1 /* Copyright 2021 Google LLC
2 Licensed under the Apache License, Version 2.0 (the "License");
3 you may not use this file except in compliance with the License.
4 You may obtain a copy of the License at
5 http://www.apache.org/licenses/LICENSE-2.0
6 Unless required by applicable law or agreed to in writing, software
7 distributed under the License is distributed on an "AS IS" BASIS,
8 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9 See the License for the specific language governing permissions and
10 limitations under the License.
11 */
12
13 #include "fuzz_header.h"
14
15 /*
16 * Targets answer_auth
17 */
18 static int val213 = 0;
FuzzDhcp(const uint8_t ** data2,size_t * size2)19 void FuzzDhcp(const uint8_t **data2, size_t *size2) {
20 const uint8_t *data = *data2;
21 size_t size = *size2;
22
23
24 time_t now;
25 int pxe_fd = 0;
26
27 struct iovec *dhpa = malloc(sizeof(struct iovec));
28 if (dhpa == NULL) return;
29
30 char *content = malloc(300);
31 if (content == NULL) {
32 free(dhpa);
33 return;
34 }
35
36 dhpa->iov_base = content;
37 dhpa->iov_len = 300;
38
39 daemon->dhcp_packet = *dhpa;
40
41 syscall_data = data;
42 syscall_size = size;
43
44 dhcp6_packet(now);
45
46 free(dhpa);
47 free(content);
48 }
49
50 /*
51 * Fuzzer entrypoint.
52 */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)53 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
54 daemon = NULL;
55 if (size < 1) {
56 return 0;
57 }
58
59 // Initialize mini garbage collector
60 gb_init();
61
62 // Get a value we can use to decide which target to hit.
63 int i = (int)data[0];
64 data += 1;
65 size -= 1;
66
67 int succ = init_daemon(&data, &size);
68
69 if (succ == 0) {
70 cache_init();
71 blockdata_init();
72
73 FuzzDhcp(&data, &size);
74
75 cache_start_insert();
76 fuzz_blockdata_cleanup();
77 }
78
79 // Free data in mini garbage collector.
80 gb_cleanup();
81
82 return 0;
83 }
84