src/fuzz/fuzz-dhcp-server.c

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2 /***
   3   Copyright 2018 Jonathan Rudenberg
   4
   5   systemd is free software; you can redistribute it and/or modify it
   6   under the terms of the GNU Lesser General Public License as published by
   7   the Free Software Foundation; either version 2.1 of the License, or
   8   (at your option) any later version.
   9
  10   systemd is distributed in the hope that it will be useful, but
  11   WITHOUT ANY WARRANTY; without even the implied warranty of
  12   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  13   Lesser General Public License for more details.
  14
  15   You should have received a copy of the GNU Lesser General Public License
  16   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  17 ***/
  18
  19 #include "fuzz.h"
  20
  21 #include "sd-dhcp-server.c"
  22
  23 /* stub out network so that the server doesn't send */
  24 ssize_t sendto(int sockfd, const void *buf, size_t len, int flags, const struct sockaddr *dest_addr, socklen_t addrlen) {
  25         return len;
  26 }
  27
  28 ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags) {
  29         return 0;
  30 }
  31
  32 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  33         _cleanup_(sd_dhcp_server_unrefp) sd_dhcp_server *server = NULL;
  34         struct in_addr address = {.s_addr = htobe32(UINT32_C(10) << 24 | UINT32_C(1))};
  35         static const uint8_t chaddr[] = {3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3};
  36         uint8_t *client_id;
  37         DHCPLease *lease;
  38         int pool_offset;
  39
  40         if (size < sizeof(DHCPMessage))
  41                 return 0;
  42
  43         assert_se(sd_dhcp_server_new(&server, 1) >= 0);
  44         server->fd = open("/dev/null", O_RDWR|O_CLOEXEC|O_NOCTTY);
  45         assert_se(server->fd >= 0);
  46         assert_se(sd_dhcp_server_configure_pool(server, &address, 24, 0, 0) >= 0);
  47
  48         /* add a lease to the pool to expose additional code paths */
  49         client_id = malloc(2);
  50         assert_se(client_id);
  51         client_id[0] = 2;
  52         client_id[1] = 2;
  53         lease = new0(DHCPLease, 1);
  54         assert_se(lease);
  55         lease->client_id.length = 2;
  56         lease->client_id.data = client_id;
  57         lease->address = htobe32(UINT32_C(10) << 24 | UINT32_C(2));
  58         lease->gateway = htobe32(UINT32_C(10) << 24 | UINT32_C(1));
  59         lease->expiration = UINT64_MAX;
  60         memcpy(lease->chaddr, chaddr, 16);
  61         pool_offset = get_pool_offset(server, lease->address);
  62         server->bound_leases[pool_offset] = lease;
  63         assert_se(hashmap_put(server->leases_by_client_id, &lease->client_id, lease) >= 0);
  64
  65         (void) dhcp_server_handle_message(server, (DHCPMessage*)data, size);
  66
  67         return 0;
  68 }