2020-10-29 14:14:38 +00:00
|
|
|
#define FUZZ_NO_REPLACE_STDERR
|
2020-11-16 14:44:30 +00:00
|
|
|
#define FUZZ_NO_REPLACE_GETPW
|
2017-05-13 14:50:54 +00:00
|
|
|
#include "includes.h"
|
|
|
|
|
|
|
|
|
|
#include "includes.h"
|
|
|
|
|
#include "dbutil.h"
|
|
|
|
|
#include "runopts.h"
|
2017-05-18 15:36:54 +00:00
|
|
|
#include "crypto_desc.h"
|
|
|
|
|
#include "session.h"
|
2017-05-18 16:48:46 +00:00
|
|
|
#include "dbrandom.h"
|
2018-01-23 15:27:40 +00:00
|
|
|
#include "bignum.h"
|
2020-10-20 15:34:38 +00:00
|
|
|
#include "atomicio.h"
|
2017-05-18 16:48:46 +00:00
|
|
|
#include "fuzz-wrapfd.h"
|
2020-10-26 15:44:43 +00:00
|
|
|
#include "fuzz.h"
|
|
|
|
|
|
2017-05-13 14:50:54 +00:00
|
|
|
struct dropbear_fuzz_options fuzz;
|
|
|
|
|
|
2017-05-24 16:12:07 +00:00
|
|
|
static void fuzz_dropbear_log(int UNUSED(priority), const char* format, va_list param);
|
2017-05-13 14:50:54 +00:00
|
|
|
static void load_fixed_hostkeys(void);
|
2020-10-20 15:34:38 +00:00
|
|
|
static void load_fixed_client_key(void);
|
2017-05-13 14:50:54 +00:00
|
|
|
|
2020-10-24 14:40:08 +00:00
|
|
|
// This runs automatically before main, due to contructor attribute in fuzz.h
|
|
|
|
|
void fuzz_early_setup(void) {
|
|
|
|
|
/* Set stderr to point to normal stderr by default */
|
2020-10-26 15:44:43 +00:00
|
|
|
fuzz.fake_stderr = stderr;
|
2020-10-24 14:40:08 +00:00
|
|
|
}
|
|
|
|
|
|
2018-01-23 15:05:47 +00:00
|
|
|
void fuzz_common_setup(void) {
|
2020-10-18 04:17:39 +00:00
|
|
|
disallow_core();
|
2017-05-13 14:50:54 +00:00
|
|
|
fuzz.fuzzing = 1;
|
2017-05-20 05:23:16 +00:00
|
|
|
fuzz.wrapfds = 1;
|
2017-06-01 13:30:26 +00:00
|
|
|
fuzz.do_jmp = 1;
|
2017-05-18 16:48:46 +00:00
|
|
|
fuzz.input = m_malloc(sizeof(buffer));
|
2017-05-24 16:12:07 +00:00
|
|
|
_dropbear_log = fuzz_dropbear_log;
|
2017-05-13 15:45:51 +00:00
|
|
|
crypto_init();
|
2020-10-23 15:32:44 +00:00
|
|
|
fuzz_seed("start", 5);
|
2018-02-21 13:49:24 +00:00
|
|
|
/* let any messages get flushed */
|
|
|
|
|
setlinebuf(stdout);
|
2020-10-24 14:40:08 +00:00
|
|
|
#if DEBUG_TRACE
|
|
|
|
|
if (debug_trace)
|
|
|
|
|
{
|
|
|
|
|
fprintf(stderr, "Dropbear fuzzer: -v specified, not disabling stderr output\n");
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
#endif
|
2020-10-26 15:31:24 +00:00
|
|
|
if (getenv("DROPBEAR_KEEP_STDERR")) {
|
|
|
|
|
fprintf(stderr, "Dropbear fuzzer: DROPBEAR_KEEP_STDERR, not disabling stderr output\n");
|
|
|
|
|
}
|
|
|
|
|
else
|
2020-10-24 14:40:08 +00:00
|
|
|
{
|
2020-10-26 15:31:24 +00:00
|
|
|
fprintf(stderr, "Dropbear fuzzer: Disabling stderr output\n");
|
2020-10-26 15:44:43 +00:00
|
|
|
