Disable setnonblocking(), get_socket_address(), set_sock_priority()

for fuzzing --HG-- branch : fuzz
2025-02-07 05:17:28 +00:00 · 2017-05-26 22:10:51 +08:00 · 2017-05-26 22:10:51 +08:00 · 4d07aa315b
commit 4d07aa315b
parent 2e298b25e4
6 changed files with 45 additions and 49 deletions
--- a/dbutil.c
+++ b/dbutil.c
@ -531,22 +531,21 @@ void setnonblocking(int fd) {

 	TRACE(("setnonblocking: %d", fd))

+#ifdef DROPBEAR_FUZZ
+	if (fuzz.fuzzing) {
+		return;
+	}
+#endif
+
 	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
 		if (errno == ENODEV) {
 			/* Some devices (like /dev/null redirected in)
 			 * can't be set to non-blocking */
 			TRACE(("ignoring ENODEV for setnonblocking"))
 		} else {
-#ifdef DROPBEAR_FUZZ
-			if (fuzz.fuzzing) 
-			{
-				TRACE(("fuzzing ignore setnonblocking failure for %d", fd))
-			} 
-			else 
-#endif
-			{
-				dropbear_exit("Couldn't set nonblocking");
-			}
+		{
+			dropbear_exit("Couldn't set nonblocking");
+		}
 		}
 	}
 	TRACE(("leave setnonblocking"))
--- a/fuzz-common.c
+++ b/fuzz-common.c
@ -115,3 +115,19 @@ static void load_fixed_hostkeys(void) {
 void fuzz_kex_fakealgos(void) {
    ses.newkeys->recv.crypt_mode = &dropbear_mode_none;
 }
+
+void fuzz_get_socket_address(int UNUSED(fd), char **local_host, char **local_port,
+                        char **remote_host, char **remote_port, int UNUSED(host_lookup)) {
+    if (local_host) {
+        *local_host = m_strdup("fuzzlocalhost");
+    }
+    if (local_port) {
+        *local_port = m_strdup("1234");
+    }
+    if (remote_host) {
+        *remote_host = m_strdup("fuzzremotehost");
+    }
+    if (remote_port) {
+        *remote_port = m_strdup("9876");
+    }
+}
--- a/fuzz.h
+++ b/fuzz.h
@ -24,6 +24,8 @@ int fuzz_checkpubkey_line(buffer* line, int line_num, char* filename,
        const unsigned char* keyblob, unsigned int keybloblen);
 extern const char * const * fuzz_signkey_names;
 void fuzz_seed(void);
+void fuzz_get_socket_address(int fd, char **local_host, char **local_port,
+                        char **remote_host, char **remote_port, int host_lookup);

 // fake IO wrappers
 #ifndef FUZZ_SKIP_WRAP
--- a/fuzzer-preauth.c
+++ b/fuzzer-preauth.c
@ -36,7 +36,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
    uint32_t wrapseed = buf_getint(fuzz.input);
    wrapfd_setseed(wrapseed);

-	int fakesock = 1;
+	int fakesock = 20;
 	wrapfd_add(fakesock, fuzz.input, PLAIN);

 	m_malloc_set_epoch(1);
--- a/fuzzer-pubkey.c
+++ b/fuzzer-pubkey.c
@ -32,8 +32,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 	if (setjmp(fuzz.jmp) == 0) {
 		fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys", 
 			algoname, strlen(algoname),
-			keyblob, strlen(keyblob));
-			m_malloc_free_epoch(1, 0);
+			(unsigned char*)keyblob, strlen(keyblob));
+		m_malloc_free_epoch(1, 0);
 	} else {
 		m_malloc_free_epoch(1, 1);
 		TRACE(("dropbear_exit longjmped"))
--- a/netio.c
+++ b/netio.c
@ -311,6 +311,12 @@ void set_sock_priority(int sock, enum dropbear_prio prio) {
 	int so_prio_val = 0;
 #endif

+#ifdef DROPBEAR_FUZZ
+	if (fuzz.fuzzing) {
+		TRACE(("fuzzing skips set_sock_prio"))
+		return;
+	}
+#endif

 	/* Don't log ENOTSOCK errors so that this can harmlessly be called
 	 * on a client '-J' proxy pipe */
@ -482,40 +488,25 @@ void get_socket_address(int fd, char **local_host, char **local_port,
 {
 	struct sockaddr_storage addr;
 	socklen_t addrlen;
+
+#if DROPBEAR_FUZZ
+	if (fuzz.fuzzing) {
+		fuzz_get_socket_address(fd, local_host, local_port, remote_host, remote_port, host_lookup);
+		return;
+	}
+#endif
 	
 	if (local_host || local_port) {
 		addrlen = sizeof(addr);
 		if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
-			if (errno == ENOTSOCK) {
-				// FUZZ
-				if (local_host) {
-					*local_host = m_strdup("notsocket");
-				}
-				if (local_port) {
-					*local_port = m_strdup("999");
-				}
-				return;
-			} else {
-				dropbear_exit("Failed socket address: %s", strerror(errno));
-			}
+			dropbear_exit("Failed socket address: %s", strerror(errno));
 		}
 		getaddrstring(&addr, local_host, local_port, host_lookup);		
 	}
 	if (remote_host || remote_port) {
 		addrlen = sizeof(addr);
 		if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
-			if (errno == ENOTSOCK) {
-				// FUZZ
-				if (remote_host) {
-					*remote_host = m_strdup("notsocket");
-				}
-				if (remote_port) {
-					*remote_port = m_strdup("999");
-				}
-				return;
-			} else {
-				dropbear_exit("Failed socket address: %s", strerror(errno));
-			}
+			dropbear_exit("Failed socket address: %s", strerror(errno));
 		}
 		getaddrstring(&addr, remote_host, remote_port, host_lookup);		
 	}
@ -569,18 +560,6 @@ void getaddrstring(struct sockaddr_storage* addr,
 			return;
 		} else {
 			/* if we can't do a numeric lookup, something's gone terribly wrong */
-			if (ret == EAI_FAMILY) {
-				// FUZZ
-				// Fake it for non-socket input
-				if (ret_host) {
-					*ret_host = m_strdup("0.0.0.0");
-				}
-				if (ret_port)
-				{
-					*ret_port = m_strdup("999");
-				}
-				return;
-			}
 			dropbear_exit("Failed lookup: %s", gai_strerror(ret));
 		}
 	}