1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00

Merge pull request #22236 from yuwata/fuzz-dhcp-server

fuzz-dhcp-server: three fixes or improvements
This commit is contained in:
Yu Watanabe 2022-01-25 02:19:22 +09:00 committed by GitHub
commit 0850fb78af
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 2 deletions

View File

@ -21,13 +21,17 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
_cleanup_(sd_dhcp_server_unrefp) sd_dhcp_server *server = NULL;
struct in_addr address = {.s_addr = htobe32(UINT32_C(10) << 24 | UINT32_C(1))};
static const uint8_t chaddr[] = {3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3};
_cleanup_free_ uint8_t *duped = NULL;
uint8_t *client_id;
DHCPLease *lease;
if (size < sizeof(DHCPMessage))
return 0;
assert_se(duped = memdup(data, size));
assert_se(sd_dhcp_server_new(&server, 1) >= 0);
assert_se(sd_dhcp_server_attach_event(server, NULL, 0) >= 0);
server->fd = open("/dev/null", O_RDWR|O_CLOEXEC|O_NOCTTY);
assert_se(server->fd >= 0);
assert_se(sd_dhcp_server_configure_pool(server, &address, 24, 0, 0) >= 0);
@ -44,12 +48,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
lease->address = htobe32(UINT32_C(10) << 24 | UINT32_C(2));
lease->gateway = htobe32(UINT32_C(10) << 24 | UINT32_C(1));
lease->expiration = UINT64_MAX;
memcpy(lease->chaddr, chaddr, 16);
lease->htype = ARPHRD_ETHER;
lease->hlen = ETH_ALEN;
memcpy(lease->chaddr, chaddr, ETH_ALEN);
assert_se(hashmap_ensure_put(&server->bound_leases_by_client_id, &dhcp_lease_hash_ops, &lease->client_id, lease) >= 0);
assert_se(hashmap_ensure_put(&server->bound_leases_by_address, NULL, UINT32_TO_PTR(lease->address), lease) >= 0);
lease->server = server;
(void) dhcp_server_handle_message(server, (DHCPMessage*)data, size);
(void) dhcp_server_handle_message(server, (DHCPMessage*) duped, size);
return 0;
}