diff options
Diffstat (limited to 'projects/dnsmasq/fuzz_patch.patch')
-rw-r--r-- | projects/dnsmasq/fuzz_patch.patch | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/projects/dnsmasq/fuzz_patch.patch b/projects/dnsmasq/fuzz_patch.patch new file mode 100644 index 000000000..50f7cab38 --- /dev/null +++ b/projects/dnsmasq/fuzz_patch.patch @@ -0,0 +1,170 @@ +diff --git a/src/blockdata.c b/src/blockdata.c +index 0986285..852c961 100644 +--- a/src/blockdata.c ++++ b/src/blockdata.c +@@ -15,16 +15,22 @@ + */ + + #include "dnsmasq.h" ++#include <assert.h> + + static struct blockdata *keyblock_free; + static unsigned int blockdata_count, blockdata_hwm, blockdata_alloced; + ++void *total_allocated[200] = {0}; ++static int fuzz_total_alloc_ptr = 0; ++ + static void blockdata_expand(int n) + { + struct blockdata *new = whine_malloc(n * sizeof(struct blockdata)); + + if (new) + { ++ assert(fuzz_total_alloc_ptr < 200); ++ total_allocated[fuzz_total_alloc_ptr++] = (void*)new; + int i; + + new[n-1].next = keyblock_free; +@@ -45,11 +51,23 @@ void blockdata_init(void) + blockdata_count = 0; + blockdata_hwm = 0; + ++ fuzz_total_alloc_ptr = 0; ++ for (int m = 0; m < 200; m++) ++ total_allocated[m] = NULL; ++ + /* Note that daemon->cachesize is enforced to have non-zero size if OPT_DNSSEC_VALID is set */ + if (option_bool(OPT_DNSSEC_VALID)) + blockdata_expand(daemon->cachesize); + } + ++void fuzz_blockdata_cleanup() { ++ for (int i = 0; i < 200; i++) { ++ if (total_allocated[i] != NULL) { ++ free(total_allocated[i]); ++ } ++ } ++} ++ + void blockdata_report(void) + { + my_syslog(LOG_INFO, _("pool memory in use %zu, max %zu, allocated %zu"), +diff --git a/src/dhcp.c b/src/dhcp.c +index e500bc2..7215590 100644 +--- a/src/dhcp.c ++++ b/src/dhcp.c +@@ -183,18 +183,26 @@ void dhcp_packet(time_t now, int pxe_fd) + recvtime = tv.tv_sec; + + if (msg.msg_controllen >= sizeof(struct cmsghdr)) +- for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) +- if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO) +- { +- union { +- unsigned char *c; +- struct in_pktinfo *p; +- } p; +- p.c = CMSG_DATA(cmptr); +- iface_index = p.p->ipi_ifindex; +- if (p.p->ipi_addr.s_addr != INADDR_BROADCAST) +- unicast_dest = 1; +- } ++ { ++ int tmp_val = 0; ++ for (cmptr = CMSG_FIRSTHDR(&msg); ++ cmptr && tmp_val < 1; ++ tmp_val++) { ++ //cmptr = CMSG_NXTHDR(&msg, cmptr)) { ++ tmp_val++; ++ if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO) ++ { ++ union { ++ unsigned char *c; ++ struct in_pktinfo *p; ++ } p; ++ p.c = CMSG_DATA(cmptr); ++ iface_index = p.p->ipi_ifindex; ++ if (p.p->ipi_addr.s_addr != INADDR_BROADCAST) ++ unicast_dest = 1; ++ } ++ } ++ } + + #elif defined(HAVE_BSD_NETWORK) + if (msg.msg_controllen >= sizeof(struct cmsghdr)) +diff --git a/src/dhcp6.c b/src/dhcp6.c +index ae1f5c1..ce7397d 100644 +--- a/src/dhcp6.c ++++ b/src/dhcp6.c +@@ -116,10 +116,14 @@ void dhcp6_packet(time_t now) + msg.msg_iov = &daemon->dhcp_packet; + msg.msg_iovlen = 1; + +- if ((sz = recv_dhcp_packet(daemon->dhcp6fd, &msg)) == -1) ++ if ((sz = recv_dhcp_packet(daemon->dhcp6fd, &msg)) == -1){ + return; +- +- for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) ++ } ++ ++ int tmp_val = 0; ++// for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) { ++ for (cmptr = CMSG_FIRSTHDR(&msg); cmptr && tmp_val < 1; tmp_val++) { ++ tmp_val++; + if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo) + { + union { +@@ -131,9 +135,11 @@ void dhcp6_packet(time_t now) + if_index = p.p->ipi6_ifindex; + dst_addr = p.p->ipi6_addr; + } ++ } + +- if (!indextoname(daemon->dhcp6fd, if_index, ifr.ifr_name)) ++ if (!indextoname(daemon->dhcp6fd, if_index, ifr.ifr_name)) { + return; ++ } + + if ((port = relay_reply6(&from, sz, ifr.ifr_name)) != 0) + { +diff --git a/src/netlink.c b/src/netlink.c +index 7840ef9..2419897 100644 +--- a/src/netlink.c ++++ b/src/netlink.c +@@ -197,8 +197,13 @@ int iface_enumerate(int family, void *parm, int (*callback)()) + if (errno != 0) + return 0; + ++ int valval = 0; + while (1) + { ++ valval++; ++ if (valval > 300) { ++ return -1; ++ } + if ((len = netlink_recv(0)) == -1) + { + if (errno == ENOBUFS) +diff --git a/src/network.c b/src/network.c +index 296c7bd..c03961a 100644 +--- a/src/network.c ++++ b/src/network.c +@@ -697,6 +697,7 @@ int enumerate_interfaces(int reset) + struct auth_zone *zone; + #endif + struct server *serv; ++ int iteration = 0; + + /* Do this max once per select cycle - also inhibits netlink socket use + in TCP child processes. */ +@@ -734,6 +735,10 @@ int enumerate_interfaces(int reset) + } + + again: ++ if (iteration > 100) { ++ return 0; ++ } ++ iteration += 1; + /* Mark interfaces for garbage collection */ + for (iface = daemon->interfaces; iface; iface = iface->next) + iface->found = 0; |