1 files changed, 170 insertions, 0 deletions
diff --git a/projects/dnsmasq/fuzz_patch.patch b/projects/dnsmasq/fuzz_patch.patch
new file mode 100644
index 000000000..50f7cab38
--- /dev/null
+++ b/projects/dnsmasq/fuzz_patch.patch
@@ -0,0 +1,170 @@
+diff --git a/src/blockdata.c b/src/blockdata.c
+index 0986285..852c961 100644
+--- a/src/blockdata.c
++++ b/src/blockdata.c
+@@ -15,16 +15,22 @@
+ */
+ 
+ #include "dnsmasq.h"
++#include <assert.h>
+ 
+ static struct blockdata *keyblock_free;
+ static unsigned int blockdata_count, blockdata_hwm, blockdata_alloced;
+ 
++void *total_allocated[200] = {0};
++static int fuzz_total_alloc_ptr = 0;
++
+ static void blockdata_expand(int n)
+ {
+   struct blockdata *new = whine_malloc(n * sizeof(struct blockdata));
+   
+   if (new)
+     {
++      assert(fuzz_total_alloc_ptr < 200);
++      total_allocated[fuzz_total_alloc_ptr++] = (void*)new;
+       int i;
+       
+       new[n-1].next = keyblock_free;
+@@ -45,11 +51,23 @@ void blockdata_init(void)
+   blockdata_count = 0;
+   blockdata_hwm = 0;
+ 
++  fuzz_total_alloc_ptr = 0;
++  for (int m = 0; m < 200; m++)
++	  total_allocated[m] = NULL;
++
+   /* Note that daemon->cachesize is enforced to have non-zero size if OPT_DNSSEC_VALID is set */  
+   if (option_bool(OPT_DNSSEC_VALID))
+     blockdata_expand(daemon->cachesize);
+ }
+ 
++void fuzz_blockdata_cleanup() {
++	for (int i = 0; i < 200; i++) {
++		if (total_allocated[i] != NULL) {
++			free(total_allocated[i]);
++		}
++	}
++}
++
+ void blockdata_report(void)
+ {
+   my_syslog(LOG_INFO, _("pool memory in use %zu, max %zu, allocated %zu"), 
+diff --git a/src/dhcp.c b/src/dhcp.c
+index e500bc2..7215590 100644
+--- a/src/dhcp.c
++++ b/src/dhcp.c
+@@ -183,18 +183,26 @@ void dhcp_packet(time_t now, int pxe_fd)
+     recvtime = tv.tv_sec;
+ 
+   if (msg.msg_controllen >= sizeof(struct cmsghdr))
+-    for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
+-      if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
+-	{
+-	  union {
+-	    unsigned char *c;
+-	    struct in_pktinfo *p;
+-	  } p;
+-	  p.c = CMSG_DATA(cmptr);
+-	  iface_index = p.p->ipi_ifindex;
+-	  if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
+-	    unicast_dest = 1;
+-	}
++  {
++    int tmp_val = 0;
++      for (cmptr = CMSG_FIRSTHDR(&msg); 
++          cmptr && tmp_val < 1; 
++          tmp_val++) {
++          //cmptr = CMSG_NXTHDR(&msg, cmptr)) {
++      tmp_val++;
++          if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
++      {
++        union {
++          unsigned char *c;
++          struct in_pktinfo *p;
++        } p;
++        p.c = CMSG_DATA(cmptr);
++        iface_index = p.p->ipi_ifindex;
++        if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
++          unicast_dest = 1;
++      }
++    }
++  }
+ 
+ #elif defined(HAVE_BSD_NETWORK) 
+   if (msg.msg_controllen >= sizeof(struct cmsghdr))
+diff --git a/src/dhcp6.c b/src/dhcp6.c
+index ae1f5c1..ce7397d 100644
+--- a/src/dhcp6.c
++++ b/src/dhcp6.c
+@@ -116,10 +116,14 @@ void dhcp6_packet(time_t now)
+   msg.msg_iov =  &daemon->dhcp_packet;
+   msg.msg_iovlen = 1;
+   
+-  if ((sz = recv_dhcp_packet(daemon->dhcp6fd, &msg)) == -1)
++  if ((sz = recv_dhcp_packet(daemon->dhcp6fd, &msg)) == -1){
+     return;
+-  
+-  for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
++  }
++
++  int tmp_val = 0;
++//  for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) {
++  for (cmptr = CMSG_FIRSTHDR(&msg); cmptr && tmp_val < 1; tmp_val++) {
++    tmp_val++;
+     if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
+       {
+ 	union {
+@@ -131,9 +135,11 @@ void dhcp6_packet(time_t now)
+ 	if_index = p.p->ipi6_ifindex;
+ 	dst_addr = p.p->ipi6_addr;
+       }
++  }
+ 
+-  if (!indextoname(daemon->dhcp6fd, if_index, ifr.ifr_name))
++  if (!indextoname(daemon->dhcp6fd, if_index, ifr.ifr_name)) {
+     return;
++  }
+ 
+   if ((port = relay_reply6(&from, sz, ifr.ifr_name)) != 0)
+     {
+diff --git a/src/netlink.c b/src/netlink.c
+index 7840ef9..2419897 100644
+--- a/src/netlink.c
++++ b/src/netlink.c
+@@ -197,8 +197,13 @@ int iface_enumerate(int family, void *parm, int (*callback)())
+   if (errno != 0)
+     return 0;
+     
++  int valval = 0;
+   while (1)
+     {
++      valval++;
++      if (valval > 300) {
++        return -1;
++      }
+       if ((len = netlink_recv(0)) == -1)
+ 	{
+ 	  if (errno == ENOBUFS)
+diff --git a/src/network.c b/src/network.c
+index 296c7bd..c03961a 100644
+--- a/src/network.c
++++ b/src/network.c
+@@ -697,6 +697,7 @@ int enumerate_interfaces(int reset)
+   struct auth_zone *zone;
+ #endif
+   struct server *serv;
++  int iteration = 0;
+   
+   /* Do this max once per select cycle  - also inhibits netlink socket use
+    in TCP child processes. */
+@@ -734,6 +735,10 @@ int enumerate_interfaces(int reset)
+       }
+     
+ again:
++  if (iteration > 100) {
++    return 0;
++  }
++  iteration += 1;
+   /* Mark interfaces for garbage collection */
+   for (iface = daemon->interfaces; iface; iface = iface->next) 
+     iface->found = 0;