ospfd allow fuzzing LSUPD, LSACK, LSREQ packets

- Anything except HELLO wants a neighbor created, so do that
- Skip some unnecessary stuff
- Most stuff checks the LSDB and returns early, so skip those

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>

diff --git a/ospfd/ospf_neighbor.c b/ospfd/ospf_neighbor.c
index 98fb54d82a670b4562a8ae0b6a01512c5bcbecbf..2611ffaffcbe7e6d87a7ee342704f82f6a51172e 100644 (file)
--- a/ospfd/ospf_neighbor.c
+++ b/ospfd/ospf_neighbor.c
@@ -448,8 +448,10 @@ static struct ospf_neighbor *ospf_nbr_add(struct ospf_interface *oi,
                                nbr_nbma->nbr = nbr;
                                nbr->nbr_nbma = nbr_nbma;
 
+#ifndef FUZZING
                                if (nbr_nbma->t_poll)
                                        OSPF_POLL_TIMER_OFF(nbr_nbma->t_poll);
+#endif
 
                                nbr->state_change = nbr_nbma->state_change + 1;
                        }
@@ -457,8 +459,10 @@ static struct ospf_neighbor *ospf_nbr_add(struct ospf_interface *oi,
        }
 
        /* New nbr, save the crypto sequence number if necessary */
+#ifndef FUZZING
        if (ntohs(ospfh->auth_type) == OSPF_AUTH_CRYPTOGRAPHIC)
                nbr->crypt_seqnum = ospfh->u.crypt.crypt_seqnum;
+#endif
 
        /* Configure BFD if interface has it. */
        ospf_neighbor_bfd_apply(nbr);

diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c
index ebd96a4931c9365c0126b2ae7a1648cbf1b472be..145dba395a5eeb8aee4f540d069548938d1fd50d 100644 (file)
--- a/ospfd/ospf_packet.c
+++ b/ospfd/ospf_packet.c
@@ -1664,6 +1664,7 @@ static void ospf_ls_req(struct ip *iph, struct ospf_header *ospfh,
                /* Search proper LSA in LSDB. */
                find = ospf_lsa_lookup(oi->ospf, oi->area, ls_type, ls_id,
                                       adv_router);
+#ifndef FUZZING
                if (find == NULL) {
                        OSPF_NSM_EVENT_SCHEDULE(nbr, NSM_BadLSReq);
                        list_delete(&ls_upd);
@@ -1688,9 +1689,13 @@ static void ospf_ls_req(struct ip *iph, struct ospf_header *ospfh,
                /* Append LSA to update list. */
                listnode_add(ls_upd, find);
                length += ntohs(find->data->length);
+#endif
 
                size -= OSPF_LSA_KEY_SIZE;
        }
+#ifdef FUZZING
+       return;
+#endif
 
        /* Send rest of Link State Update. */
        if (listcount(ls_upd) > 0) {
@@ -2124,10 +2129,12 @@ static void ospf_ls_upd(struct ospf *ospf, struct ip *iph,
                                DISCARD_LSA(lsa, 4);
                        }
 
+#ifndef FUZZING
                        /* Actual flooding procedure. */
                        if (ospf_flood(oi->ospf, nbr, current, lsa)
                            < 0) /* Trap NSSA later. */
                                DISCARD_LSA(lsa, 5);
+#endif
                        continue;
                }
 
@@ -3192,6 +3199,20 @@ enum ospf_read_return_enum ospf_read_helper(struct ospf *ospf)
        /* Adjust size to message length. */
        length = ntohs(ospfh->length) - OSPF_HEADER_SIZE;
 
+#ifdef FUZZING
+       /*
+        * Everything except hellos returns early with no neighbor found, so we
+        * need to make a neighbor
+        */
+       struct prefix p;
+       p.family = AF_INET;
+       p.prefixlen = 24;
+       p.u.prefix4 = iph->ip_src;
+
+       struct ospf_neighbor *n = ospf_nbr_get(oi, ospfh, iph, &p);
+       n->state = NSM_Exchange;
+#endif
+
        /* Read rest of the packet and call each sort of packet routine.
         */
        switch (ospfh->type) {