fuzz: wrap kill()

fuzz-wrapfd.h

@@ -1,6 +1,7 @@
 #ifndef FUZZ_WRAPFD_H
 #define FUZZ_WRAPFD_H
 
+#include "includes.h"
 #include "buffer.h"
 
 enum wrapfd_mode {
@@ -21,5 +22,6 @@ int wrapfd_write(int fd, const void* in, size_t count);
 int wrapfd_select(int nfds, fd_set *readfds, fd_set *writefds, 
     fd_set *exceptfds, struct timeval *timeout);
 int wrapfd_close(int fd);
+int fuzz_kill(pid_t pid, int sig);
 
 #endif // FUZZ_WRAPFD_H

fuzz.h

@@ -59,6 +59,7 @@ void fuzz_dump(const unsigned char* data, size_t len);
 #define write(fd, buf, count) wrapfd_write(fd, buf, count)
 #define read(fd, buf, count) wrapfd_read(fd, buf, count)
 #define close(fd) wrapfd_close(fd)
+#define kill(pid, sig) fuzz_kill(pid, sig)
 #endif // FUZZ_SKIP_WRAP
 
 struct dropbear_fuzz_options {

fuzz/fuzz-wrapfd.c

@@ -258,3 +258,15 @@ int wrapfd_select(int nfds, fd_set *readfds, fd_set *writefds,
 	return ret;
 }
 
+int fuzz_kill(pid_t pid, int sig) {
+	if (fuzz.fuzzing) {
+		TRACE(("fuzz_kill ignoring pid %d signal %d", (pid), sig))
+		if (sig >= 0) {
+			return 0;
+		} else {
+			errno = EINVAL;
+			return -1;
+		}
+	}
+	return kill(pid, sig);
+}

svr-chansession.c

@@ -423,12 +423,14 @@ out:
 
 /* Send a signal to a session's process as requested by the client*/
 static int sessionsignal(const struct ChanSess *chansess) {
+	TRACE(("sessionsignal"))
 
 	int sig = 0;
 	char* signame = NULL;
 	int i;
 
 	if (chansess->pid == 0) {
+		TRACE(("sessionsignal: done no pid"))
 		/* haven't got a process pid yet */
 		return DROPBEAR_FAILURE;
 	}
@@ -446,12 +448,14 @@ static int sessionsignal(const struct ChanSess *chansess) {
 
 	m_free(signame);
 
+	TRACE(("sessionsignal: pid %d signal %d", (int)chansess->pid, sig))
 	if (sig == 0) {
 		/* failed */
 		return DROPBEAR_FAILURE;
 	}
 			
 	if (kill(chansess->pid, sig) < 0) {
+		TRACE(("sessionsignal: kill() errored"))
 		return DROPBEAR_FAILURE;
 	}