2017-05-13 14:50:54 +00:00
|
|
|
#ifndef DROPBEAR_FUZZ_H
|
|
|
|
|
#define DROPBEAR_FUZZ_H
|
|
|
|
|
|
2017-05-20 05:23:16 +00:00
|
|
|
#include "config.h"
|
2018-02-28 14:02:12 +00:00
|
|
|
|
2018-02-28 13:40:08 +00:00
|
|
|
#if DROPBEAR_FUZZ
|
2017-05-20 05:23:16 +00:00
|
|
|
|
2017-05-13 14:50:54 +00:00
|
|
|
#include "includes.h"
|
|
|
|
|
#include "buffer.h"
|
2017-05-20 05:23:16 +00:00
|
|
|
#include "algo.h"
|
|
|
|
|
#include "fuzz-wrapfd.h"
|
2017-05-13 14:50:54 +00:00
|
|
|
|
2017-05-18 16:48:46 +00:00
|
|
|
// once per process
|
2018-01-23 15:05:47 +00:00
|
|
|
void fuzz_common_setup(void);
|
|
|
|
|
void fuzz_svr_setup(void);
|
2020-10-18 04:17:39 +00:00
|
|
|
void fuzz_cli_setup(void);
|
2017-05-13 14:50:54 +00:00
|
|
|
|
2020-10-24 14:40:08 +00:00
|
|
|
// constructor attribute so it runs before main(), including
|
|
|
|
|
// in non-fuzzing mode.
|
|
|
|
|
void fuzz_early_setup(void) __attribute__((constructor));
|
|
|
|
|
|
2017-05-25 14:21:49 +00:00
|
|
|
// must be called once per fuzz iteration.
|
|
|
|
|
// returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE
|
2018-01-23 15:05:47 +00:00
|
|
|
int fuzz_set_input(const uint8_t *Data, size_t Size);
|
|
|
|
|
|
2020-11-13 15:18:05 +00:00
|
|
|
int fuzz_run_server(const uint8_t *Data, size_t Size, int skip_kexmaths, int authdone);
|
2020-10-18 15:32:39 +00:00
|
|
|
int fuzz_run_client(const uint8_t *Data, size_t Size, int skip_kexmaths);
|
2018-03-05 03:50:31 +00:00
|
|
|
const void* fuzz_get_algo(const algo_type *algos, const char* name);
|
2017-05-18 16:48:46 +00:00
|
|
|
|
2017-05-23 14:43:34 +00:00
|
|
|
// fuzzer functions that intrude into general code
|
2017-05-20 05:23:16 +00:00
|
|
|
void fuzz_kex_fakealgos(void);
|
2017-05-23 14:43:34 +00:00
|
|
|
int fuzz_checkpubkey_line(buffer* line, int line_num, char* filename,
|
|
|
|
|
const char* algo, unsigned int algolen,
|
|
|
|
|
const unsigned char* keyblob, unsigned int keybloblen);
|
|
|
|
|
extern const char * const * fuzz_signkey_names;
|
2020-10-23 15:32:44 +00:00
|
|
|
void fuzz_seed(const unsigned char* dat, unsigned int len);
|
2020-10-18 04:17:39 +00:00
|
|
|
|
|
|
|
|
// helpers
|
2017-05-26 14:10:51 +00:00
|
|
|
void fuzz_get_socket_address(int fd, char **local_host, char **local_port,
|
|
|
|
|
char **remote_host, char **remote_port, int host_lookup);
|
2018-01-23 15:05:47 +00:00
|
|
|
void fuzz_fake_send_kexdh_reply(void);
|
2020-10-15 14:46:24 +00:00
|
|
|
int fuzz_spawn_command(int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid);
|
2020-10-20 15:34:38 +00:00
|
|
|
void fuzz_dump(const unsigned char* data, size_t len);
|
2017-05-20 05:23:16 +00:00
|
|
|
|
|
|
|
|
// fake IO wrappers
|
|
|
|
|
#ifndef FUZZ_SKIP_WRAP
|
|
|
|
|
#define select(nfds, readfds, writefds, exceptfds, timeout) \
|
|
|
|
|
wrapfd_select(nfds, readfds, writefds, exceptfds, timeout)
|
|
|
|
|
#define write(fd, buf, count) wrapfd_write(fd, buf, count)
|
|
|
|
|
#define read(fd, buf, count) wrapfd_read(fd, buf, count)
|
2017-05-20 14:47:19 +00:00
|
|
|
#define close(fd) wrapfd_close(fd)
|
2017-05-20 05:23:16 +00:00
|
|
|
#endif // FUZZ_SKIP_WRAP
|
|
|
|
|
|
2017-05-13 14:50:54 +00:00
|
|
|
struct dropbear_fuzz_options {
|
|
|
|
|
int fuzzing;
|
|
|
|
|
|
|
|
|
|
// fuzzing input
|
2017-05-18 16:48:46 +00:00
|
|
|
buffer *input;
|
2017-05-20 05:23:16 +00:00
|
|
|
struct dropbear_cipher recv_cipher;
|
|
|
|
|
struct dropbear_hash recv_mac;
|
|
|
|
|
int wrapfds;
|
2017-05-13 14:50:54 +00:00
|
|
|
|
2018-01-23 15:05:47 +00:00
|
|
|
// whether to skip slow bignum maths
|
|
|
|
|
int skip_kexmaths;
|
|
|
|
|
|
2017-05-13 14:50:54 +00:00
|
|
|
// dropbear_exit() jumps back
|
2017-06-01 13:30:26 +00:00
|
|
|
int do_jmp;
|
2017-05-13 14:50:54 +00:00
|
|
|
sigjmp_buf jmp;
|
2020-10-20 15:34:38 +00:00
|
|
|
|
|
|
|
|
// write out decrypted session data to this FD if it's set
|
|
|
|
|
// flag - this needs to be set manually in cli-main.c etc
|
|
|
|
|
int dumping;
|
|
|
|
|
// the file descriptor
|
|
|
|
|
int recv_dumpfd;
|
2020-10-24 14:40:08 +00:00
|
|
|
|
|
|
|
|
// avoid filling fuzzing logs, this points to /dev/null
|
2020-10-26 15:44:43 +00:00
|
|
|
FILE *fake_stderr;
|
2017-05-13 14:50:54 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
extern struct dropbear_fuzz_options fuzz;
|
|
|
|
|
|
2020-10-26 15:44:43 +00:00
|
|
|
/* guard for when fuzz.h is included by fuzz-common.c */
|
|
|
|
|
#ifndef FUZZ_NO_REPLACE_STDERR
|
|
|
|
|
|
2020-10-24 14:40:08 +00:00
|
|
|
/* This is a bodge but seems to work.
|
|
|
|
|
glibc stdio.h has the comment
|
|
|
|
|
"C89/C99 say they're macros. Make them happy." */
|
2020-10-26 15:44:43 +00:00
|
|
|
/* OS X has it as a macro */
|
2020-10-24 14:40:08 +00:00
|
|
|
#ifdef stderr
|
|
|
|
|
#undef stderr
|
|
|
|
|
#endif
|
2020-10-26 15:44:43 +00:00
|
|
|
#define stderr (fuzz.fake_stderr)
|
|
|
|
|
|
|
|
|
|
#endif /* FUZZ_NO_REPLACE_STDERR */
|
2020-10-24 14:40:08 +00:00
|
|
|
|
2017-05-20 05:23:16 +00:00
|
|
|
#endif // DROPBEAR_FUZZ
|
2017-05-13 14:50:54 +00:00
|
|
|
|
|
|
|
|
#endif /* DROPBEAR_FUZZ_H */
|
