shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-25 10:04:04 +03:00
Code

fuzz-dhcp-server: add static leases

Browse Source
This commit is contained in:
Yu Watanabe 2022-01-28 10:12:00 +09:00
parent 6796c5a9c4
commit a46abf2e34
1 changed files with 40 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
src/libsystemd-network/fuzz-dhcp-server.c
View File

@ -17,13 +17,42 @@ ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags) {
return 0;
}
static void add_lease(sd_dhcp_server *server, const struct in_addr *server_address, uint8_t i) {
static const uint8_t chaddr[] = {3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3};
DHCPLease *lease;
assert(server);
assert_se(lease = new0(DHCPLease, 1));
lease->client_id.length = 2;
assert_se(lease->client_id.data = malloc(2));
lease->client_id.data[0] = 2;
lease->client_id.data[1] = i;
lease->address = htobe32(UINT32_C(10) << 24 | i);
lease->gateway = server_address->s_addr;
lease->expiration = UINT64_MAX;
lease->htype = ARPHRD_ETHER;
lease->hlen = ETH_ALEN;
memcpy(lease->chaddr, chaddr, ETH_ALEN);
assert_se(hashmap_ensure_put(&server->bound_leases_by_client_id, &dhcp_lease_hash_ops, &lease->client_id, lease) >= 0);
assert_se(hashmap_ensure_put(&server->bound_leases_by_address, NULL, UINT32_TO_PTR(lease->address), lease) >= 0);
lease->server = server;
}
static void add_static_lease(sd_dhcp_server *server, uint8_t i) {
uint8_t id[2] = { 2, i };
assert(server);
assert_se(sd_dhcp_server_set_static_lease(server,
&(struct in_addr) { .s_addr = htobe32(UINT32_C(10) << 24 | i)},
id, ELEMENTSOF(id)) >= 0);
}
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
_cleanup_(sd_dhcp_server_unrefp) sd_dhcp_server *server = NULL;
struct in_addr address = {.s_addr = htobe32(UINT32_C(10) << 24 | UINT32_C(1))};
static const uint8_t chaddr[] = {3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3};
struct in_addr address = { .s_addr = htobe32(UINT32_C(10) << 24 | UINT32_C(1))};
_cleanup_free_ uint8_t *duped = NULL;
uint8_t *client_id;
DHCPLease *lease;
if (size < sizeof(DHCPMessage))
return 0;
@ -36,24 +65,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
assert_se(server->fd >= 0);
assert_se(sd_dhcp_server_configure_pool(server, &address, 24, 0, 0) >= 0);
/* add a lease to the pool to expose additional code paths */
client_id = malloc(2);
assert_se(client_id);
client_id[0] = 2;
client_id[1] = 2;
lease = new0(DHCPLease, 1);
assert_se(lease);
lease->client_id.length = 2;
lease->client_id.data = client_id;
lease->address = htobe32(UINT32_C(10) << 24 | UINT32_C(2));
lease->gateway = htobe32(UINT32_C(10) << 24 | UINT32_C(1));
lease->expiration = UINT64_MAX;
lease->htype = ARPHRD_ETHER;
lease->hlen = ETH_ALEN;
memcpy(lease->chaddr, chaddr, ETH_ALEN);
assert_se(hashmap_ensure_put(&server->bound_leases_by_client_id, &dhcp_lease_hash_ops, &lease->client_id, lease) >= 0);
assert_se(hashmap_ensure_put(&server->bound_leases_by_address, NULL, UINT32_TO_PTR(lease->address), lease) >= 0);
lease->server = server;
/* add leases to the pool to expose additional code paths */
add_lease(server, &address, 2);
add_lease(server, &address, 3);
/* add static leases */
add_static_lease(server, 3);
add_static_lease(server, 4);
(void) dhcp_server_handle_message(server, (DHCPMessage*) duped, size);