projects/dnsmasq/fuzz_patch.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170

diff --git a/src/blockdata.c b/src/blockdata.c
index 0986285..852c961 100644
--- a/src/blockdata.c
+++ b/src/blockdata.c
@@ -15,16 +15,22 @@
 */
 
 #include "dnsmasq.h"
+#include <assert.h>
 
 static struct blockdata *keyblock_free;
 static unsigned int blockdata_count, blockdata_hwm, blockdata_alloced;
 
+void *total_allocated[200] = {0};
+static int fuzz_total_alloc_ptr = 0;
+
 static void blockdata_expand(int n)
 {
   struct blockdata *new = whine_malloc(n * sizeof(struct blockdata));
   
   if (new)
     {
+      assert(fuzz_total_alloc_ptr < 200);
+      total_allocated[fuzz_total_alloc_ptr++] = (void*)new;
       int i;
       
       new[n-1].next = keyblock_free;
@@ -45,11 +51,23 @@ void blockdata_init(void)
   blockdata_count = 0;
   blockdata_hwm = 0;
 
+  fuzz_total_alloc_ptr = 0;
+  for (int m = 0; m < 200; m++)
+	  total_allocated[m] = NULL;
+
   /* Note that daemon->cachesize is enforced to have non-zero size if OPT_DNSSEC_VALID is set */  
   if (option_bool(OPT_DNSSEC_VALID))
     blockdata_expand(daemon->cachesize);
 }
 
+void fuzz_blockdata_cleanup() {
+	for (int i = 0; i < 200; i++) {
+		if (total_allocated[i] != NULL) {
+			free(total_allocated[i]);
+		}
+	}
+}
+
 void blockdata_report(void)
 {
   my_syslog(LOG_INFO, _("pool memory in use %zu, max %zu, allocated %zu"), 
diff --git a/src/dhcp.c b/src/dhcp.c
index e500bc2..7215590 100644
--- a/src/dhcp.c
+++ b/src/dhcp.c
@@ -183,18 +183,26 @@ void dhcp_packet(time_t now, int pxe_fd)
     recvtime = tv.tv_sec;
 
   if (msg.msg_controllen >= sizeof(struct cmsghdr))
-    for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
-      if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
-	{
-	  union {
-	    unsigned char *c;
-	    struct in_pktinfo *p;
-	  } p;
-	  p.c = CMSG_DATA(cmptr);
-	  iface_index = p.p->ipi_ifindex;
-	  if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
-	    unicast_dest = 1;
-	}
+  {
+    int tmp_val = 0;
+      for (cmptr = CMSG_FIRSTHDR(&msg); 
+          cmptr && tmp_val < 1; 
+          tmp_val++) {
+          //cmptr = CMSG_NXTHDR(&msg, cmptr)) {
+      tmp_val++;
+          if (cmptr->cmsg_level == IPPROTO_IP && cmptr->cmsg_type == IP_PKTINFO)
+      {
+        union {
+          unsigned char *c;
+          struct in_pktinfo *p;
+        } p;
+        p.c = CMSG_DATA(cmptr);
+        iface_index = p.p->ipi_ifindex;
+        if (p.p->ipi_addr.s_addr != INADDR_BROADCAST)
+          unicast_dest = 1;
+      }
+    }
+  }
 
 #elif defined(HAVE_BSD_NETWORK) 
   if (msg.msg_controllen >= sizeof(struct cmsghdr))
diff --git a/src/dhcp6.c b/src/dhcp6.c
index ae1f5c1..ce7397d 100644
--- a/src/dhcp6.c
+++ b/src/dhcp6.c
@@ -116,10 +116,14 @@ void dhcp6_packet(time_t now)
   msg.msg_iov =  &daemon->dhcp_packet;
   msg.msg_iovlen = 1;
   
-  if ((sz = recv_dhcp_packet(daemon->dhcp6fd, &msg)) == -1)
+  if ((sz = recv_dhcp_packet(daemon->dhcp6fd, &msg)) == -1){
     return;
-  
-  for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr))
+  }
+
+  int tmp_val = 0;
+//  for (cmptr = CMSG_FIRSTHDR(&msg); cmptr; cmptr = CMSG_NXTHDR(&msg, cmptr)) {
+  for (cmptr = CMSG_FIRSTHDR(&msg); cmptr && tmp_val < 1; tmp_val++) {
+    tmp_val++;
     if (cmptr->cmsg_level == IPPROTO_IPV6 && cmptr->cmsg_type == daemon->v6pktinfo)
       {
 	union {
@@ -131,9 +135,11 @@ void dhcp6_packet(time_t now)
 	if_index = p.p->ipi6_ifindex;
 	dst_addr = p.p->ipi6_addr;
       }
+  }
 
-  if (!indextoname(daemon->dhcp6fd, if_index, ifr.ifr_name))
+  if (!indextoname(daemon->dhcp6fd, if_index, ifr.ifr_name)) {
     return;
+  }
 
   if ((port = relay_reply6(&from, sz, ifr.ifr_name)) != 0)
     {
diff --git a/src/netlink.c b/src/netlink.c
index 7840ef9..2419897 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -197,8 +197,13 @@ int iface_enumerate(int family, void *parm, int (*callback)())
   if (errno != 0)
     return 0;
     
+  int valval = 0;
   while (1)
     {
+      valval++;
+      if (valval > 300) {
+        return -1;
+      }
       if ((len = netlink_recv(0)) == -1)
 	{
 	  if (errno == ENOBUFS)
diff --git a/src/network.c b/src/network.c
index 296c7bd..c03961a 100644
--- a/src/network.c
+++ b/src/network.c
@@ -697,6 +697,7 @@ int enumerate_interfaces(int reset)
   struct auth_zone *zone;
 #endif
   struct server *serv;
+  int iteration = 0;
   
   /* Do this max once per select cycle  - also inhibits netlink socket use
    in TCP child processes. */
@@ -734,6 +735,10 @@ int enumerate_interfaces(int reset)
       }
     
 again:
+  if (iteration > 100) {
+    return 0;
+  }
+  iteration += 1;
   /* Mark interfaces for garbage collection */
   for (iface = daemon->interfaces; iface; iface = iface->next) 
     iface->found = 0;