fuzz.fake_stderr = fopen("/dev/null", "w");
|
|
|
|
|
assert(fuzz.fake_stderr);
|
2020-10-24 14:40:08 +00:00
|
|
|
}
|
2017-05-13 14:50:54 +00:00
|
|
|
}
|
|
|
|
|
|
2018-01-23 15:05:47 +00:00
|
|
|
int fuzz_set_input(const uint8_t *Data, size_t Size) {
|
2017-05-18 16:48:46 +00:00
|
|
|
|
|
|
|
|
fuzz.input->data = (unsigned char*)Data;
|
|
|
|
|
fuzz.input->size = Size;
|
|
|
|
|
fuzz.input->len = Size;
|
|
|
|
|
fuzz.input->pos = 0;
|
|
|
|
|
|
2017-05-20 14:47:19 +00:00
|
|
|
memset(&ses, 0x0, sizeof(ses));
|
|
|
|
|
memset(&svr_ses, 0x0, sizeof(svr_ses));
|
2020-10-18 07:08:54 +00:00
|
|
|
memset(&cli_ses, 0x0, sizeof(cli_ses));
|
2020-10-15 14:46:24 +00:00
|
|
|
wrapfd_setup(fuzz.input);
|
2020-11-01 15:44:58 +00:00
|
|
|
// printhex("input", fuzz.input->data, fuzz.input->len);
|
2017-05-18 16:48:46 +00:00
|
|
|
|
2020-10-23 15:32:44 +00:00
|
|
|
fuzz_seed(fuzz.input->data, MIN(fuzz.input->len, 16));
|
2017-05-18 16:48:46 +00:00
|
|
|
|
|
|
|
|
return DROPBEAR_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-24 16:12:07 +00:00
|
|
|
#if DEBUG_TRACE
|
2018-02-28 13:40:08 +00:00
|
|
|
static void fuzz_dropbear_log(int UNUSED(priority), const char* format, va_list param) {
|
2017-05-24 16:12:07 +00:00
|
|
|
if (debug_trace) {
|
2018-02-28 13:40:08 +00:00
|
|
|
char printbuf[1024];
|
2017-05-24 16:12:07 +00:00
|
|
|
vsnprintf(printbuf, sizeof(printbuf), format, param);
|
|
|
|
|
fprintf(stderr, "%s\n", printbuf);
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-02-28 13:40:08 +00:00
|
|
|
#else
|
|
|
|
|
static void fuzz_dropbear_log(int UNUSED(priority), const char* UNUSED(format), va_list UNUSED(param)) {
|
|
|
|
|
/* No print */
|
|
|
|
|
}
|
|
|
|
|
#endif /* DEBUG_TRACE */
|
2017-05-18 16:48:46 +00:00
|
|
|
|
2018-01-23 15:05:47 +00:00
|
|
|
void fuzz_svr_setup(void) {
|
|
|
|
|
fuzz_common_setup();
|
2017-05-18 15:36:54 +00:00
|
|
|
|
|
|
|
|
_dropbear_exit = svr_dropbear_exit;
|
2017-05-13 14:50:54 +00:00
|
|
|
|
|
|
|
|
char *argv[] = {
|
2020-10-18 07:08:54 +00:00
|
|
|
"dropbear",
|
2017-05-13 14:50:54 +00:00
|
|
|
"-E",
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
int argc = sizeof(argv) / sizeof(*argv);
|
|
|
|
|
svr_getopts(argc, argv);
|
|
|
|
|
|
|
|
|
|
load_fixed_hostkeys();
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-03 14:18:51 +00:00
|
|
|
void fuzz_svr_hook_preloop() {
|
|
|
|
|
if (fuzz.svr_postauth) {
|
|
|
|
|
ses.authstate.authdone = 1;
|
|
|
|
|
fill_passwd("root");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-15 14:46:24 +00:00
|
|
|
void fuzz_cli_setup(void) {
|
|
|
|
|
fuzz_common_setup();
|
|
|
|
|
|
2020-10-18 04:17:39 +00:00
|
|
|
