aboutsummaryrefslogtreecommitdiff
path: root/projects/dnsmasq/fuzz_dhcp.c
diff options
context:
space:
mode:
Diffstat (limited to 'projects/dnsmasq/fuzz_dhcp.c')
-rw-r--r--projects/dnsmasq/fuzz_dhcp.c87
1 files changed, 87 insertions, 0 deletions
diff --git a/projects/dnsmasq/fuzz_dhcp.c b/projects/dnsmasq/fuzz_dhcp.c
new file mode 100644
index 000000000..4ba61ca3b
--- /dev/null
+++ b/projects/dnsmasq/fuzz_dhcp.c
@@ -0,0 +1,87 @@
+/* Copyright 2021 Google LLC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include "fuzz_header.h"
+
+/*
+ * Targets answer_auth
+ */
+void FuzzDhcp(const uint8_t **data2, size_t *size2) {
+ const uint8_t *data = *data2;
+ size_t size = *size2;
+ time_t now;
+ int pxe_fd = 0;
+
+ struct iovec *dhpa = malloc(sizeof(struct iovec));
+ if (dhpa == NULL) return;
+
+ char *content = malloc(300);
+ if (content == NULL) {
+ free(dhpa);
+ return;
+ }
+
+ dhpa->iov_base = content;
+ dhpa->iov_len = 300;
+
+ daemon->dhcp_packet = *dhpa;
+
+ syscall_data = data;
+ syscall_size = size;
+
+ dhcp_packet(now, pxe_fd);
+
+ // dnsmasq may change the iov_base if the buffer needs expansion.
+ // Do not free in that case, only free if the buffer stays that same.
+ if (daemon->dhcp_packet.iov_base == content) {
+ free(content);
+ }
+ else{
+ free(daemon->dhcp_packet.iov_base);
+ }
+
+ free(dhpa);
+}
+
+/*
+ * Fuzzer entrypoint.
+ */
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ daemon = NULL;
+ if (size < 1) {
+ return 0;
+ }
+
+ // Initialize mini garbage collector
+ gb_init();
+
+ // Get a value we can use to decide which target to hit.
+ int i = (int)data[0];
+ data += 1;
+ size -= 1;
+
+ int succ = init_daemon(&data, &size);
+
+ if (succ == 0) {
+ cache_init();
+ blockdata_init();
+
+ FuzzDhcp(&data, &size);
+
+ cache_start_insert();
+ fuzz_blockdata_cleanup();
+ }
+
+ // Free data in mini garbage collector.
+ gb_cleanup();
+ return 0;
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 21:07:09 +0000