ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-06-26 18:17:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Disable setnonblocking(), get_socket_address(), set_sock_priority()

Browse Source 
for fuzzing

--HG--
branch : fuzz
This commit is contained in:
Matt Johnston 2017-05-26 22:10:51 +08:00
parent 2e298b25e4
commit 4d07aa315b
6 changed files with 45 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
dbutil.c
View File

@ -531,19 +531,18 @@ void setnonblocking(int fd) {
TRACE(("setnonblocking: %d", fd)) TRACE(("setnonblocking: %d", fd))
#ifdef DROPBEAR_FUZZ
if (fuzz.fuzzing) {
return;
}
#endif
if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) { if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
if (errno == ENODEV) { if (errno == ENODEV) {
/* Some devices (like /dev/null redirected in) /* Some devices (like /dev/null redirected in)
* can't be set to non-blocking */ * can't be set to non-blocking */
TRACE(("ignoring ENODEV for setnonblocking")) TRACE(("ignoring ENODEV for setnonblocking"))
} else { } else {
#ifdef DROPBEAR_FUZZ
if (fuzz.fuzzing)
{
TRACE(("fuzzing ignore setnonblocking failure for %d", fd))
}
else
#endif
{ {
dropbear_exit("Couldn't set nonblocking"); dropbear_exit("Couldn't set nonblocking");
} }

16
fuzz-common.c
View File

@ -115,3 +115,19 @@ static void load_fixed_hostkeys(void) {
void fuzz_kex_fakealgos(void) { void fuzz_kex_fakealgos(void) {
ses.newkeys->recv.crypt_mode = &dropbear_mode_none; ses.newkeys->recv.crypt_mode = &dropbear_mode_none;
} }
void fuzz_get_socket_address(int UNUSED(fd), char **local_host, char **local_port,
char **remote_host, char **remote_port, int UNUSED(host_lookup)) {
if (local_host) {
*local_host = m_strdup("fuzzlocalhost");
}
if (local_port) {
*local_port = m_strdup("1234");
}
if (remote_host) {
*remote_host = m_strdup("fuzzremotehost");
}
if (remote_port) {
*remote_port = m_strdup("9876");
}
}

2
fuzz.h
View File

@ -24,6 +24,8 @@ int fuzz_checkpubkey_line(buffer* line, int line_num, char* filename,
const unsigned char* keyblob, unsigned int keybloblen); const unsigned char* keyblob, unsigned int keybloblen);
extern const char * const * fuzz_signkey_names; extern const char * const * fuzz_signkey_names;
void fuzz_seed(void); void fuzz_seed(void);
void fuzz_get_socket_address(int fd, char **local_host, char **local_port,
char **remote_host, char **remote_port, int host_lookup);
// fake IO wrappers // fake IO wrappers
#ifndef FUZZ_SKIP_WRAP #ifndef FUZZ_SKIP_WRAP

2
fuzzer-preauth.c
View File

@ -36,7 +36,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
uint32_t wrapseed = buf_getint(fuzz.input); uint32_t wrapseed = buf_getint(fuzz.input);
wrapfd_setseed(wrapseed); wrapfd_setseed(wrapseed);
int fakesock = 1; int fakesock = 20;
wrapfd_add(fakesock, fuzz.input, PLAIN); wrapfd_add(fakesock, fuzz.input, PLAIN);
m_malloc_set_epoch(1); m_malloc_set_epoch(1);

2
fuzzer-pubkey.c
View File

@ -32,7 +32,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (setjmp(fuzz.jmp) == 0) { if (setjmp(fuzz.jmp) == 0) {
fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys", fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys",
algoname, strlen(algoname), algoname, strlen(algoname),
keyblob, strlen(keyblob)); (unsigned char*)keyblob, strlen(keyblob));
m_malloc_free_epoch(1, 0); m_malloc_free_epoch(1, 0);
} else { } else {
m_malloc_free_epoch(1, 1); m_malloc_free_epoch(1, 1);

47
netio.c
View File

@ -311,6 +311,12 @@ void set_sock_priority(int sock, enum dropbear_prio prio) {
int so_prio_val = 0; int so_prio_val = 0;
#endif #endif
#ifdef DROPBEAR_FUZZ
if (fuzz.fuzzing) {
TRACE(("fuzzing skips set_sock_prio"))
return;
}
#endif
/* Don't log ENOTSOCK errors so that this can harmlessly be called /* Don't log ENOTSOCK errors so that this can harmlessly be called
* on a client '-J' proxy pipe */ * on a client '-J' proxy pipe */
@ -483,40 +489,25 @@ void get_socket_address(int fd, char **local_host, char **local_port,
struct sockaddr_storage addr; struct sockaddr_storage addr;
socklen_t addrlen; socklen_t addrlen;
#if DROPBEAR_FUZZ
if (fuzz.fuzzing) {
fuzz_get_socket_address(fd, local_host, local_port, remote_host, remote_port, host_lookup);
return;
}
#endif
if (local_host || local_port) { if (local_host || local_port) {
addrlen = sizeof(addr); addrlen = sizeof(addr);
if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) < 0) { if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
if (errno == ENOTSOCK) {
// FUZZ
if (local_host) {
*local_host = m_strdup("notsocket");
}
if (local_port) {
*local_port = m_strdup("999");
}
return;
} else {
dropbear_exit("Failed socket address: %s", strerror(errno)); dropbear_exit("Failed socket address: %s", strerror(errno));
} }
}
getaddrstring(&addr, local_host, local_port, host_lookup); getaddrstring(&addr, local_host, local_port, host_lookup);
} }
if (remote_host || remote_port) { if (remote_host || remote_port) {
addrlen = sizeof(addr); addrlen = sizeof(addr);
if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) < 0) { if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
if (errno == ENOTSOCK) {
// FUZZ
if (remote_host) {
*remote_host = m_strdup("notsocket");
}
if (remote_port) {
*remote_port = m_strdup("999");
}
return;
} else {
dropbear_exit("Failed socket address: %s", strerror(errno)); dropbear_exit("Failed socket address: %s", strerror(errno));
} }
}
getaddrstring(&addr, remote_host, remote_port, host_lookup); getaddrstring(&addr, remote_host, remote_port, host_lookup);
} }
} }
@ -569,18 +560,6 @@ void getaddrstring(struct sockaddr_storage* addr,
return; return;
} else { } else {
/* if we can't do a numeric lookup, something's gone terribly wrong */ /* if we can't do a numeric lookup, something's gone terribly wrong */
if (ret == EAI_FAMILY) {
// FUZZ
// Fake it for non-socket input
if (ret_host) {
*ret_host = m_strdup("0.0.0.0");
}
if (ret_port)
{
*ret_port = m_strdup("999");
}
return;
}
dropbear_exit("Failed lookup: %s", gai_strerror(ret)); dropbear_exit("Failed lookup: %s", gai_strerror(ret));
} }
} }