From 4efd721d1e7545f7e2c7440f795cc2b00cc91142 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jakub=20Urba=C5=84czyk?= Date: Tue, 25 Aug 2020 17:31:07 +0200 Subject: [PATCH] zebra: remove fuzzing stuff MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The fuzzing code that is in the master branch is outdated and unused, so it is worth to remove it to improve readablity of the code. All the code related to the fuzzing is in the `fuzz` branch. Signed-off-by: Jakub Urbańczyk --- configure.ac | 12 ----- doc/user/installation.rst | 6 --- zebra/kernel_netlink.c | 104 -------------------------------------- zebra/kernel_netlink.h | 4 -- zebra/main.c | 51 ------------------- zebra/zapi_msg.c | 27 ---------- zebra/zserv.c | 11 ---- zebra/zserv.h | 4 -- 8 files changed, 219 deletions(-) diff --git a/configure.ac b/configure.ac index 3c65bc91a0..ae116ef754 100755 --- a/configure.ac +++ b/configure.ac @@ -610,10 +610,6 @@ AC_ARG_ENABLE([cumulus], AS_HELP_STRING([--enable-cumulus], [enable Cumulus Switch Special Extensions])) AC_ARG_ENABLE([datacenter], AS_HELP_STRING([--enable-datacenter], [enable Compilation for Data Center Extensions])) -AC_ARG_ENABLE([fuzzing], - AS_HELP_STRING([--enable-fuzzing], [enable ability to fuzz various parts of FRR])) -AC_ARG_ENABLE([netlink_fuzzing], - AS_HELP_STRING([--enable-netlink-fuzzing], [enable ability to fuzz netlink listening socket in zebra])) AC_ARG_ENABLE([rr-semantics], AS_HELP_STRING([--disable-rr-semantics], [disable the v6 Route Replace semantics])) AC_ARG_ENABLE([protobuf], @@ -718,14 +714,6 @@ else DFLT_NAME="traditional" fi -if test "$enable_fuzzing" = "yes" ; then - AC_DEFINE([HANDLE_ZAPI_FUZZING], [1], [Compile extensions to use with a fuzzer]) -fi - -if test "$enable_netlink_fuzzing" = "yes" ; then - AC_DEFINE([HANDLE_NETLINK_FUZZING], [1], [Compile extensions to use with a fuzzer for netlink]) -fi - if test "$enable_cumulus" = "yes" ; then AC_DEFINE([HAVE_CUMULUS], [1], [Compile Special Cumulus Code in]) fi diff --git a/doc/user/installation.rst b/doc/user/installation.rst index 622af67b0f..22d1291d90 100644 --- a/doc/user/installation.rst +++ b/doc/user/installation.rst @@ -255,12 +255,6 @@ options from the list below. mind. Specifically turn on -g3 -O0 for compiling options and add inclusion of grammar sandbox. -.. option:: --enable-fuzzing - - Turn on some compile options to allow you to run fuzzing tools against the - system. This flag is intended as a developer only tool and should not be - used for normal operations. - .. option:: --disable-snmp Build without SNMP support. diff --git a/zebra/kernel_netlink.c b/zebra/kernel_netlink.c index d0c1bc812d..ec5cc1603b 100644 --- a/zebra/kernel_netlink.c +++ b/zebra/kernel_netlink.c @@ -20,12 +20,6 @@ #include -#if defined(HANDLE_NETLINK_FUZZING) -#include -#include -#include "libfrr.h" -#endif /* HANDLE_NETLINK_FUZZING */ - #ifdef HAVE_NETLINK #include "linklist.h" @@ -404,86 +398,6 @@ static int netlink_information_fetch(struct nlmsghdr *h, ns_id_t ns_id, return 0; } -#if defined(HANDLE_NETLINK_FUZZING) -/* Using globals here to avoid adding function parameters */ - -/* Keep distinct filenames for netlink fuzzy collection */ -static unsigned int netlink_file_counter = 1; - -/* File name to read fuzzed netlink from */ -static char netlink_fuzz_file[MAXPATHLEN] = ""; - -/* Flag for whether to read from file or not */ -bool netlink_read; - -/** - * netlink_read_init() - Starts the message parser - * @fname: Filename to read. - */ -void netlink_read_init(const char *fname) -{ - struct zebra_dplane_info dp_info; - - snprintf(netlink_fuzz_file, MAXPATHLEN, "%s", fname); - /* Creating this fake socket for testing purposes */ - struct zebra_ns *zns = zebra_ns_lookup(NS_DEFAULT); - - /* Capture