From: Yu Watanabe Date: Mon, 7 Feb 2022 16:19:27 +0000 (+0900) Subject: fuzz-dhcp6-client: merge with fuzz-dhcp6-client-send X-Git-Tag: v251-rc1~291^2~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7b53d3ead38d2c2256828b59bd5bdf25e9052e2d;p=thirdparty%2Fsystemd.git fuzz-dhcp6-client: merge with fuzz-dhcp6-client-send --- diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h index 81497fda14a..0d7813f613b 100644 --- a/src/libsystemd-network/dhcp6-internal.h +++ b/src/libsystemd-network/dhcp6-internal.h @@ -85,6 +85,7 @@ int dhcp6_network_bind_udp_socket(int ifindex, struct in6_addr *address); int dhcp6_network_send_udp_socket(int s, struct in6_addr *address, const void *packet, size_t len); +int dhcp6_client_send_message(sd_dhcp6_client *client); void dhcp6_client_set_test_mode(sd_dhcp6_client *client, bool test_mode); int dhcp6_client_set_transaction_id(sd_dhcp6_client *client, uint32_t transaction_id); diff --git a/src/libsystemd-network/fuzz-dhcp6-client-send.c b/src/libsystemd-network/fuzz-dhcp6-client-send.c deleted file mode 100644 index 16a71e72d30..00000000000 --- a/src/libsystemd-network/fuzz-dhcp6-client-send.c +++ /dev/null @@ -1,54 +0,0 @@ -/* SPDX-License-Identifier: LGPL-2.1-or-later */ - -#include "fuzz.h" - -#include "sd-dhcp6-client.c" - -int dhcp6_network_send_udp_socket(int s, struct in6_addr *server_address, - const void *packet, size_t len) { - return len; -} - -int dhcp6_network_bind_udp_socket(int index, struct in6_addr *local_address) { - int fd; - - fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 0); - assert_se(fd >= 0); - - return fd; -} - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - _cleanup_(sd_event_unrefp) sd_event *e = NULL; - _cleanup_(sd_dhcp6_client_unrefp) sd_dhcp6_client *client = NULL; - struct in6_addr address = { { { 0xfe, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01 } } }; - int r; - - if (size < sizeof(DHCP6Message)) - return 0; - - assert_se(sd_event_new(&e) >= 0); - assert_se(sd_dhcp6_client_new(&client) >= 0); - assert_se(sd_dhcp6_client_attach_event(client, e, 0) >= 0); - assert_se(sd_dhcp6_client_set_ifindex(client, 42) == 0); - assert_se(sd_dhcp6_client_set_fqdn(client, "example.com") == 1); - assert_se(sd_dhcp6_client_set_request_mud_url(client, "https://www.example.com/mudfile.json") >= 0); - assert_se(sd_dhcp6_client_set_request_user_class(client, STRV_MAKE("u1", "u2", "u3")) >= 0); - assert_se(sd_dhcp6_client_set_request_vendor_class(client, STRV_MAKE("v1", "v2", "v3")) >= 0); - assert_se(sd_dhcp6_client_set_local_address(client, &address) >= 0); - assert_se(sd_dhcp6_client_set_information_request(client, false) == 0); - dhcp6_client_set_test_mode(client, true); - assert_se(sd_dhcp6_client_start(client) >= 0); - assert_se(dhcp6_client_set_transaction_id(client, ((const DHCP6Message *) data)->transaction_id) == 0); - - r = client_process_advertise_or_rapid_commit_reply(client, (DHCP6Message *) data, size, NULL, NULL); - if (r < 0) - goto cleanup; - - if (client->state != DHCP6_STATE_REQUEST) - client->state = DHCP6_STATE_SOLICITATION; - (void) client_send_message(client); -cleanup: - assert_se(sd_dhcp6_client_stop(client) >= 0); - return 0; -} diff --git a/src/libsystemd-network/fuzz-dhcp6-client.c b/src/libsystemd-network/fuzz-dhcp6-client.c index ad676e67444..32fa68d8a99 100644 --- a/src/libsystemd-network/fuzz-dhcp6-client.c +++ b/src/libsystemd-network/fuzz-dhcp6-client.c @@ -30,6 +30,10 @@ static void fuzz_client(sd_dhcp6_client *client, const uint8_t *data, size_t siz if (size >= sizeof(DHCP6Message)) assert_se(dhcp6_client_set_transaction_id(client, ((const DHCP6Message *) data)->transaction_id) == 0); + /* These states does not require lease