1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132 | // Copyright (C) 2024 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
#include <config.h>
#include <fuzz.h><--- Include file: not found. Please note: Cppcheck does not need standard library headers to get proper results.
#include <cc/command_interpreter.h>
#include <cc/user_context.h>
#include <dhcp6/ctrl_dhcp6_srv.h>
#include <dhcp6/json_config_parser.h>
#include <dhcp6/parser_context.h>
#include <dhcpsrv/packet_fuzzer.h>
#include <util/encode/encode.h>
#include <cassert><--- Include file: not found. Please note: Cppcheck does not need standard library headers to get proper results.
#include <cstdlib><--- Include file: not found. Please note: Cppcheck does not need standard library headers to get proper results.
#include <util/filesystem.h>
#include <vector><--- Include file: not found. Please note: Cppcheck does not need standard library headers to get proper results.
using namespace isc;
using namespace isc::config;
using namespace isc::util;
using namespace std;
namespace {
static string const KEA_DHCP6_CONF(KEA_FUZZ_DIR + "/kea-dhcp6.conf");
static string KEA_DHCP6_FUZZING_INTERFACE;
static string KEA_DHCP6_FUZZING_ADDRESS;
} // namespace
extern "C" {
int
LLVMFuzzerInitialize() {
static bool initialized(DoInitialization());
assert(initialized);
setenv("KEA_DHCP6_FUZZING_ROTATE_PORT", "true", 0);
if (if_nametoindex("lo") > 0) {
KEA_DHCP6_FUZZING_INTERFACE = string("lo");
} else if (if_nametoindex("lo0") > 0) {
KEA_DHCP6_FUZZING_INTERFACE = string("lo0");
}
char const* interface(getenv("KEA_DHCP6_FUZZING_INTERFACE"));<--- Shadowed declaration
if (interface) {
KEA_DHCP6_FUZZING_INTERFACE = string(interface);
}
char const* address(getenv("KEA_DHCP6_FUZZING_ADDRESS"));
KEA_DHCP6_FUZZING_ADDRESS = string(address ? address : "::1");
writeToFile(KEA_DHCP6_CONF, R"(
{
"Dhcp6": {
"interfaces-config": {
"interfaces": [
")" + KEA_DHCP6_FUZZING_INTERFACE + R"("
]
},
"lease-database": {
"persist": false,
"type": "memfile"
},
"server-id": {
"type": "EN",
"persist": false
},
"subnet6": [
{
"id": 1,
"pools": [
{
"pool": "2001:db8::/80"
}
],
"subnet": "2001:db8::/64"
}
]
}
}
)");
// Iterate through the interfaces and expect no errors.
for (IfacePtr const& interface : IfaceMgr::instance().getIfaces()) {<--- Shadow variable
for (string const& error : interface->getErrors()) {
cout << error << endl;
}
assert(interface->getErrors().empty());
}
return 0;
}
int
LLVMFuzzerTearDown() {
try {
remove(KEA_DHCP6_CONF.c_str());
} catch (...) {
}
return 0;
}
int
LLVMFuzzerTestOneInput(uint8_t const* data, size_t size) {
vector<uint8_t> byte_stream;
bool const valid(byteStreamToPacketData(data, size, byte_stream));
if (!valid) {
cout << "Invalid input. Skipping..." << endl;
return 0;
}
ControlledDhcpv6Srv server;
server.init(KEA_DHCP6_CONF);
// Fuzz.
PacketFuzzer fuzzer(ControlledDhcpv6Srv::getInstance()->getServerPort(),
KEA_DHCP6_FUZZING_INTERFACE, KEA_DHCP6_FUZZING_ADDRESS);
fuzzer.transfer(byte_stream.data(), byte_stream.size());
ControlledDhcpv6Srv::getInstance()->runOne();
return 0;
}
} // extern "C"
|