From: Stephen Morris Date: Tue, 2 Jul 2019 14:34:30 +0000 (+0100) Subject: [#640,!351] Access port from value given on the command line X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=10f5de01a01552cd1cb20bb33721e79a23704107;p=thirdparty%2Fkea.git [#640,!351] Access port from value given on the command line The "-p" command-line switch (a debug option) tells Kea what port to listen on. This is easily accessible by the Fuzz object, so get the port from this instead of an environment variable (which had to be equal to the value given to the -p switch anyway.) --- diff --git a/src/bin/dhcp4/dhcp4_srv.cc b/src/bin/dhcp4/dhcp4_srv.cc index d4237e89e0..c72bb9ab1e 100644 --- a/src/bin/dhcp4/dhcp4_srv.cc +++ b/src/bin/dhcp4/dhcp4_srv.cc @@ -770,7 +770,7 @@ bool Dhcpv4Srv::run() { #ifdef ENABLE_AFL // Set up structures needed for fuzzing. - Fuzz fuzzer(4); + Fuzz fuzzer(4, server_port_); // // The next line is needed as a signature for AFL to recognise that we are // running persistent fuzzing. This has to be in the main image file. diff --git a/src/bin/dhcp6/dhcp6_srv.cc b/src/bin/dhcp6/dhcp6_srv.cc index 8eb83663da..e6bc92e42d 100644 --- a/src/bin/dhcp6/dhcp6_srv.cc +++ b/src/bin/dhcp6/dhcp6_srv.cc @@ -445,7 +445,7 @@ Dhcpv6Srv::initContext(const Pkt6Ptr& pkt, bool Dhcpv6Srv::run() { #ifdef ENABLE_AFL // Set up structures needed for fuzzing. - Fuzz fuzzer(6); + Fuzz fuzzer(6, server_port_); // // The next line is needed as a signature for AFL to recognise that we are // running persistent fuzzing. This has to be in the main image file. diff --git a/src/lib/dhcpsrv/fuzz.cc b/src/lib/dhcpsrv/fuzz.cc index adc3c5c2d2..25e2a9c808 100644 --- a/src/lib/dhcpsrv/fuzz.cc +++ b/src/lib/dhcpsrv/fuzz.cc @@ -38,9 +38,9 @@ constexpr size_t Fuzz::MAX_SEND_SIZE; constexpr long Fuzz::MAX_LOOP_COUNT; // Constructor -Fuzz::Fuzz(int ipversion) : - address_(nullptr), interface_(nullptr), loop_max_(MAX_LOOP_COUNT), port_(0), - sockaddr_len_(0), sockaddr_ptr_(nullptr), sockfd_(-1) { +Fuzz::Fuzz(int ipversion, uint16_t port) : + address_(nullptr), interface_(nullptr), loop_max_(MAX_LOOP_COUNT), + port_(port), sockaddr_len_(0), sockaddr_ptr_(nullptr), sockfd_(-1) { try { stringstream reason; // Used to construct exception messages @@ -103,25 +103,13 @@ Fuzz::setAddress(int ipversion) { isc_throw(FuzzInitFail, "no fuzzing interface has been set"); } - // Now the address. + // Now the address. (The port is specified via the "-p" command-line + // switch and passed to this object through the constructor.) address_ = getenv("FUZZ_AFL_ADDRESS"); if (address_ == 0) { isc_throw(FuzzInitFail, "no fuzzing address has been set"); } - // ... and the port. - const char *port_ptr = getenv("FUZZ_AFL_PORT"); - if (port_ptr == 0) { - isc_throw(FuzzInitFail, "no fuzzing port has been set"); - } - try { - port_ = boost::lexical_cast(port_ptr); - } catch (const boost::bad_lexical_cast&) { - reason << "cannot convert port number specification " - << port_ptr << " to an integer"; - isc_throw(FuzzInitFail, reason.str()); - } - // Set up the appropriate data structure depending on the address given. if ((strstr(address_, ":") != NULL) && (ipversion == 6)) { // Expecting IPv6 and the address contains a colon, so assume it is an diff --git a/src/lib/dhcpsrv/fuzz.h b/src/lib/dhcpsrv/fuzz.h index 3c66e6916a..ae7293cf86 100644 --- a/src/lib/dhcpsrv/fuzz.h +++ b/src/lib/dhcpsrv/fuzz.h @@ -73,7 +73,9 @@ public: /// /// @param ipversion Either 4 or 6 depending on what IP version the /// server responds to. - Fuzz(int ipversion); + /// @param port Port on which the server is listening, and hence the + /// port to which the fuzzer will send input from AFL. + Fuzz(int ipversion, uint16_t port); /// @brief Destructor ///