shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-10-27 10:25:37 +03:00
Code

fuzz-dhcp6-client: merge with fuzz-dhcp6-client-send

Browse Source
This commit is contained in:
Yu Watanabe 2022-02-08 01:19:27 +09:00
parent 013c6904fa
commit 7b53d3ead3
8 changed files with 19 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/libsystemd-network/dhcp6-internal.h
View File

@ -85,6 +85,7 @@ int dhcp6_network_bind_udp_socket(int ifindex, struct in6_addr *address);
int dhcp6_network_send_udp_socket(int s, struct in6_addr *address,
const void *packet, size_t len);
int dhcp6_client_send_message(sd_dhcp6_client *client);
void dhcp6_client_set_test_mode(sd_dhcp6_client *client, bool test_mode);
int dhcp6_client_set_transaction_id(sd_dhcp6_client *client, uint32_t transaction_id);

54
src/libsystemd-network/fuzz-dhcp6-client-send.c
View File

@ -1,54 +0,0 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "fuzz.h"
#include "sd-dhcp6-client.c"
int dhcp6_network_send_udp_socket(int s, struct in6_addr *server_address,
const void *packet, size_t len) {
return len;
}
int dhcp6_network_bind_udp_socket(int index, struct in6_addr *local_address) {
int fd;
fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 0);
assert_se(fd >= 0);
return fd;
}
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
_cleanup_(sd_event_unrefp) sd_event *e = NULL;
_cleanup_(sd_dhcp6_client_unrefp) sd_dhcp6_client *client = NULL;
struct in6_addr address = { { { 0xfe, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01 } } };
int r;
if (size < sizeof(DHCP6Message))
return 0;
assert_se(sd_event_new(&e) >= 0);
assert_se(sd_dhcp6_client_new(&client) >= 0);
assert_se(sd_dhcp6_client_attach_event(client, e, 0) >= 0);
assert_se(sd_dhcp6_client_set_ifindex(client, 42) == 0);
assert_se(sd_dhcp6_client_set_fqdn(client, "example.com") == 1);
assert_se(sd_dhcp6_client_set_request_mud_url(client, "https://www.example.com/mudfile.json") >= 0);
assert_se(sd_dhcp6_client_set_request_user_class(client, STRV_MAKE("u1", "u2", "u3")) >= 0);
assert_se(sd_dhcp6_client_set_request_vendor_class(client, STRV_MAKE("v1", "v2", "v3")) >= 0);
assert_se(sd_dhcp6_client_set_local_address(client, &address) >= 0);
assert_se(sd_dhcp6_client_set_information_request(client, false) == 0);
dhcp6_client_set_test_mode(client, true);
assert_se(sd_dhcp6_client_start(client) >= 0);
assert_se(dhcp6_client_set_transaction_id(client, ((const DHCP6Message *) data)->transaction_id) == 0);
r = client_process_advertise_or_rapid_commit_reply(client, (DHCP6Message *) data, size, NULL, NULL);
if (r < 0)
goto cleanup;
if (client->state != DHCP6_STATE_REQUEST)
client->state = DHCP6_STATE_SOLICITATION;
(void) client_send_message(client);
cleanup:
assert_se(sd_dhcp6_client_stop(client) >= 0);
return 0;
}

16
src/libsystemd-network/fuzz-dhcp6-client.c
View File

@ -30,6 +30,10 @@ static void fuzz_client(sd_dhcp6_client *client, const uint8_t *data, size_t siz
if (size >= sizeof(DHCP6Message))
assert_se(dhcp6_client_set_transaction_id(client, ((const DHCP6Message *) data)->transaction_id) == 0);
/* These states does not require lease to send message. */
if (IN_SET(client->state, DHCP6_STATE_INFORMATION_REQUEST, DHCP6_STATE_SOLICITATION))
assert_se(dhcp6_client_send_message(client) >= 0);
assert_se(write(test_dhcp_fd[1], data, size) == (ssize_t) size);
assert_se(sd_event_run(sd_dhcp6_client_get_event(client), UINT64_MAX) > 0);
@ -50,6 +54,12 @@ static void fuzz_client(sd_dhcp6_client *client, const uint8_t *data, size_t siz
assert_not_reached();
}
/* Send message if the client has a lease. */
if (state != DHCP6_STATE_INFORMATION_REQUEST && sd_dhcp6_client_get_lease(client, NULL) >= 0) {
client->state = DHCP6_STATE_REQUEST;
dhcp6_client_send_message(client);
}
assert_se(sd_dhcp6_client_stop(client) >= 0);
test_dhcp_fd[1] = safe_close(test_dhcp_fd[1]);
@ -70,6 +80,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
assert_se(sd_dhcp6_client_set_local_address(client, &address) >= 0);
dhcp6_client_set_test_mode(client, true);
/* Used when sending message. */
assert_se(sd_dhcp6_client_set_fqdn(client, "example.com") == 1);
assert_se(sd_dhcp6_client_set_request_mud_url(client, "https://www.example.com/mudfile.json") >= 0);
assert_se(sd_dhcp6_client_set_request_user_class(client, STRV_MAKE("u1", "u2", "u3")) >= 0);
assert_se(sd_dhcp6_client_set_request_vendor_class(client, STRV_MAKE("v1", "v2", "v3")) >= 0);
fuzz_client(client, data, size, DHCP6_STATE_INFORMATION_REQUEST);
fuzz_client(client, data, size, DHCP6_STATE_SOLICITATION);

4
src/libsystemd-network/meson.build
View File

@ -115,10 +115,6 @@ fuzzers += [
[libshared,
libsystemd_network]],
[files('fuzz-dhcp6-client-send.c'),
[libshared,
libsystemd_network]],
[files('fuzz-dhcp-server.c'),
[libsystemd_network,
libshared]],

4
src/libsystemd-network/sd-dhcp6-client.c
View File

@ -637,7 +637,7 @@ static DHCP6MessageType client_message_type_from_state(sd_dhcp6_client *client)
}
}
static int client_send_message(sd_dhcp6_client *client) {
int dhcp6_client_send_message(sd_dhcp6_client *client) {
_cleanup_free_ DHCP6Message *message = NULL;
struct in6_addr all_servers =
IN6ADDR_ALL_DHCP6_RELAY_AGENTS_AND_SERVERS_INIT;
@ -813,7 +813,7 @@ static int client_timeout_resend(sd_event_source *s, uint64_t usec, void *userda
assert_not_reached();
}
r = client_send_message(client);
r = dhcp6_client_send_message(client);
if (r >= 0)
client->retransmit_count++;

0
test/fuzz/fuzz-dhcp6-client-send/12ad30d317800d7f731c1c8bc0854e531d5ef928 → test/fuzz/fuzz-dhcp6-client/12ad30d317800d7f731c1c8bc0854e531d5ef928
View File

0
test/fuzz/fuzz-dhcp6-client-send/crash-a93b8ba024ada36014c29c25cc90c668fd91ce7f → test/fuzz/fuzz-dhcp6-client/crash-a93b8ba024ada36014c29c25cc90c668fd91ce7f
View File

0
test/fuzz/fuzz-dhcp6-client-send/f202c4dff34d15e41c032a66ed25d89154be1f6d → test/fuzz/fuzz-dhcp6-client/f202c4dff34d15e41c032a66ed25d89154be1f6d
View File