_dropbear_exit = cli_dropbear_exit;
|
|
|
|
|
_dropbear_log = cli_dropbear_log;
|
2020-10-15 14:46:24 +00:00
|
|
|
|
|
|
|
|
char *argv[] = {
|
2020-10-18 07:08:54 +00:00
|
|
|
"dbclient",
|
2020-10-18 04:17:39 +00:00
|
|
|
"-y",
|
|
|
|
|
"localhost",
|
2020-10-20 15:34:38 +00:00
|
|
|
"uptime"
|
2020-10-15 14:46:24 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
int argc = sizeof(argv) / sizeof(*argv);
|
|
|
|
|
cli_getopts(argc, argv);
|
2020-10-20 15:34:38 +00:00
|
|
|
|
|
|
|
|
load_fixed_client_key();
|
|
|
|
|
/* Avoid password prompt */
|
|
|
|
|
setenv(DROPBEAR_PASSWORD_ENV, "password", 1);
|
2020-10-15 14:46:24 +00:00
|
|
|
}
|
|
|
|
|
|
2017-05-13 14:50:54 +00:00
|
|
|
#include "fuzz-hostkeys.c"
|
|
|
|
|
|
2020-10-20 15:34:38 +00:00
|
|
|
static void load_fixed_client_key(void) {
|
|
|
|
|
|
|
|
|
|
buffer *b = buf_new(3000);
|
|
|
|
|
sign_key *key;
|
|
|
|
|
enum signkey_type keytype;
|
|
|
|
|
|
|
|
|
|
key = new_sign_key();
|
|
|
|
|
keytype = DROPBEAR_SIGNKEY_ANY;
|
|
|
|
|
buf_putbytes(b, keyed25519, keyed25519_len);
|
|
|
|
|
buf_setpos(b, 0);
|
|
|
|
|
if (buf_get_priv_key(b, key, &keytype) == DROPBEAR_FAILURE) {
|
|
|
|
|
dropbear_exit("failed fixed ed25519 hostkey");
|
|
|
|
|
}
|
|
|
|
|
list_append(cli_opts.privkeys, key);
|
|
|
|
|
|
|
|
|
|
buf_free(b);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void load_fixed_hostkeys(void) {
|
|
|
|
|
|
2017-05-13 14:50:54 +00:00
|
|
|
buffer *b = buf_new(3000);
|
|
|
|
|
enum signkey_type type;
|
|
|
|
|
|
|
|
|
|
TRACE(("load fixed hostkeys"))
|
|
|
|
|
|
|
|
|
|
svr_opts.hostkey = new_sign_key();
|
|
|
|
|
|
|
|
|
|
buf_setlen(b, 0);
|
|
|
|
|
buf_putbytes(b, keyr, keyr_len);
|
|
|
|
|
buf_setpos(b, 0);
|
|
|
|
|
type = DROPBEAR_SIGNKEY_RSA;
|
|
|
|
|
if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) {
|
|
|
|
|
dropbear_exit("failed fixed rsa hostkey");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
buf_setlen(b, 0);
|
|
|
|
|
buf_putbytes(b, keyd, keyd_len);
|
|
|
|
|
buf_setpos(b, 0);
|
|
|
|
|
type = DROPBEAR_SIGNKEY_DSS;
|
|
|
|
|
if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) {
|
|
|
|
|
dropbear_exit("failed fixed dss hostkey");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
buf_setlen(b, 0);
|
|
|
|
|
buf_putbytes(b, keye, keye_len);
|
|
|
|
|
buf_setpos(b, 0);
|
|
|
|
|
type = DROPBEAR_SIGNKEY_ECDSA_NISTP256;
|
|
|
|
|
if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) {
|
|
|
|
|
dropbear_exit("failed fixed ecdsa hostkey");
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-11 16:09:45 +00:00
|
|
|
buf_setlen(b, 0);
|
|
|
|
|
buf_putbytes(b, keyed25519, keyed25519_len);
|
