Skip to content

Commit b28d06e

Browse files
evverxyuwata
evverx
authored and
yuwata
committed
tests: fuzz dhcp_server_relay_message
It's a follow-up to systemd#19384 where dhcp_server_relay_message was introduced. This PR was prompted by systemd#22236 (comment) for the most part.
1 parent 1d3b68f commit b28d06e

File tree

4 files changed

+50
-0
lines changed

4 files changed

+50
-0
lines changed

src/libsystemd-network/fuzz-dhcp-server-relay-message.c

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
/* SPDX-License-Identifier: LGPL-2.1-or-later */
2+
3+
#include <fcntl.h>
4+
#include <sys/stat.h>
5+
#include <sys/types.h>
6+
7+
#include "fuzz.h"
8+
9+
#include "sd-dhcp-server.c"
10+
11+
ssize_t sendto(int sockfd, const void *buf, size_t len, int flags, const struct sockaddr *dest_addr, socklen_t addrlen) {
12+
return len;
13+
}
14+
15+
ssize_t sendmsg(int sockfd, const struct msghdr *msg, int flags) {
16+
return 0;
17+
}
18+
19+
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
20+
_cleanup_(sd_dhcp_server_unrefp) sd_dhcp_server *server = NULL;
21+
struct in_addr address = {.s_addr = htobe32(UINT32_C(10) << 24 | UINT32_C(1))};
22+
union in_addr_union relay_address;
23+
_cleanup_free_ uint8_t *message = NULL;
24+
25+
if (size < sizeof(DHCPMessage))
26+
return 0;
27+
28+
assert_se(sd_dhcp_server_new(&server, 1) >= 0);
29+
assert_se(sd_dhcp_server_attach_event(server, NULL, 0) >= 0);
30+
assert_se(sd_dhcp_server_configure_pool(server, &address, 24, 0, 0) >= 0);
31+
assert_se(in_addr_from_string(AF_INET, "192.168.5.1", &relay_address) >= 0);
32+
assert_se(sd_dhcp_server_set_relay_target(server, &relay_address.in) >= 0);
33+
assert_se(sd_dhcp_server_set_bind_to_interface(server, false) >= 0);
34+
assert_se(sd_dhcp_server_set_relay_agent_information(server, "string:sample_circuit_id", "string:sample_remote_id") >= 0);
35+
36+
size_t buflen = size;
37+
buflen += relay_agent_information_length(server->agent_circuit_id, server->agent_remote_id) + 2;
38+
assert_se(message = malloc(buflen));
39+
memcpy(message, data, size);
40+
41+
server->fd = open("/dev/null", O_RDWR|O_CLOEXEC|O_NOCTTY);
42+
assert_se(server->fd >= 0);
43+
44+
(void) dhcp_server_relay_message(server, (DHCPMessage *) message, size - sizeof(DHCPMessage), buflen);
45+
return 0;
46+
}

src/libsystemd-network/meson.build

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,6 +113,10 @@ fuzzers += [
113113
[libsystemd_network,
114114
libshared]],
115115

116+
[files('fuzz-dhcp-server-relay-message.c'),
117+
[libsystemd_network,
118+
libshared]],
119+
116120
[files('fuzz-lldp-rx.c'),
117121
[libshared,
118122
libsystemd_network]],

test/fuzz/fuzz-dhcp-server-relay-message/7d924e16295cd14e12a01a5631ea94a3d11d1b52

243 Bytes
Binary file not shown.

test/fuzz/fuzz-dhcp-server-relay-message/fe4344e65d495388540dc1bf8eae70c46f8b867c

241 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)