[#640,!351] Access port from value given on the command line

The "-p" command-line switch (a debug option) tells Kea what port
to listen on.  This is easily accessible by the Fuzz object, so
get the port from this instead of an environment variable (which
had to be equal to the value given to the -p switch anyway.)

diff --git a/src/bin/dhcp4/dhcp4_srv.cc b/src/bin/dhcp4/dhcp4_srv.cc
index d4237e89e0812afe45ece6195905a361f1f01689..c72bb9ab1e296106dec02926e9111098f6cf8164 100644 (file)
--- a/src/bin/dhcp4/dhcp4_srv.cc
+++ b/src/bin/dhcp4/dhcp4_srv.cc
@@ -770,7 +770,7 @@ bool
 Dhcpv4Srv::run() {
 #ifdef ENABLE_AFL
     // Set up structures needed for fuzzing.
-    Fuzz fuzzer(4);
+    Fuzz fuzzer(4, server_port_);
     //
     // The next line is needed as a signature for AFL to recognise that we are
     // running persistent fuzzing.  This has to be in the main image file.

diff --git a/src/bin/dhcp6/dhcp6_srv.cc b/src/bin/dhcp6/dhcp6_srv.cc
index 8eb83663da37417689ad87a314bf62a502931bb9..e6bc92e42dd0886a5ce7a8181b754ab074f29664 100644 (file)
--- a/src/bin/dhcp6/dhcp6_srv.cc
+++ b/src/bin/dhcp6/dhcp6_srv.cc
@@ -445,7 +445,7 @@ Dhcpv6Srv::initContext(const Pkt6Ptr& pkt,
 bool Dhcpv6Srv::run() {
 #ifdef ENABLE_AFL
     // Set up structures needed for fuzzing.
-    Fuzz fuzzer(6);
+    Fuzz fuzzer(6, server_port_);
     //
     // The next line is needed as a signature for AFL to recognise that we are
     // running persistent fuzzing.  This has to be in the main image file.

diff --git a/src/lib/dhcpsrv/fuzz.cc b/src/lib/dhcpsrv/fuzz.cc
index adc3c5c2d245d145ade3073b6284b7f65bdfb486..25e2a9c80898e028494db7b58853cae7e5583d7e 100644 (file)
--- a/src/lib/dhcpsrv/fuzz.cc
+++ b/src/lib/dhcpsrv/fuzz.cc
@@ -38,9 +38,9 @@ constexpr size_t        Fuzz::MAX_SEND_SIZE;
 constexpr long          Fuzz::MAX_LOOP_COUNT;
 
 // Constructor
-Fuzz::Fuzz(int ipversion) :
-    address_(nullptr), interface_(nullptr), loop_max_(MAX_LOOP_COUNT), port_(0),
-    sockaddr_len_(0), sockaddr_ptr_(nullptr), sockfd_(-1) {
+Fuzz::Fuzz(int ipversion, uint16_t port) :
+    address_(nullptr), interface_(nullptr), loop_max_(MAX_LOOP_COUNT),
+    port_(port), sockaddr_len_(0), sockaddr_ptr_(nullptr), sockfd_(-1) {
 
     try {
         stringstream reason;    // Used to construct exception messages
@@ -103,25 +103,13 @@ Fuzz::setAddress(int ipversion) {
         isc_throw(FuzzInitFail, "no fuzzing interface has been set");
     }
 
-    // Now the address.
+    // Now the address. (The port is specified via the "-p" command-line
+    // switch and passed to this object through the constructor.)
     address_ = getenv("FUZZ_AFL_ADDRESS");
     if (address_ == 0) {
         isc_throw(FuzzInitFail, "no fuzzing address has been set");
     }
 
-    // ... and the port.
-    const char *port_ptr = getenv("FUZZ_AFL_PORT");
-    if (port_ptr == 0) {
-        isc_throw(FuzzInitFail, "no fuzzing port has been set");
-    }
-    try {
-        port_ = boost::lexical_cast<uint16_t>(port_ptr);
-    } catch (const boost::bad_lexical_cast&) {
-        reason << "cannot convert port number specification "
-               << port_ptr << " to an integer";
-        isc_throw(FuzzInitFail, reason.str());
-    }
-
     // Set up the appropriate data structure depending on the address given.
     if ((strstr(address_, ":") != NULL) && (ipversion == 6)) {
         // Expecting IPv6 and the address contains a colon, so assume it is an

diff --git a/src/lib/dhcpsrv/fuzz.h b/src/lib/dhcpsrv/fuzz.h
index 3c66e6916afa0cedea7d6c4b8f3c34088d30a48f..ae7293cf86729bb364b70d751003607a71da3a7b 100644 (file)
--- a/src/lib/dhcpsrv/fuzz.h
+++ b/src/lib/dhcpsrv/fuzz.h
@@ -73,7 +73,9 @@ public:
     ///
     /// @param ipversion Either 4 or 6 depending on what IP version the
     ///                  server responds to.
-    Fuzz(int ipversion);
+    /// @param port      Port on which the server is listening, and hence the
+    ///                  port to which the fuzzer will send input from AFL.
+    Fuzz(int ipversion, uint16_t port);
 
     /// @brief Destructor
     ///