|
|
|
|
buf_setpos(b, 0);
|
|
|
|
|
type = DROPBEAR_SIGNKEY_ED25519;
|
|
|
|
|
if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) {
|
|
|
|
|
dropbear_exit("failed fixed ed25519 hostkey");
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-13 14:50:54 +00:00
|
|
|
buf_free(b);
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-20 05:23:16 +00:00
|
|
|
void fuzz_kex_fakealgos(void) {
|
|
|
|
|
ses.newkeys->recv.crypt_mode = &dropbear_mode_none;
|
2020-11-01 15:44:58 +00:00
|
|
|
ses.newkeys->recv.algo_mac = &dropbear_nohash;
|
2017-05-20 05:23:16 +00:00
|
|
|
}
|
2017-05-26 14:10:51 +00:00
|
|
|
|
|
|
|
|
void fuzz_get_socket_address(int UNUSED(fd), char **local_host, char **local_port,
|
|
|
|
|
char **remote_host, char **remote_port, int UNUSED(host_lookup)) {
|
|
|
|
|
if (local_host) {
|
|
|
|
|
*local_host = m_strdup("fuzzlocalhost");
|
|
|
|
|
}
|
|
|
|
|
if (local_port) {
|
|
|
|
|
*local_port = m_strdup("1234");
|
|
|
|
|
}
|
|
|
|
|
if (remote_host) {
|
|
|
|
|
*remote_host = m_strdup("fuzzremotehost");
|
|
|
|
|
}
|
|
|
|
|
if (remote_port) {
|
|
|
|
|
*remote_port = m_strdup("9876");
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-01-23 15:05:47 +00:00
|
|
|
|
|
|
|
|
/* cut down version of svr_send_msg_kexdh_reply() that skips slow maths. Still populates structures */
|
|
|
|
|
void fuzz_fake_send_kexdh_reply(void) {
|
|
|
|
|
assert(!ses.dh_K);
|
|
|
|
|
m_mp_alloc_init_multi(&ses.dh_K, NULL);
|
2020-05-26 15:36:47 +00:00
|
|
|
mp_set_ul(ses.dh_K, 12345678uL);
|
2018-01-23 15:05:47 +00:00
|
|
|
finish_kexhashbuf();
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-15 14:46:24 +00:00
|
|
|
/* fake version of spawn_command() */
|
|
|
|
|
int fuzz_spawn_command(int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t *ret_pid) {
|
2020-11-13 15:18:05 +00:00
|
|
|
*ret_writefd = wrapfd_new_dummy();
|
|
|
|
|
*ret_readfd = wrapfd_new_dummy();
|
2020-10-15 14:46:24 +00:00
|
|
|
if (ret_errfd) {
|
2020-11-13 15:18:05 +00:00
|
|
|
*ret_errfd = wrapfd_new_dummy();
|
2020-10-15 14:46:24 +00:00
|
|
|
}
|
2021-03-06 14:58:57 +00:00
|
|
|
if (*ret_writefd == -1 || *ret_readfd == -1 || (ret_errfd && *ret_errfd == -1)) {
|
|
|
|
|
m_close(*ret_writefd);
|
|
|
|
|
m_close(*ret_readfd);
|
|
|
|
|
if (ret_errfd) {
|
|
|
|
|
m_close(*ret_errfd);
|
|
|
|
|
}
|
|
|
|
|
return DROPBEAR_FAILURE;
|
|
|
|
|
} else {
|
|
|
|
|
*ret_pid = 999;
|
|
|
|
|
return DROPBEAR_SUCCESS;
|
2020-10-15 14:46:24 +00:00
|
|
|
|
2021-03-06 14:58:57 +00:00
|
|
|
}
|
|
|
|
|
}
|
2020-11-13 15:18:05 +00:00
|
|
|
|
2020-12-06 13:54:01 +00:00
|
|
|
/* Fake dropbear_listen, always returns failure for now.
