tests: fuzz client_send_message

author Evgeny Vereshchagin <evvers@ya.ru>

Tue, 1 Feb 2022 13:11:41 +0000 (13:11 +0000)

committer Yu Watanabe <watanabe.yu+github@gmail.com>

Thu, 3 Feb 2022 04:43:49 +0000 (13:43 +0900)
author Evgeny Vereshchagin <evvers@ya.ru>
Tue, 1 Feb 2022 13:11:41 +0000 (13:11 +0000)
committer Yu Watanabe <watanabe.yu+github@gmail.com>
Thu, 3 Feb 2022 04:43:49 +0000 (13:43 +0900)
diff --git a/src/libsystemd-network/fuzz-dhcp6-client-send.c b/src/libsystemd-network/fuzz-dhcp6-client-send.c

new file mode 100644 (file)

index 0000000..4840141
--- /dev/null
+++ b/src/libsystemd-network/fuzz-dhcp6-client-send.c
@@ -0,0 +1,59 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "fuzz.h"
+
+#include "sd-dhcp6-client.c"
+
+int dhcp6_network_send_udp_socket(int s, struct in6_addr *server_address,
+                                  const void *packet, size_t len) {
+        return len;
+}
+
+int dhcp6_network_bind_udp_socket(int index, struct in6_addr *local_address) {
+        int fd;
+
+        fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 0);
+        assert_se(fd >= 0);
+
+        return fd;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+        _cleanup_(sd_event_unrefp) sd_event *e = NULL;
+        _cleanup_(sd_dhcp6_client_unrefp) sd_dhcp6_client *client = NULL;
+        struct in6_addr address = { { { 0xfe, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01 } } };
+        triple_timestamp t = {};
+        usec_t time_now;
+        int r;
+
+        if (size < sizeof(DHCP6Message))
+                return 0;
+
+        assert_se(sd_event_new(&e) >= 0);
+        assert_se(sd_dhcp6_client_new(&client) >= 0);
+        assert_se(sd_dhcp6_client_attach_event(client, e, 0) >= 0);
+        assert_se(sd_dhcp6_client_set_ifindex(client, 42) == 0);
+        assert_se(sd_dhcp6_client_set_fqdn(client, "example.com") == 1);
+        assert_se(sd_dhcp6_client_set_request_mud_url(client, "https://www.example.com/mudfile.json") >= 0);
+        assert_se(sd_dhcp6_client_set_request_user_class(client, STRV_MAKE("u1", "u2", "u3")) >= 0);
+        assert_se(sd_dhcp6_client_set_request_vendor_class(client, STRV_MAKE("v1", "v2", "v3")) >= 0);
+        assert_se(sd_dhcp6_client_set_local_address(client, &address) >= 0);
+        assert_se(sd_dhcp6_client_set_information_request(client, false) == 0);
+        dhcp6_client_set_test_mode(client, true);
+        assert_se(sd_dhcp6_client_start(client) >= 0);
+        assert_se(sd_dhcp6_client_set_transaction_id(client, htobe32(0x00ffffff) & ((const DHCP6Message *) data)->transaction_id) == 0);
+
+        triple_timestamp_get(&t);
+        if (client_receive_advertise(client, (DHCP6Message *) data, size, &t, NULL) != DHCP6_STATE_REQUEST)
+                goto cleanup;
+
+        r = sd_event_now(client->event, clock_boottime_or_monotonic(), &time_now);
+        if (r < 0)
+                goto cleanup;
+
+        client->state = DHCP6_STATE_REQUEST;
+        (void) client_send_message(client, time_now);
+cleanup:
+        assert_se(sd_dhcp6_client_stop(client) >= 0);
+        return 0;
+}
diff --git a/src/libsystemd-network/meson.build b/src/libsystemd-network/meson.build

index 853401d5be832758c214aa6e9de63ab3195df59a..a44e8c0824ea61821cddede5fc7461cd87845d8d 100644 (file)
--- a/src/libsystemd-network/meson.build
+++ b/src/libsystemd-network/meson.build
@@ -113,6 +113,10 @@ fuzzers += [
           [libshared,
            libsystemd_network]],
  
+        [files('fuzz-dhcp6-client-send.c'),
+         [libshared,
+          libsystemd_network]],
+
          [files('fuzz-dhcp-server.c'),
           [libsystemd_network,
            libshared]],
diff --git a/test/fuzz/fuzz-dhcp6-client-send/12ad30d317800d7f731c1c8bc0854e531d5ef928 b/test/fuzz/fuzz-dhcp6-client-send/12ad30d317800d7f731c1c8bc0854e531d5ef928

new file mode 100644 (file)

index 0000000..c140fc0

Binary files /dev/null and b/test/fuzz/fuzz-dhcp6-client-send/12ad30d317800d7f731c1c8bc0854e531d5ef928 differ
diff --git a/test/fuzz/fuzz-dhcp6-client-send/crash-a93b8ba024ada36014c29c25cc90c668fd91ce7f b/test/fuzz/fuzz-dhcp6-client-send/crash-a93b8ba024ada36014c29c25cc90c668fd91ce7f

new file mode 100644 (file)

index 0000000..2bf4027

Binary files /dev/null and b/test/fuzz/fuzz-dhcp6-client-send/crash-a93b8ba024ada36014c29c25cc90c668fd91ce7f differ
diff --git a/test/fuzz/fuzz-dhcp6-client-send/f202c4dff34d15e41c032a66ed25d89154be1f6d b/test/fuzz/fuzz-dhcp6-client-send/f202c4dff34d15e41c032a66ed25d89154be1f6d

new file mode 100644 (file)

index 0000000..9d8994d

Binary files /dev/null and b/test/fuzz/fuzz-dhcp6-client-send/f202c4dff34d15e41c032a66ed25d89154be1f6d differ
author	Evgeny Vereshchagin <evvers@ya.ru>
	Tue, 1 Feb 2022 13:11:41 +0000 (13:11 +0000)
committer	Yu Watanabe <watanabe.yu+github@gmail.com>
	Thu, 3 Feb 2022 04:43:49 +0000 (13:43 +0900)
src/libsystemd-network/fuzz-dhcp6-client-send.c	[new file with mode: 0644]	patch \| blob
src/libsystemd-network/meson.build		patch \| blob \| blame \| history
test/fuzz/fuzz-dhcp6-client-send/12ad30d317800d7f731c1c8bc0854e531d5ef928	[new file with mode: 0644]	patch \| blob
test/fuzz/fuzz-dhcp6-client-send/crash-a93b8ba024ada36014c29c25cc90c668fd91ce7f	[new file with mode: 0644]	patch \| blob
test/fuzz/fuzz-dhcp6-client-send/f202c4dff34d15e41c032a66ed25d89154be1f6d	[new file with mode: 0644]	patch \| blob