summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--fuzz/fuzz-common.c15
-rw-r--r--fuzz/fuzz-wrapfd.c14
2 files changed, 23 insertions, 6 deletions
diff --git a/fuzz/fuzz-common.c b/fuzz/fuzz-common.c
index c9a3391..00b0606 100644
--- a/fuzz/fuzz-common.c
+++ b/fuzz/fuzz-common.c
@@ -230,10 +230,19 @@ int fuzz_spawn_command(int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t
if (ret_errfd) {
*ret_errfd = wrapfd_new_dummy();
}
- *ret_pid = 999;
- return DROPBEAR_SUCCESS;
-}
+ if (*ret_writefd == -1 || *ret_readfd == -1 || (ret_errfd && *ret_errfd == -1)) {
+ m_close(*ret_writefd);
+ m_close(*ret_readfd);
+ if (ret_errfd) {
+ m_close(*ret_errfd);
+ }
+ return DROPBEAR_FAILURE;
+ } else {
+ *ret_pid = 999;
+ return DROPBEAR_SUCCESS;
+ }
+}
/* Fake dropbear_listen, always returns failure for now.
TODO make it sometimes return success with wrapfd_new_dummy() sockets.
diff --git a/fuzz/fuzz-wrapfd.c b/fuzz/fuzz-wrapfd.c
index 1e2f4f6..784e79a 100644
--- a/fuzz/fuzz-wrapfd.c
+++ b/fuzz/fuzz-wrapfd.c
@@ -6,7 +6,8 @@
#include "fuzz.h"
-#define IOWRAP_MAXFD (FD_SETSIZE-1)
+// +100 might catch some limits...
+#define IOWRAP_MAXFD (FD_SETSIZE-1 + 100)
static const int MAX_RANDOM_IN = 50000;
static const double CHANCE_CLOSE = 1.0 / 600;
static const double CHANCE_INTR = 1.0 / 900;
@@ -75,7 +76,14 @@ int wrapfd_new_dummy() {
}
int fd = dup(devnull_fd);
- assert(fd != -1);
+ if (fd == -1) {
+ return -1;
+ }
+ if (fd > IOWRAP_MAXFD) {
+ close(fd);
+ errno = EMFILE;
+ return -1;
+ }
assert(wrap_fds[fd].mode == UNUSED);
wrap_fds[fd].mode = DUMMY;
wrap_fds[fd].closein = 0;
@@ -92,7 +100,7 @@ static void wrapfd_remove(int fd) {
assert(fd <= IOWRAP_MAXFD);
assert(wrap_fds[fd].mode != UNUSED);
wrap_fds[fd].mode = UNUSED;
- m_close(fd);
+ close(fd);
}
int wrapfd_close(int fd) {