BGPD_SAN_FLAGS="-fsanitize=fuzzer"
ZEBRA_SAN_FLAGS="-fsanitize=fuzzer"
OSPFD_SAN_FLAGS="-fsanitize=fuzzer"
+ VRRPD_SAN_FLAGS="-fsanitize=fuzzer"
AC_DEFINE([FUZZING_LIBFUZZER], [1], [Compiling and linking with libFuzzer])
])
fi
AC_SUBST([BGPD_SAN_FLAGS])
AC_SUBST([ZEBRA_SAN_FLAGS])
AC_SUBST([OSPFD_SAN_FLAGS])
+AC_SUBST([VRRPD_SAN_FLAGS])
dnl frr-format.so
if test "$with_frr_format" != "no" -a "$with_frr_format" != "yes" -a -n "$with_frr_format"; then
/*
* Read and process next IPvX datagram.
*/
-static int vrrp_read(struct thread *thread)
+#ifndef FUZZING
+static
+#endif
+int vrrp_read(struct thread *thread)
{
struct vrrp_router *r = thread->arg;
m.msg_control = control;
m.msg_controllen = sizeof(control);
+#ifndef FUZZING
nbytes = recvmsg(r->sock_rx, &m, MSG_DONTWAIT);
if ((nbytes < 0 && ERRNO_IO_RETRY(errno))) {
resched = false;
goto done;
}
+#else
+ nbytes = r->fuzzing_input_size;
+ m.msg_name = &r->fuzzing_sa;
+#endif
if (DEBUG_MODE_CHECK(&vrrp_dbg_pkt, DEBUG_MODE_ALL)) {
DEBUGD(&vrrp_dbg_pkt,
done:
memset(r->ibuf, 0x00, sizeof(r->ibuf));
+#ifndef FUZZING
if (resched)
thread_add_read(master, vrrp_read, r, r->sock_rx, &r->t_read);
+#endif
return 0;
}
.n_yang_modules = array_size(vrrp_yang_modules),
);
+#ifdef FUZZING
+
+int LLVMFuzzerTestOneInput(uint8_t *data, size_t size);
+
+static bool FuzzingInit(void)
+{
+ const char *name[] = { "vrrpd" };
+
+ frr_preinit(&vrrpd_di, 1, (char **) name);
+
+ master = frr_init();
+
+ access_list_init();
+ vrrp_debug_init();
+ vrrp_zebra_init();
+ vrrp_vty_init();
+ vrrp_init();
+
+
+ return true;
+}
+
+static struct vrrp_vrouter *FuzzingCreateVr(void)
+{
+ struct interface *ifp;
+ struct prefix p;
+
+ ifp = if_create_ifindex(69, 0);
+ ifp->mtu = 68;
+ str2prefix("11.0.2.1/24", &p);
+ connected_add_by_prefix(ifp, &p, NULL);
+
+ struct vrrp_vrouter *vr = vrrp_vrouter_create(ifp, 10, 3);
+ vr->v4->fsm.state = VRRP_STATE_MASTER;
+ vr->v6->fsm.state = VRRP_STATE_MASTER;
+
+ vrrp_debug_set(NULL, 0, CONFIG_NODE, 1, 1, 1, 1, 1, 1, 1, 1);
+
+ return vr;
+}
+
+bool FuzzingInitialized;
+struct vrrp_vrouter *FuzzingVr;
+
+int LLVMFuzzerTestOneInput(uint8_t *data, size_t size)
+{
+ if (!FuzzingInitialized) {
+ FuzzingInit();
+ FuzzingInitialized = true;
+ FuzzingVr = FuzzingCreateVr();
+ }
+
+ struct thread t;
+ struct vrrp_vrouter *vr;
+
+#ifdef FUZZING_LIBFUZZER
+ vr = FuzzingVr;
+#else
+ vr = FuzzingVr;
+#endif
+
+ /* set input size */
+ vr->v4->fuzzing_input_size = size;
+ /* some info to fake msghdr with */
+ memcpy(vr->v4->ibuf, data, MIN(size, sizeof(vr->v4->ibuf)));
+ vr->v4->fuzzing_sa.sin_family = AF_INET;
+ inet_pton(AF_INET, "11.0.2.3", &vr->v4->fuzzing_sa.sin_addr);
+
+ t.arg = vr->v4;
+
+ vrrp_read(&t);
+
+ return 0;
+}
+
+#endif
+
+#ifndef FUZZING_LIBFUZZER
int main(int argc, char **argv, char **envp)
{
+#ifdef FUZZING
+ FuzzingInit();
+ FuzzingInitialized = true;
+
+#ifdef __AFL_HAVE_MANUAL_CONTROL
+ __AFL_INIT();
+#endif /* AFL_HAVE_MANUAL_CONTROL */
+
+ uint8_t *input;
+ int r = frrfuzz_read_input(&input);
+
+ if (r < 0)
+ return 0;
+
+ return LLVMFuzzerTestOneInput(input, r);
+#endif
frr_preinit(&vrrpd_di, argc, argv);
frr_opt_add("", longopts, "");
/* Not reached. */
return 0;
}
+#endif
projects / matthieu / frr.git / commitdiff