summaryrefslogtreecommitdiffhomepage
path: root/fuzz/fuzz-common.c
diff options
context:
space:
mode:
authorMatt Johnston <matt@ucc.asn.au>2021-03-05 22:51:11 +0800
committerMatt Johnston <matt@ucc.asn.au>2021-03-05 22:51:11 +0800
commitd0d1ede191cbc8dfa1748990a052ef90f000b55b (patch)
tree6d434414630167b873b9706a5401b14f6fb6e594 /fuzz/fuzz-common.c
parent3c2f113a783651aae7612dcffdc8e74a9db69702 (diff)
fuzz: fix crash in newtcpdirect(), don't close the channel too early
Diffstat (limited to 'fuzz/fuzz-common.c')
-rw-r--r--fuzz/fuzz-common.c20
1 files changed, 0 insertions, 20 deletions
diff --git a/fuzz/fuzz-common.c b/fuzz/fuzz-common.c
index 9cc6d75..c9a3391 100644
--- a/fuzz/fuzz-common.c
+++ b/fuzz/fuzz-common.c
@@ -235,26 +235,6 @@ int fuzz_spawn_command(int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t
}
-struct dropbear_progress_connection *fuzz_connect_remote(const char* UNUSED(remotehost), const char* UNUSED(remoteport),
- connect_callback cb, void* cb_data,
- const char* UNUSED(bind_address), const char* UNUSED(bind_port)) {
- /* This replacement for connect_remote() has slightly different semantics
- to the real thing. It should probably be replaced with something more sophisticated.
- It calls the callback cb() immediately rather than
- in a future session loop iteration with set_connect_fds()/handle_connect_fds().
- This could cause problems depending on how connect_remote() is used. In particular
- the callback can close a channel - that can cause use-after-free. */
- char r;
- genrandom((void*)&r, 1);
- if (r & 1) {
- int sock = wrapfd_new_dummy();
- cb(DROPBEAR_SUCCESS, sock, cb_data, NULL);
- } else {
- cb(DROPBEAR_FAILURE, -1, cb_data, "errorstring");
- }
- return NULL;
-}
-
/* Fake dropbear_listen, always returns failure for now.
TODO make it sometimes return success with wrapfd_new_dummy() sockets.
Making the listeners fake a new incoming connection will be harder. */