From a46abf2e345ac35f8f30aee9c22b0640980dc65b Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 28 Jan 2022 10:12:00 +0900 Subject: fuzz-dhcp-server: add static leases --- src/libsystemd-network/fuzz-dhcp-server.c | 62 ++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 22 deletions(-) (limited to 'src/libsystemd-network/fuzz-dhcp-server.c') diff --git a/src/libsystemd-network/fuzz-dhcp-server.c b/src/libsystemd-network/fuzz-dhcp-server.c index 6a57850992..b35f1ac6da 100644 --- a/src/libsystemd-network/fuzz-dhcp-server.c +++ b/src/libsystemd-network/fuzz-dhcp-server.c @@ -17,13 +17,42 @@ ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags) { return 0; } +static void add_lease(sd_dhcp_server *server, const struct in_addr *server_address, uint8_t i) { + static const uint8_t chaddr[] = {3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3}; + DHCPLease *lease; + + assert(server); + + assert_se(lease = new0(DHCPLease, 1)); + lease->client_id.length = 2; + assert_se(lease->client_id.data = malloc(2)); + lease->client_id.data[0] = 2; + lease->client_id.data[1] = i; + lease->address = htobe32(UINT32_C(10) << 24 | i); + lease->gateway = server_address->s_addr; + lease->expiration = UINT64_MAX; + lease->htype = ARPHRD_ETHER; + lease->hlen = ETH_ALEN; + memcpy(lease->chaddr, chaddr, ETH_ALEN); + assert_se(hashmap_ensure_put(&server->bound_leases_by_client_id, &dhcp_lease_hash_ops, &lease->client_id, lease) >= 0); + assert_se(hashmap_ensure_put(&server->bound_leases_by_address, NULL, UINT32_TO_PTR(lease->address), lease) >= 0); + lease->server = server; +} + +static void add_static_lease(sd_dhcp_server *server, uint8_t i) { + uint8_t id[2] = { 2, i }; + + assert(server); + + assert_se(sd_dhcp_server_set_static_lease(server, + &(struct in_addr) { .s_addr = htobe32(UINT32_C(10) << 24 | i)}, + id, ELEMENTSOF(id)) >= 0); +} + int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_(sd_dhcp_server_unrefp) sd_dhcp_server *server = NULL; - struct in_addr address = {.s_addr = htobe32(UINT32_C(10) << 24 | UINT32_C(1))}; - static const uint8_t chaddr[] = {3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3}; + struct in_addr address = { .s_addr = htobe32(UINT32_C(10) << 24 | UINT32_C(1))}; _cleanup_free_ uint8_t *duped = NULL; - uint8_t *client_id; - DHCPLease *lease; if (size < sizeof(DHCPMessage)) return 0; @@ -36,24 +65,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { assert_se(server->fd >= 0); assert_se(sd_dhcp_server_configure_pool(server, &address, 24, 0, 0) >= 0); - /* add a lease to the pool to expose additional code paths */ - client_id = malloc(2); - assert_se(client_id); - client_id[0] = 2; - client_id[1] = 2; - lease = new0(DHCPLease, 1); - assert_se(lease); - lease->client_id.length = 2; - lease->client_id.data = client_id; - lease->address = htobe32(UINT32_C(10) << 24 | UINT32_C(2)); - lease->gateway = htobe32(UINT32_C(10) << 24 | UINT32_C(1)); - lease->expiration = UINT64_MAX; - lease->htype = ARPHRD_ETHER; - lease->hlen = ETH_ALEN; - memcpy(lease->chaddr, chaddr, ETH_ALEN); - assert_se(hashmap_ensure_put(&server->bound_leases_by_client_id, &dhcp_lease_hash_ops, &lease->client_id, lease) >= 0); - assert_se(hashmap_ensure_put(&server->bound_leases_by_address, NULL, UINT32_TO_PTR(lease->address), lease) >= 0); - lease->server = server; + /* add leases to the pool to expose additional code paths */ + add_lease(server, &address, 2); + add_lease(server, &address, 3); + + /* add static leases */ + add_static_lease(server, 3); + add_static_lease(server, 4); (void) dhcp_server_handle_message(server, (DHCPMessage*) duped, size); -- cgit v1.2.3