diff options
-rw-r--r-- | fuzz.h | 3 | ||||
-rw-r--r-- | fuzz/fuzz-common.c | 17 | ||||
-rw-r--r-- | netio.c | 6 |
3 files changed, 26 insertions, 0 deletions
@@ -42,6 +42,9 @@ struct dropbear_progress_connection *fuzz_connect_remote(const char* remotehost, connect_callback cb, void* cb_data, const char* bind_address, const char* bind_port); +int fuzz_dropbear_listen(const char* address, const char* port, + int *socks, unsigned int sockcount, char **errstring, int *maxfd); + // helpers void fuzz_get_socket_address(int fd, char **local_host, char **local_port, char **remote_host, char **remote_port, int host_lookup); diff --git a/fuzz/fuzz-common.c b/fuzz/fuzz-common.c index f251e81..887308a 100644 --- a/fuzz/fuzz-common.c +++ b/fuzz/fuzz-common.c @@ -255,6 +255,23 @@ struct dropbear_progress_connection *fuzz_connect_remote(const char* UNUSED(remo return NULL; } +/* Fake dropbear_listen, always returns failure for now. +TODO make it sometimes return success with wrapfd_new_dummy() sockets. +Making the listeners fake a new incoming connection will be harder. */ +/* Listen on address:port. + * Special cases are address of "" listening on everything, + * and address of NULL listening on localhost only. + * Returns the number of sockets bound on success, or -1 on failure. On + * failure, if errstring wasn't NULL, it'll be a newly malloced error + * string.*/ +int fuzz_dropbear_listen(const char* UNUSED(address), const char* UNUSED(port), + int *UNUSED(socks), unsigned int UNUSED(sockcount), char **errstring, int *UNUSED(maxfd)) { + if (errstring) { + *errstring = m_strdup("fuzzing can't listen (yet)"); + } + return -1; +} + int fuzz_run_server(const uint8_t *Data, size_t Size, int skip_kexmaths, int postauth) { static int once = 0; if (!once) { @@ -461,6 +461,12 @@ int dropbear_listen(const char* address, const char* port, int sock; TRACE(("enter dropbear_listen")) + +#if DROPBEAR_FUZZ + if (fuzz.fuzzing) { + return fuzz_dropbear_listen(address, port, socks, sockcount, errstring, maxfd); + } +#endif memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; /* TODO: let them flag v4 only etc */ |