From e12ff23e7d530613f7e876d366b52d04072a0e06 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sun, 6 Dec 2020 21:54:01 +0800
Subject: fuzz: add an always-failing dropbear_listen() replacement

---
 fuzz.h             |  3 +++
 fuzz/fuzz-common.c | 17 +++++++++++++++++
 netio.c            |  6 ++++++
 3 files changed, 26 insertions(+)

diff --git a/fuzz.h b/fuzz.h
index 21fb1f9..6525e40 100644
--- a/fuzz.h
+++ b/fuzz.h
@@ -42,6 +42,9 @@ struct dropbear_progress_connection *fuzz_connect_remote(const char* remotehost,
     connect_callback cb, void* cb_data,
     const char* bind_address, const char* bind_port);
 
+int fuzz_dropbear_listen(const char* address, const char* port,
+        int *socks, unsigned int sockcount, char **errstring, int *maxfd);
+
 // helpers
 void fuzz_get_socket_address(int fd, char **local_host, char **local_port,
                         char **remote_host, char **remote_port, int host_lookup);
diff --git a/fuzz/fuzz-common.c b/fuzz/fuzz-common.c
index f251e81..887308a 100644
--- a/fuzz/fuzz-common.c
+++ b/fuzz/fuzz-common.c
@@ -255,6 +255,23 @@ struct dropbear_progress_connection *fuzz_connect_remote(const char* UNUSED(remo
     return NULL;
 }
 
+/* Fake dropbear_listen, always returns failure for now.
+TODO make it sometimes return success with wrapfd_new_dummy() sockets.
+Making the listeners fake a new incoming connection will be harder. */
+/* Listen on address:port. 
+ * Special cases are address of "" listening on everything,
+ * and address of NULL listening on localhost only.
+ * Returns the number of sockets bound on success, or -1 on failure. On
+ * failure, if errstring wasn't NULL, it'll be a newly malloced error
+ * string.*/
+int fuzz_dropbear_listen(const char* UNUSED(address), const char* UNUSED(port),
+        int *UNUSED(socks), unsigned int UNUSED(sockcount), char **errstring, int *UNUSED(maxfd)) {
+    if (errstring) {
+        *errstring = m_strdup("fuzzing can't listen (yet)");
+    }
+    return -1;
+}
+
 int fuzz_run_server(const uint8_t *Data, size_t Size, int skip_kexmaths, int postauth) {
     static int once = 0;
     if (!once) {
diff --git a/netio.c b/netio.c
index eee5119..83ae33c 100644
--- a/netio.c
+++ b/netio.c
@@ -461,6 +461,12 @@ int dropbear_listen(const char* address, const char* port,
 	int sock;
 
 	TRACE(("enter dropbear_listen"))
+
+#if DROPBEAR_FUZZ
+	if (fuzz.fuzzing) {
+		return fuzz_dropbear_listen(address, port, socks, sockcount, errstring, maxfd);
+	}
+#endif
 	
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = AF_UNSPEC; /* TODO: let them flag v4 only etc */
-- 
cgit v1.2.3