summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMatt Johnston <matt@ucc.asn.au>2020-12-06 21:54:01 +0800
committerMatt Johnston <matt@ucc.asn.au>2020-12-06 21:54:01 +0800
commite12ff23e7d530613f7e876d366b52d04072a0e06 (patch)
tree462fb0c743f888fc08f4c1da3617805604ea3741
parent007a5925dcdc63c9aa2550c902a8a0493465ba20 (diff)
fuzz: add an always-failing dropbear_listen() replacement
-rw-r--r--fuzz.h3
-rw-r--r--fuzz/fuzz-common.c17
-rw-r--r--netio.c6
3 files changed, 26 insertions, 0 deletions
diff --git a/fuzz.h b/fuzz.h
index 21fb1f9..6525e40 100644
--- a/fuzz.h
+++ b/fuzz.h
@@ -42,6 +42,9 @@ struct dropbear_progress_connection *fuzz_connect_remote(const char* remotehost,
connect_callback cb, void* cb_data,
const char* bind_address, const char* bind_port);
+int fuzz_dropbear_listen(const char* address, const char* port,
+ int *socks, unsigned int sockcount, char **errstring, int *maxfd);
+
// helpers
void fuzz_get_socket_address(int fd, char **local_host, char **local_port,
char **remote_host, char **remote_port, int host_lookup);
diff --git a/fuzz/fuzz-common.c b/fuzz/fuzz-common.c
index f251e81..887308a 100644
--- a/fuzz/fuzz-common.c
+++ b/fuzz/fuzz-common.c
@@ -255,6 +255,23 @@ struct dropbear_progress_connection *fuzz_connect_remote(const char* UNUSED(remo
return NULL;
}
+/* Fake dropbear_listen, always returns failure for now.
+TODO make it sometimes return success with wrapfd_new_dummy() sockets.
+Making the listeners fake a new incoming connection will be harder. */
+/* Listen on address:port.
+ * Special cases are address of "" listening on everything,
+ * and address of NULL listening on localhost only.
+ * Returns the number of sockets bound on success, or -1 on failure. On
+ * failure, if errstring wasn't NULL, it'll be a newly malloced error
+ * string.*/
+int fuzz_dropbear_listen(const char* UNUSED(address), const char* UNUSED(port),
+ int *UNUSED(socks), unsigned int UNUSED(sockcount), char **errstring, int *UNUSED(maxfd)) {
+ if (errstring) {
+ *errstring = m_strdup("fuzzing can't listen (yet)");
+ }
+ return -1;
+}
+
int fuzz_run_server(const uint8_t *Data, size_t Size, int skip_kexmaths, int postauth) {
static int once = 0;
if (!once) {
diff --git a/netio.c b/netio.c
index eee5119..83ae33c 100644
--- a/netio.c
+++ b/netio.c
@@ -461,6 +461,12 @@ int dropbear_listen(const char* address, const char* port,
int sock;
TRACE(("enter dropbear_listen"))
+
+#if DROPBEAR_FUZZ
+ if (fuzz.fuzzing) {
+ return fuzz_dropbear_listen(address, port, socks, sockcount, errstring, maxfd);
+ }
+#endif
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC; /* TODO: let them flag v4 only etc */