote_host || remote_port) {
 		addrlen = sizeof(addr);
 		if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
-			if (errno == ENOTSOCK) {
-				// FUZZ
-				if (remote_host) {
-					*remote_host = m_strdup("notsocket");
-				}
-				if (remote_port) {
-					*remote_port = m_strdup("999");
-				}
-				return;
-			} else {
-				dropbear_exit("Failed socket address: %s", strerror(errno));
-			}
+			dropbear_exit("Failed socket address: %s", strerror(errno));
 		}
 		getaddrstring(&addr, remote_host, remote_port, host_lookup);		
 	}
@@ -569,18 +560,6 @@
 			return;
 		} else {
 			/* if we can't do a numeric lookup, something's gone terribly wrong */
-			if (ret == EAI_FAMILY) {
-				// FUZZ
-				// Fake it for non-socket input
-				if (ret_host) {
-					*ret_host = m_strdup("0.0.0.0");
-				}
-				if (ret_port)
-				{
-					*ret_port = m_strdup("999");
-				}
-				return;
-			}
 			dropbear_exit("Failed lookup: %s", gai_strerror(ret));
 		}
 	}