From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Fri, 4 Feb 2022 15:17:25 +0000 (+0000)
Subject: tests: also fuzz packets sent in the DHCP6_STATE_SOLICITATION state
X-Git-Tag: v251-rc1~345
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=be1eae4fad5562da5cb784c121981206d1b77254;p=thirdparty%2Fsystemd.git

tests: also fuzz packets sent in the DHCP6_STATE_SOLICITATION state

With aborts enabled the fuzzer can catch issues like
https://github.com/systemd/systemd/commit/26a63b81322a3bd8b9fbd43f75897c391708de2c
Let's extend it a bit to let it cover issues like
https://github.com/systemd/systemd/pull/22406#discussion_r798932098
---

diff --git a/src/libsystemd-network/fuzz-dhcp6-client-send.c b/src/libsystemd-network/fuzz-dhcp6-client-send.c
index 48401410f61..39a5f4fd4dd 100644
--- a/src/libsystemd-network/fuzz-dhcp6-client-send.c
+++ b/src/libsystemd-network/fuzz-dhcp6-client-send.c
@@ -44,14 +44,16 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         assert_se(sd_dhcp6_client_set_transaction_id(client, htobe32(0x00ffffff) & ((const DHCP6Message *) data)->transaction_id) == 0);
 
         triple_timestamp_get(&t);
-        if (client_receive_advertise(client, (DHCP6Message *) data, size, &t, NULL) != DHCP6_STATE_REQUEST)
+        r = client_receive_advertise(client, (DHCP6Message *) data, size, &t, NULL);
+        if (r < 0)
                 goto cleanup;
 
         r = sd_event_now(client->event, clock_boottime_or_monotonic(), &time_now);
         if (r < 0)
                 goto cleanup;
 
-        client->state = DHCP6_STATE_REQUEST;
+        if (r == DHCP6_STATE_REQUEST)
+                client->state = DHCP6_STATE_REQUEST;
         (void) client_send_message(client, time_now);
 cleanup:
         assert_se(sd_dhcp6_client_stop(client) >= 0);