|
|
|
|
|
TODO make it sometimes return success with wrapfd_new_dummy() sockets.
|
|
|
|
|
Making the listeners fake a new incoming connection will be harder. */
|
|
|
|
|
/* Listen on address:port.
|
|
|
|
|
* Special cases are address of "" listening on everything,
|
|
|
|
|
* and address of NULL listening on localhost only.
|
|
|
|
|
* Returns the number of sockets bound on success, or -1 on failure. On
|
|
|
|
|
* failure, if errstring wasn't NULL, it'll be a newly malloced error
|
|
|
|
|
* string.*/
|
|
|
|
|
int fuzz_dropbear_listen(const char* UNUSED(address), const char* UNUSED(port),
|
|
|
|
|
int *UNUSED(socks), unsigned int UNUSED(sockcount), char **errstring, int *UNUSED(maxfd)) {
|
|
|
|
|
if (errstring) {
|
|
|
|
|
*errstring = m_strdup("fuzzing can't listen (yet)");
|
|
|
|
|
}
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-03 14:18:51 +00:00
|
|
|
int fuzz_run_server(const uint8_t *Data, size_t Size, int skip_kexmaths, int postauth) {
|
2018-01-23 15:05:47 +00:00
|
|
|
static int once = 0;
|
|
|
|
|
if (!once) {
|
|
|
|
|
fuzz_svr_setup();
|
|
|
|
|
fuzz.skip_kexmaths = skip_kexmaths;
|
|
|
|
|
once = 1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-03 14:18:51 +00:00
|
|
|
fuzz.svr_postauth = postauth;
|
|
|
|
|
|
2018-01-23 15:05:47 +00:00
|
|
|
if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-01 15:44:58 +00:00
|
|
|
uint32_t wrapseed;
|
2020-11-02 12:33:48 +00:00
|
|
|
genrandom((void*)&wrapseed, sizeof(wrapseed));
|
2018-01-23 15:05:47 +00:00
|
|
|
wrapfd_setseed(wrapseed);
|
|
|
|
|
|
2020-11-13 15:18:05 +00:00
|
|
|
int fakesock = wrapfd_new_fuzzinput();
|
|
|
|
|
|
2018-01-23 15:05:47 +00:00
|
|
|
m_malloc_set_epoch(1);
|
2020-10-25 14:52:36 +00:00
|
|
|
fuzz.do_jmp = 1;
|
2018-01-23 15:05:47 +00:00
|
|
|
if (setjmp(fuzz.jmp) == 0) {
|
|
|
|
|
svr_session(fakesock, fakesock);
|
|
|
|
|
m_malloc_free_epoch(1, 0);
|
|
|
|
|
} else {
|
2020-10-25 14:52:36 +00:00
|
|
|
fuzz.do_jmp = 0;
|
2018-01-23 15:05:47 +00:00
|
|
|
m_malloc_free_epoch(1, 1);
|
|
|
|
|
TRACE(("dropbear_exit longjmped"))
|
2018-02-28 14:02:12 +00:00
|
|
|
/* dropbear_exit jumped here */
|
2018-01-23 15:05:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2018-03-05 03:50:31 +00:00
|
|
|
|
2020-10-18 04:17:39 +00:00
|
|
|
int fuzz_run_client(const uint8_t *Data, size_t Size, int skip_kexmaths) {
|
|
|
|
|
static int once = 0;
|
|
|
|
|
if (!once) {
|
|
|
|
|
fuzz_cli_setup();
|
|
|
|
|
fuzz.skip_kexmaths = skip_kexmaths;
|
|
|
|
|
once = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-01 15:44:58 +00:00
|
|
|
// Allow to proceed sooner
|
|
|
|
|
ses.kexstate.donefirstkex = 1;
|
2020-10-18 04:17:39 +00:00
|
|
|
|
2020-11-01 15:44:58 +00:00
|
|
|
uint32_t wrapseed;
|
2020-11-02 12:33:48 +00:00
|
|
|
