diff options
-rw-r--r-- | fuzz/fuzz-common.c | 15 | ||||
-rw-r--r-- | fuzz/fuzz-wrapfd.c | 14 |
2 files changed, 23 insertions, 6 deletions
diff --git a/fuzz/fuzz-common.c b/fuzz/fuzz-common.c index c9a3391..00b0606 100644 --- a/fuzz/fuzz-common.c +++ b/fuzz/fuzz-common.c @@ -230,10 +230,19 @@ int fuzz_spawn_command(int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t if (ret_errfd) { *ret_errfd = wrapfd_new_dummy(); } - *ret_pid = 999; - return DROPBEAR_SUCCESS; -} + if (*ret_writefd == -1 || *ret_readfd == -1 || (ret_errfd && *ret_errfd == -1)) { + m_close(*ret_writefd); + m_close(*ret_readfd); + if (ret_errfd) { + m_close(*ret_errfd); + } + return DROPBEAR_FAILURE; + } else { + *ret_pid = 999; + return DROPBEAR_SUCCESS; + } +} /* Fake dropbear_listen, always returns failure for now. TODO make it sometimes return success with wrapfd_new_dummy() sockets. diff --git a/fuzz/fuzz-wrapfd.c b/fuzz/fuzz-wrapfd.c index 1e2f4f6..784e79a 100644 --- a/fuzz/fuzz-wrapfd.c +++ b/fuzz/fuzz-wrapfd.c @@ -6,7 +6,8 @@ #include "fuzz.h" -#define IOWRAP_MAXFD (FD_SETSIZE-1) +// +100 might catch some limits... +#define IOWRAP_MAXFD (FD_SETSIZE-1 + 100) static const int MAX_RANDOM_IN = 50000; static const double CHANCE_CLOSE = 1.0 / 600; static const double CHANCE_INTR = 1.0 / 900; @@ -75,7 +76,14 @@ int wrapfd_new_dummy() { } int fd = dup(devnull_fd); - assert(fd != -1); + if (fd == -1) { + return -1; + } + if (fd > IOWRAP_MAXFD) { + close(fd); + errno = EMFILE; + return -1; + } assert(wrap_fds[fd].mode == UNUSED); wrap_fds[fd].mode = DUMMY; wrap_fds[fd].closein = 0; @@ -92,7 +100,7 @@ static void wrapfd_remove(int fd) { assert(fd <= IOWRAP_MAXFD); assert(wrap_fds[fd].mode != UNUSED); wrap_fds[fd].mode = UNUSED; - m_close(fd); + close(fd); } int wrapfd_close(int fd) { |