to send message. */ + if (IN_SET(client->state, DHCP6_STATE_INFORMATION_REQUEST, DHCP6_STATE_SOLICITATION)) + assert_se(dhcp6_client_send_message(client) >= 0); + assert_se(write(test_dhcp_fd[1], data, size) == (ssize_t) size); assert_se(sd_event_run(sd_dhcp6_client_get_event(client), UINT64_MAX) > 0); @@ -50,6 +54,12 @@ static void fuzz_client(sd_dhcp6_client *client, const uint8_t *data, size_t siz assert_not_reached(); } + /* Send message if the client has a lease. */ + if (state != DHCP6_STATE_INFORMATION_REQUEST && sd_dhcp6_client_get_lease(client, NULL) >= 0) { + client->state = DHCP6_STATE_REQUEST; + dhcp6_client_send_message(client); + } + assert_se(sd_dhcp6_client_stop(client) >= 0); test_dhcp_fd[1] = safe_close(test_dhcp_fd[1]); @@ -70,6 +80,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { assert_se(sd_dhcp6_client_set_local_address(client, &address) >= 0); dhcp6_client_set_test_mode(client, true); + /* Used when sending message. */ + assert_se(sd_dhcp6_client_set_fqdn(client, "example.com") == 1); + assert_se(sd_dhcp6_client_set_request_mud_url(client, "https://www.example.com/mudfile.json") >= 0); + assert_se(sd_dhcp6_client_set_request_user_class(client, STRV_MAKE("u1", "u2", "u3")) >= 0); + assert_se(sd_dhcp6_client_set_request_vendor_class(client, STRV_MAKE("v1", "v2", "v3")) >= 0); + fuzz_client(client, data, size, DHCP6_STATE_INFORMATION_REQUEST); fuzz_client(client, data, size, DHCP6_STATE_SOLICITATION); diff --git a/src/libsystemd-network/meson.build b/src/libsystemd-network/meson.build index f82e2b257d4..63ac8165b7e 100644 --- a/src/libsystemd-network/meson.build +++ b/src/libsystemd-network/meson.build @@ -115,10 +115,6 @@ fuzzers += [ [libshared, libsystemd_network]], - [files('fuzz-dhcp6-client-send.c'), - [libshared, - libsystemd_network]], - [files('fuzz-dhcp-server.c'), [libsystemd_network, libshared]], diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c index 45994c93ce4..163a208a44f 100644 --- a/src/libsystemd-network/sd-dhcp6-client.c +++ b/src/libsystemd-network/sd-dhcp6-client.c @@ -637,7 +637,7 @@ static DHCP6MessageType client_message_type_from_state(sd_dhcp6_client *client) } } -static int client_send_message(sd_dhcp6_client *client) { +int dhcp6_client_send_message(sd_dhcp6_client *client) { _cleanup_free_ DHCP6Message *message = NULL; struct in6_addr all_servers = IN6ADDR_ALL_DHCP6_RELAY_AGENTS_AND_SERVERS_INIT; @@ -813,7 +813,7 @@ static int client_timeout_resend(sd_event_source *s, uint64_t usec, void *userda assert_not_reached(); } - r = client_send_message(client); + r = dhcp6_client_send_message(client); if (r >= 0) client->retransmit_count++; diff --git a/test/fuzz/fuzz-dhcp6-client-send/12ad30d317800d7f731c1c8bc0854e531d5ef928 b/test/fuzz/fuzz-dhcp6-client/12ad30d317800d7f731c1c8bc0854e531d5ef928 similarity index 100% rename from test/fuzz/fuzz-dhcp6-client-send/12ad30d317800d7f731c1c8bc0854e531d5ef928 rename to test/fuzz/fuzz-dhcp6-client/12ad30d317800d7f731c1c8bc0854e531d5ef928 diff --git a/test/fuzz/fuzz-dhcp6-client-send/crash-a93b8ba024ada36014c29c25cc90c668fd91ce7f b/test/fuzz/fuzz-dhcp6-client/crash-a93b8ba024ada36014c29c25cc90c668fd91ce7f similarity index 100% rename from test/fuzz/fuzz-dhcp6-client-send/crash-a93b8ba024ada36014c29c25cc90c668fd91ce7f rename to test/fuzz/fuzz-dhcp6-client/crash-a93b8ba024ada36014c29c25cc90c668fd91ce7f diff --git a/test/fuzz/fuzz-dhcp6-client-send/f202c4dff34d15e41c032a66ed25d89154be1f6d b/test/fuzz/fuzz-dhcp6-client/f202c4dff34d15e41c032a66ed25d89154be1f6d similarity index 100% rename from test/fuzz/fuzz-dhcp6-client-send/f202c4dff34d15e41c032a66ed25d89154be1f6d rename to test/fuzz/fuzz-dhcp6-client/f202c4dff34d15e41c032a66ed25d89154be1f6d