key info from zns struct */ - zebra_dplane_info_from_zns(&dp_info, zns, false); - - netlink_parse_info(netlink_information_fetch, &zns->netlink, - &dp_info, 1, 0); -} - -/** - * netlink_write_incoming() - Writes all data received from netlink to a file - * @buf: Data from netlink. - * @size: Size of data. - * @counter: Counter for keeping filenames distinct. - */ -static void netlink_write_incoming(const char *buf, const unsigned int size, - unsigned int counter) -{ - char fname[MAXPATHLEN]; - FILE *f; - - snprintf(fname, MAXPATHLEN, "%s/%s_%u", frr_vtydir, "netlink", counter); - frr_with_privs(&zserv_privs) { - f = fopen(fname, "w"); - } - if (f) { - fwrite(buf, 1, size, f); - fclose(f); - } -} - -/** - * netlink_read_file() - Reads netlink data from file - * @buf: Netlink buffer being overwritten. - * @fname: File name to read from. - * - * Return: Size of file. - */ -static long netlink_read_file(char *buf, const char *fname) -{ - FILE *f; - long file_bytes = -1; - - frr_with_privs(&zserv_privs) { - f = fopen(fname, "r"); - } - if (f) { - fseek(f, 0, SEEK_END); - file_bytes = ftell(f); - rewind(f); - fread(buf, NL_RCV_PKT_BUF_SIZE, 1, f); - fclose(f); - } - return file_bytes; -} - -#endif /* HANDLE_NETLINK_FUZZING */ - static int kernel_read(struct thread *thread) { struct zebra_ns *zns = (struct zebra_ns *)THREAD_ARG(thread); @@ -834,18 +748,7 @@ static int netlink_recv_msg(const struct nlsock *nl, struct msghdr msg, msg.msg_iovlen = 1; do { -#if defined(HANDLE_NETLINK_FUZZING) - /* Check if reading and filename is set */ - if (netlink_read && '\0' != netlink_fuzz_file[0]) { - zlog_debug("Reading netlink fuzz file"); - status = netlink_read_file(buf, netlink_fuzz_file); - ((struct sockaddr_nl *)msg.msg_name)->nl_pid = 0; - } else { - status = recvmsg(nl->sock, &msg, 0); - } -#else status = recvmsg(nl->sock, &msg, 0); -#endif /* HANDLE_NETLINK_FUZZING */ } while (status == -1 && errno == EINTR); if (status == -1) { @@ -877,13 +780,6 @@ static int netlink_recv_msg(const struct nlsock *nl, struct msghdr msg, zlog_hexdump(buf, status); } -#if defined(HANDLE_NETLINK_FUZZING) - if (!netlink_read) { - zlog_debug("Writing incoming netlink message"); - netlink_write_incoming(buf, status, netlink_file_counter++); - } -#endif /* HANDLE_NETLINK_FUZZING */ - return status; } diff --git a/zebra/kernel_netlink.h b/zebra/kernel_netlink.h index c02e16480b..696f9be4f6 100644 --- a/zebra/kernel_netlink.h +++ b/zebra/kernel_netlink.h @@ -86,10 +86,6 @@ extern const char *nl_rtproto_to_str(uint8_t rtproto); extern const char *nl_family_to_str(uint8_t family); extern const char *nl_rttype_to_str(uint8_t rttype); -#if defined(HANDLE_NETLINK_FUZZING) -extern bool netlink_read; -extern void netlink_read_init(const char *fname); -#endif /* HANDLE_NETLINK_FUZZING */ extern int netlink_parse_info(int (*filter)(struct nlmsghdr *, ns_id_t, int), const struct nlsock *nl, const struct zebra_dplane_info *dp_info, diff --git a/zebra/main.c b/zebra/main.c index 64746f7166..cfc45567d7 100644 --- a/zebra/main.c +++ b/zebra/main.c @@ -59,10 +59,6 @@ #include "zebra/zebra_opaque.h" #include "zebra/zebra_srte.h" -#if defined(HANDLE_NETLINK_FUZZING) -#include "zebra/kernel_netlink.h" -#endif /* HANDLE_NETLINK_FUZZING */ - #define ZEBRA_PTM_SUPPORT /* process id. */ @@ -284,12 +280,6 @@ int main(int argc, char **argv) char *vrf_default_name_configured = NULL; struct sockaddr_storage dummy; socklen_t dummylen; -#if defined(HANDLE_ZAPI_FUZZING) - char *zapi_fuzzing = NULL; -#endif /* HANDLE_ZAPI_FUZZING */ -#if defined(HANDLE_NETLINK_FUZZING) - char *netlink_fuzzing = NULL; -#endif /* HANDLE_NETLINK_FUZZING */ graceful_restart = 0; vrf_configure_backend(VRF_BACKEND_VRF_LITE); @@ -301,12 +291,6 @@ int main(int argc, char **argv) #ifdef HAVE_NETLINK "s:n" #endif -#if defined(HANDLE_ZAPI_FUZZING) - "c:" -#endif /* HANDLE_ZAPI_FUZZING */ -#if defined(HANDLE_NETLINK_FUZZING) - "w:" -#endif /* HANDLE_NETLINK_FUZZING */ , longopts, " -b, --batch Runs in batch mode\n" @@ -321,12 +305,6 @@ int main(int argc, char **argv) " -s, --nl-bufsize Set netlink receive buffer size\n" " --v6-rr-semantics Use v6 RR semantics\n" #endif /* HAVE_NETLINK */ -#if defined(HANDLE_ZAPI_FUZZING) - " -c Bypass normal startup and use this file for testing of zapi\n" -#endif /* HANDLE_ZAPI_FUZZING */ -#if defined(HANDLE_NETLINK_FUZZING) - " -w Bypass normal startup and use this file for testing of netlink input\n" -#endif /* HANDLE_NETLINK_FUZZING */ ); while (1) { @@ -388,21 +366,6 @@ int main(int argc, char **argv) v6_rr_semantics = true; break; #endif /* HAVE_NETLINK */ -#if defined(HANDLE_ZAPI_FUZZING) - case 'c': - zapi_fuzzing = optarg; - break; -#endif /* HANDLE_ZAPI_FUZZING */ -#if defined(HANDLE_NETLINK_FUZZING) - case 'w': - netlink_fuzzing = optarg; - /* This ensures we are aren't writing any of the - * startup netlink messages that happen when we - * just want to read. - */ - netlink_read = true; - break; -#endif /* HANDLE_NETLINK_FUZZING */ default: frr_help_exit(1); break; @@ -489,20 +452,6 @@ int main(int argc, char **argv) /* Error init */ zebra_error_init(); -#if defined(HANDLE_ZAPI_FUZZING) - if (zapi_fuzzing) { - zserv_read_file(zapi_fuzzing); - exit(0); - } -#endif /* HANDLE_ZAPI_FUZZING */ -#if defined(HANDLE_NETLINK_FUZZING) - if (netlink_fuzzing) { - netlink_read_init(netlink_fuzzing); - exit(0); - } -#endif /* HANDLE_NETLINK_FUZZING */ - - frr_run(zrouter.master); /* Not reached... */ diff --git a/zebra/zapi_msg.c b/zebra/zapi_msg.c index 2bcb3502d5..a37a0c93c7 100644 --- a/zebra/zapi_msg.c +++ b/zebra/zapi_msg.c @@ -3113,29 +3113,6 @@ void (*const zserv_handlers[])(ZAPI_HANDLER_ARGS) = { [ZEBRA_CLIENT_CAPABILITIES] = zread_client_capabilities, [ZEBRA_NEIGH_DISCOVER] = zread_neigh_discover}; -#if defined(HANDLE_ZAPI_FUZZING) -extern struct zebra_privs_t zserv_privs; - -static void zserv_write_incoming(struct stream *orig, uint16_t command) -{ - char fname[MAXPATHLEN]; - struct stream *copy; - int fd = -1; - - copy = stream_dup(orig); - stream_set_getp(copy, 0); - - snprintf(fname, MAXPATHLEN, "%s/%u", frr_vtydir, command); - - frr_with_privs(&zserv_privs) { - fd = open(fname, O_CREAT | O_WRONLY | O_EXCL, 0644); - } - stream_flush(copy, fd); - close(fd); - stream_free(copy); -} -#endif - /* * Process a batch of zapi messages. */ @@ -3166,10 +3143,6 @@ void zserv_handle_commands(struct zserv *client, struct stream_fifo *fifo) && IS_ZEBRA_DEBUG_DETAIL) zserv_log_message(NULL, msg, &hdr); -#if defined(HANDLE_ZAPI_FUZZING) - zserv_write_incoming(msg, hdr.command); -#endif - hdr.length -= ZEBRA_HEADER_SIZE; /* Before checking for a handler function, check for diff --git a/zebra/zserv.c b/zebra/zserv.c index cded6ea12b..4c8656af0d 100644 --- a/zebra/zserv.c +++ b/zebra/zserv.c @@ -1294,17 +1294,6 @@ DEFUN (show_zebra_client_summary, return CMD_SUCCESS; } -#if defined(HANDLE_ZAPI_FUZZING) -void zserv_read_file(char *input) -{ - int fd; - - fd = open(input, O_RDONLY | O_NONBLOCK); - - zserv_client_create(fd); -} -#endif - void zserv_init(void) { /* Client list init. */ diff --git a/zebra/zserv.h b/zebra/zserv.h index 54e840cd56..c60799b8ba 100644 --- a/zebra/zserv.h +++ b/zebra/zserv.h @@ -375,10 +375,6 @@ extern void zserv_close_client(struct zserv *client); void zserv_log_message(const char *errmsg, struct stream *msg, struct zmsghdr *hdr); -#if defined(HANDLE_ZAPI_FUZZING) -extern void zserv_read_file(char *input); -#endif - /* TODO */ __attribute__((__noreturn__)) int zebra_finalize(struct thread *event); -- 2.39.5