Skip to content

Commit

Permalink
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Browse files Browse the repository at this point in the history
for fuzzing

--HG--
branch : fuzz
  • Loading branch information
mkj committed May 26, 2017
1 parent 2e298b2 commit 4d07aa3
Show file tree
Hide file tree
Showing 6 changed files with 45 additions and 49 deletions.
19 changes: 9 additions & 10 deletions dbutil.c
Original file line number Diff line number Diff line change
Expand Up @@ -531,22 +531,21 @@ void setnonblocking(int fd) {

TRACE(("setnonblocking: %d", fd))

#ifdef DROPBEAR_FUZZ
if (fuzz.fuzzing) {
return;
}
#endif

if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
if (errno == ENODEV) {
/* Some devices (like /dev/null redirected in)
* can't be set to non-blocking */
TRACE(("ignoring ENODEV for setnonblocking"))
} else {
#ifdef DROPBEAR_FUZZ
if (fuzz.fuzzing)
{
TRACE(("fuzzing ignore setnonblocking failure for %d", fd))
}
else
#endif
{
dropbear_exit("Couldn't set nonblocking");
}
{
dropbear_exit("Couldn't set nonblocking");
}
}
}
TRACE(("leave setnonblocking"))
Expand Down
16 changes: 16 additions & 0 deletions fuzz-common.c
Original file line number Diff line number Diff line change
Expand Up @@ -115,3 +115,19 @@ static void load_fixed_hostkeys(void) {
void fuzz_kex_fakealgos(void) {
ses.newkeys->recv.crypt_mode = &dropbear_mode_none;
}

void fuzz_get_socket_address(int UNUSED(fd), char **local_host, char **local_port,
char **remote_host, char **remote_port, int UNUSED(host_lookup)) {
if (local_host) {
*local_host = m_strdup("fuzzlocalhost");
}
if (local_port) {
*local_port = m_strdup("1234");
}
if (remote_host) {
*remote_host = m_strdup("fuzzremotehost");
}
if (remote_port) {
*remote_port = m_strdup("9876");
}
}
2 changes: 2 additions & 0 deletions fuzz.h
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ int fuzz_checkpubkey_line(buffer* line, int line_num, char* filename,
const unsigned char* keyblob, unsigned int keybloblen);
extern const char * const * fuzz_signkey_names;
void fuzz_seed(void);
void fuzz_get_socket_address(int fd, char **local_host, char **local_port,
char **remote_host, char **remote_port, int host_lookup);

// fake IO wrappers
#ifndef FUZZ_SKIP_WRAP
Expand Down
2 changes: 1 addition & 1 deletion fuzzer-preauth.c
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
uint32_t wrapseed = buf_getint(fuzz.input);
wrapfd_setseed(wrapseed);

int fakesock = 1;
int fakesock = 20;
wrapfd_add(fakesock, fuzz.input, PLAIN);

m_malloc_set_epoch(1);
Expand Down
4 changes: 2 additions & 2 deletions fuzzer-pubkey.c
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (setjmp(fuzz.jmp) == 0) {
fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys",
algoname, strlen(algoname),
keyblob, strlen(keyblob));
m_malloc_free_epoch(1, 0);
(unsigned char*)keyblob, strlen(keyblob));
m_malloc_free_epoch(1, 0);
} else {
m_malloc_free_epoch(1, 1);
TRACE(("dropbear_exit longjmped"))
Expand Down
51 changes: 15 additions & 36 deletions netio.c
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,12 @@ void set_sock_priority(int sock, enum dropbear_prio prio) {
int so_prio_val = 0;
#endif

#ifdef DROPBEAR_FUZZ
if (fuzz.fuzzing) {
TRACE(("fuzzing skips set_sock_prio"))
return;
}
#endif

/* Don't log ENOTSOCK errors so that this can harmlessly be called
* on a client '-J' proxy pipe */
Expand Down Expand Up @@ -482,40 +488,25 @@ void get_socket_address(int fd, char **local_host, char **local_port,
{
struct sockaddr_storage addr;
socklen_t addrlen;

#if DROPBEAR_FUZZ
if (fuzz.fuzzing) {
fuzz_get_socket_address(fd, local_host, local_port, remote_host, remote_port, host_lookup);
return;
}
#endif

if (local_host || local_port) {
addrlen = sizeof(addr);
if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
if (errno == ENOTSOCK) {
// FUZZ
if (local_host) {
*local_host = m_strdup("notsocket");
}
if (local_port) {
*local_port = m_strdup("999");
}
return;
} else {
dropbear_exit("Failed socket address: %s", strerror(errno));
}
dropbear_exit("Failed socket address: %s", strerror(errno));
}
getaddrstring(&addr, local_host, local_port, host_lookup);
}
if (remote_host || remote_port) {
addrlen = sizeof(addr);
if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
if (errno == ENOTSOCK) {
// FUZZ
if (remote_host) {
*remote_host = m_strdup("notsocket");
}
if (remote_port) {
*remote_port = m_strdup("999");
}
return;
} else {
dropbear_exit("Failed socket address: %s", strerror(errno));
}
dropbear_exit("Failed socket address: %s", strerror(errno));
}
getaddrstring(&addr, remote_host, remote_port, host_lookup);
}
Expand Down Expand Up @@ -569,18 +560,6 @@ void getaddrstring(struct sockaddr_storage* addr,
return;
} else {
/* if we can't do a numeric lookup, something's gone terribly wrong */
if (ret == EAI_FAMILY) {
// FUZZ
// Fake it for non-socket input
if (ret_host) {
*ret_host = m_strdup("0.0.0.0");
}
if (ret_port)
{
*ret_port = m_strdup("999");
}
return;
}
dropbear_exit("Failed lookup: %s", gai_strerror(ret));
}
}
Expand Down

0 comments on commit 4d07aa3

Please sign in to comment.