diff --git a/dbutil.c b/dbutil.c
index 64e87e8242d57953975331155177b381e8987b79..d04afb68d83d3fa1a9cc0a1d1e470bbbd328a6f0 100644
--- a/dbutil.c
+++ b/dbutil.c
@@ -531,22 +531,21 @@ void setnonblocking(int fd) {
TRACE(("setnonblocking: %d", fd))
+#ifdef DROPBEAR_FUZZ
+ if (fuzz.fuzzing) {
+ return;
+ }
+#endif
+
if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
if (errno == ENODEV) {
/* Some devices (like /dev/null redirected in)
* can't be set to non-blocking */
TRACE(("ignoring ENODEV for setnonblocking"))
} else {
-#ifdef DROPBEAR_FUZZ
- if (fuzz.fuzzing)
- {
- TRACE(("fuzzing ignore setnonblocking failure for %d", fd))
- }
- else
-#endif
- {
- dropbear_exit("Couldn't set nonblocking");
- }
+ {
+ dropbear_exit("Couldn't set nonblocking");
+ }
}
}
TRACE(("leave setnonblocking"))
diff --git a/fuzz-common.c b/fuzz-common.c
index 4c5da70cf699fcc8b4fc9bb977b9d6fbeb9a611b..2d9044c87b8cd9f0bfe1199e7e78a01a09120773 100644
--- a/fuzz-common.c
+++ b/fuzz-common.c
@@ -115,3 +115,19 @@ static void load_fixed_hostkeys(void) {
void fuzz_kex_fakealgos(void) {
ses.newkeys->recv.crypt_mode = &dropbear_mode_none;
}
+
+void fuzz_get_socket_address(int UNUSED(fd), char **local_host, char **local_port,
+ char **remote_host, char **remote_port, int UNUSED(host_lookup)) {
+ if (local_host) {
+ *local_host = m_strdup("fuzzlocalhost");
+ }
+ if (local_port) {
+ *local_port = m_strdup("1234");
+ }
+ if (remote_host) {
+ *remote_host = m_strdup("fuzzremotehost");
+ }
+ if (remote_port) {
+ *remote_port = m_strdup("9876");
+ }
+}
diff --git a/fuzz.h b/fuzz.h
index ae1a3dcb8e9346b380ca510d8e290fcb60b96bc8..92344400d6d0cb19f6f4cc1e429cee13db364121 100644
--- a/fuzz.h
+++ b/fuzz.h
@@ -24,6 +24,8 @@ int fuzz_checkpubkey_line(buffer* line, int line_num, char* filename,
const unsigned char* keyblob, unsigned int keybloblen);
extern const char * const * fuzz_signkey_names;
void fuzz_seed(void);
+void fuzz_get_socket_address(int fd, char **local_host, char **local_port,
+ char **remote_host, char **remote_port, int host_lookup);
// fake IO wrappers
#ifndef FUZZ_SKIP_WRAP
diff --git a/fuzzer-preauth.c b/fuzzer-preauth.c
index 247f11b3b47d51c4bfb0ca6318cd7425f48fac2b..7f314712468689472ac40091e6adc4070e597e93 100644
--- a/fuzzer-preauth.c
+++ b/fuzzer-preauth.c
@@ -36,7 +36,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
uint32_t wrapseed = buf_getint(fuzz.input);
wrapfd_setseed(wrapseed);
- int fakesock = 1;
+ int fakesock = 20;
wrapfd_add(fakesock, fuzz.input, PLAIN);
m_malloc_set_epoch(1);
diff --git a/fuzzer-pubkey.c b/fuzzer-pubkey.c
index c5b0e007818abdfa2904d32b643e4dfc777d4156..0b7c0f370c3cdce2b09bd9ac337ce392c76d201a 100644
--- a/fuzzer-pubkey.c
+++ b/fuzzer-pubkey.c
@@ -32,8 +32,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (setjmp(fuzz.jmp) == 0) {
fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys",
algoname, strlen(algoname),
- keyblob, strlen(keyblob));
- m_malloc_free_epoch(1, 0);
+ (unsigned char*)keyblob, strlen(keyblob));
+ m_malloc_free_epoch(1, 0);
} else {
m_malloc_free_epoch(1, 1);
TRACE(("dropbear_exit longjmped"))
diff --git a/netio.c b/netio.c
index b482431fb07c1d591608b0f1fafc9b225388d81c..f5e287a3ed96bd85af0cdd8c25296c18b3ec44f3 100644
--- a/netio.c
+++ b/netio.c
@@ -311,6 +311,12 @@ void set_sock_priority(int sock, enum dropbear_prio prio) {
int so_prio_val = 0;
#endif
+#ifdef DROPBEAR_FUZZ
+ if (fuzz.fuzzing) {
+ TRACE(("fuzzing skips set_sock_prio"))
+ return;
+ }
+#endif
/* Don't log ENOTSOCK errors so that this can harmlessly be called
* on a client '-J' proxy pipe */
@@ -482,40 +488,25 @@ void get_socket_address(int fd, char **local_host, char **local_port,
{
struct sockaddr_storage addr;
socklen_t addrlen;
+
+#if DROPBEAR_FUZZ
+ if (fuzz.fuzzing) {
+ fuzz_get_socket_address(fd, local_host, local_port, remote_host, remote_port, host_lookup);
+ return;
+ }
+#endif
if (local_host || local_port) {
addrlen = sizeof(addr);
if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
- if (errno == ENOTSOCK) {
- // FUZZ
- if (local_host) {
- *local_host = m_strdup("notsocket");
- }
- if (local_port) {
- *local_port = m_strdup("999");
- }
- return;
- } else {
- dropbear_exit("Failed socket address: %s", strerror(errno));
- }
+ dropbear_exit("Failed socket address: %s", strerror(errno));
}
getaddrstring(&addr, local_host, local_port, host_lookup);
}
if (remote_host || remote_port) {
addrlen = sizeof(addr);
if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
- if (errno == ENOTSOCK) {
- // FUZZ
- if (remote_host) {
- *remote_host = m_strdup("notsocket");
- }
- if (remote_port) {
- *remote_port = m_strdup("999");
- }
- return;
- } else {
- dropbear_exit("Failed socket address: %s", strerror(errno));
- }
+ dropbear_exit("Failed socket address: %s", strerror(errno));
}
getaddrstring(&addr, remote_host, remote_port, host_lookup);
}
@@ -569,18 +560,6 @@ void getaddrstring(struct sockaddr_storage* addr,
return;
} else {
/* if we can't do a numeric lookup, something's gone terribly wrong */
- if (ret == EAI_FAMILY) {
- // FUZZ
- // Fake it for non-socket input
- if (ret_host) {
- *ret_host = m_strdup("0.0.0.0");
- }
- if (ret_port)
- {
- *ret_port = m_strdup("999");
- }
- return;
- }
dropbear_exit("Failed lookup: %s", gai_strerror(ret));
}
}