-
Notifications
You must be signed in to change notification settings - Fork 2.6k
Expand file tree
/
Copy pathbroker_fuzz_with_init.cpp
More file actions
145 lines (113 loc) · 2.84 KB
/
broker_fuzz_with_init.cpp
File metadata and controls
145 lines (113 loc) · 2.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
/*
Copyright (c) 2023 Cedalo GmbH
All rights reserved. This program and the accompanying materials
are made available under the terms of the Eclipse Public License 2.0
and Eclipse Distribution License v1.0 which accompany this distribution.
The Eclipse Public License is available at
https://www.eclipse.org/legal/epl-2.0/
and the Eclipse Distribution License is available at
http://www.eclipse.org/org/documents/edl-v10.php.
SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
Contributors:
Roger Light - initial implementation and documentation.
*/
#include <arpa/inet.h>
#include <errno.h>
#include <netinet/in.h>
#include <pthread.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <unistd.h>
#include "broker_fuzz.h"
#define PORT 1883
/* The broker fuzz-only main function. */
extern "C" int mosquitto_broker_main(int argc, char *argv[]);
void *run_broker(void *args)
{
char *argv[4];
int argc = 4;
argv[0] = strdup("mosquitto");
argv[1] = strdup("-q");
argv[2] = strdup("-c");
argv[3] = strdup("/tmp/mosquitto.conf");
mosquitto_broker_main(argc, argv);
for(int i=0; i<argc; i++){
free(argv[i]);
}
pthread_exit(NULL);
return NULL;
}
void recv_timeout(int sock, void *buf, size_t len, int timeout_us)
{
struct timeval tv = {0, timeout_us};
setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (const char *)&tv, sizeof(tv));
(void)recv(sock, buf, len, 0);
}
int connect_retrying(int port)
{
struct sockaddr_in addr;
int sock;
int rc;
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = inet_addr("127.0.0.1");
sock = socket(AF_INET, SOCK_STREAM, 0);
while(1){
errno = 0;
rc = connect(sock, (struct sockaddr *)&addr, sizeof(addr));
if(rc < 0){
struct timespec ts;
ts.tv_sec = 0;
ts.tv_nsec = 10000000; /* 10ms */
nanosleep(&ts, NULL);
}else{
break;
}
}
return sock;
}
static bool initialise(pthread_t *thread)
{
FILE *fptr;
signal(SIGPIPE, SIG_IGN);
umask(0077);
fptr = fopen("/tmp/mosquitto.conf", "wb");
if(!fptr){
printf("FILE %s\n", strerror(errno));
abort();
}
fprintf(fptr, "user root\n");
fprintf(fptr, "listener %d\n", PORT);
fprintf(fptr, "allow_anonymous true\n");
fclose(fptr);
pthread_create(thread, NULL, run_broker, NULL);
return true;
}
void deinitialise(pthread_t *thread)
{
pthread_join(*thread, NULL);
unlink("/tmp/mosquitto.conf");
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
struct fuzz_data fuzz;
pthread_t thread;
static bool initialised = false;
if(!initialised){
initialised = initialise(&thread);
}
if(size < kMinInputLength || size > kMaxInputLength){
return 0;
}
memset(&fuzz, 0, sizeof(fuzz));
fuzz.port = PORT;
fuzz.size = size;
fuzz.data = (uint8_t *)data;
run_client(&fuzz);
return 0;
}