ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-06-26 18:17:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fuzzing: add workaround getpwuid/getpwnam

Browse Source
This commit is contained in:
Matt Johnston 2020-11-16 22:44:30 +08:00
parent f49b576e93
commit 3c88d6536a
2 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
fuzz.h
View File

@ -99,6 +99,14 @@ extern struct dropbear_fuzz_options fuzz;
#endif /* FUZZ_NO_REPLACE_STDERR */ #endif /* FUZZ_NO_REPLACE_STDERR */
struct passwd* fuzz_getpwuid(uid_t uid);
struct passwd* fuzz_getpwnam(const char *login);
/* guard for when fuzz.h is included by fuzz-common.c */
#ifndef FUZZ_NO_REPLACE_GETPW
#define getpwnam(x) fuzz_getpwnam(x)
#define getpwuid(x) fuzz_getpwuid(x)
#endif // FUZZ_NO_REPLACE_GETPW
#endif // DROPBEAR_FUZZ #endif // DROPBEAR_FUZZ
#endif /* DROPBEAR_FUZZ_H */ #endif /* DROPBEAR_FUZZ_H */

51
fuzz/fuzz-common.c
View File

@ -1,4 +1,5 @@
#define FUZZ_NO_REPLACE_STDERR #define FUZZ_NO_REPLACE_STDERR
#define FUZZ_NO_REPLACE_GETPW
#include "includes.h" #include "includes.h"
#include "includes.h" #include "includes.h"
@ -261,7 +262,7 @@ int fuzz_run_server(const uint8_t *Data, size_t Size, int skip_kexmaths, int aut
if (authdone) { if (authdone) {
ses.authstate.authdone = 1; ses.authstate.authdone = 1;
char *me = getpwuid(getuid())->pw_name; char *me = fuzz_getpwuid(getuid())->pw_name;
fill_passwd(me); fill_passwd(me);
} }
@ -332,3 +333,51 @@ void fuzz_dump(const unsigned char* data, size_t len) {
assert(atomicio(vwrite, fuzz.recv_dumpfd, (void*)data, len) == len); assert(atomicio(vwrite, fuzz.recv_dumpfd, (void*)data, len) == len);
} }
} }
static struct passwd pwd_root = {
.pw_name = "root",
.pw_passwd = "!",
.pw_uid = 0,
.pw_gid = 0,
.pw_dir = "/root",
.pw_shell = "/bin/sh",
};
static struct passwd pwd_other = {
.pw_name = "other",
.pw_passwd = "!",
.pw_uid = 100,
.pw_gid = 100,
.pw_dir = "/home/other",
.pw_shell = "/bin/sh",
};
/* oss-fuzz runs fuzzers under minijail, without /etc/passwd.
We provide sufficient values for the fuzzers to run */
struct passwd* fuzz_getpwnam(const char *login) {
if (!fuzz.fuzzing) {
return getpwnam(login);
}
if (strcmp(login, pwd_other.pw_name) == 0) {
return &pwd_other;
}
if (strcmp(login, pwd_root.pw_name) == 0) {
return &pwd_root;
}
return NULL;
}
struct passwd* fuzz_getpwuid(uid_t uid) {
if (!fuzz.fuzzing) {
return getpwuid(uid);
}
if (uid == pwd_other.pw_uid) {
return &pwd_other;
}
if (uid == pwd_root.pw_uid) {
return &pwd_root;
}
return NULL;
}