genrandom((void*)&wrapseed, sizeof(wrapseed));
|
2020-10-18 04:17:39 +00:00
|
|
|
wrapfd_setseed(wrapseed);
|
|
|
|
|
|
2020-11-13 15:18:05 +00:00
|
|
|
int fakesock = wrapfd_new_fuzzinput();
|
2020-10-18 04:17:39 +00:00
|
|
|
|
|
|
|
|
m_malloc_set_epoch(1);
|
2020-10-25 14:52:36 +00:00
|
|
|
fuzz.do_jmp = 1;
|
2020-10-18 04:17:39 +00:00
|
|
|
if (setjmp(fuzz.jmp) == 0) {
|
|
|
|
|
cli_session(fakesock, fakesock, NULL, 0);
|
|
|
|
|
m_malloc_free_epoch(1, 0);
|
|
|
|
|
} else {
|
2020-10-25 14:52:36 +00:00
|
|
|
fuzz.do_jmp = 0;
|
2020-10-18 04:17:39 +00:00
|
|
|
m_malloc_free_epoch(1, 1);
|
|
|
|
|
TRACE(("dropbear_exit longjmped"))
|
|
|
|
|
/* dropbear_exit jumped here */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-05 03:50:31 +00:00
|
|
|
const void* fuzz_get_algo(const algo_type *algos, const char* name) {
|
|
|
|
|
const algo_type *t;
|
|
|
|
|
for (t = algos; t->name; t++) {
|
|
|
|
|
if (strcmp(t->name, name) == 0) {
|
|
|
|
|
return t->data;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
assert(0);
|
|
|
|
|
}
|
2020-10-20 15:34:38 +00:00
|
|
|
|
|
|
|
|
void fuzz_dump(const unsigned char* data, size_t len) {
|
|
|
|
|
if (fuzz.dumping) {
|
2021-03-04 15:57:12 +00:00
|
|
|
TRACE(("dump %zu", len))
|
2020-10-20 15:34:38 +00:00
|
|
|
assert(atomicio(vwrite, fuzz.recv_dumpfd, (void*)data, len) == len);
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-11-16 14:44:30 +00:00
|
|
|
|
|
|
|
|
static struct passwd pwd_root = {
|
|
|
|
|
.pw_name = "root",
|
|
|
|
|
.pw_passwd = "!",
|
|
|
|
|
.pw_uid = 0,
|
|
|
|
|
.pw_gid = 0,
|
|
|
|
|
.pw_dir = "/root",
|
|
|
|
|
.pw_shell = "/bin/sh",
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static struct passwd pwd_other = {
|
|
|
|
|
.pw_name = "other",
|
|
|
|
|
.pw_passwd = "!",
|
|
|
|
|
.pw_uid = 100,
|
|
|
|
|
.pw_gid = 100,
|
|
|
|
|
.pw_dir = "/home/other",
|
|
|
|
|
.pw_shell = "/bin/sh",
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* oss-fuzz runs fuzzers under minijail, without /etc/passwd.
|
|
|
|
|
We provide sufficient values for the fuzzers to run */
|
|
|
|
|
struct passwd* fuzz_getpwnam(const char *login) {
|
|
|
|
|
if (!fuzz.fuzzing) {
|
|
|
|
|
return getpwnam(login);
|
|
|
|
|
}
|
|
|
|
|
if (strcmp(login, pwd_other.pw_name) == 0) {
|
|
|
|
|
return &pwd_other;
|
|
|
|
|
}
|
|
|
|
|
if (strcmp(login, pwd_root.pw_name) == 0) {
|
|
|
|
|
return &pwd_root;
|
|
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct passwd* fuzz_getpwuid(uid_t uid) {
|
|
|
|
|
if (!fuzz.fuzzing) {
|
|
|
|
|
return getpwuid(uid);
|
|
|
|
|
}
|
|
|
|
|
if (uid == pwd_other.pw_uid) {
|
|
|
|
|
return &pwd_other;
|
|
|
|
|
}
|
|
|
|
|
if (uid == pwd_root.pw_uid) {
|
|
|
|
|
return &pwd_root;
|
|
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
