github
/
mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
develop
master
fixes
release/2.0
release/1.6
dynamic-bridge
release/1.5
debian
debian-mosquitto
v2.0.15
v2.0.14
v2.0.13
v2.0.12
v2.0.11
v1.6.15
v2.0.10
v2.0.9
v1.6.14
v1.5.11
v2.0.8
v2.0.7
v1.6.13
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.5.10
v1.6.12
v1.6.11
v1.6.10
v1.6.9
v1.6.8
v1.6.7
v1.6.6
v1.5.9
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6
v1.5.8
v1.5.7
v1.5.6
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5
v1.4.15
v1.4.14
v1.4.13
v1.4.12
v1.4.11
v1.4.10
v1.4.9
v1.4.8
v1.4.7
v1.4.6
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.3.2-not-blessed
v1.3.3-not-blessed
v1.3.4-not-blessed
v1.3.5-not-blessed
v1.4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b648ba227b'
${ noResults }
mosquitto/fuzzing/broker/broker_fuzz.cpp

128 lines
2.6 KiB
C++
Raw Blame History

/*
Copyright (c) 2023 Cedalo GmbH
All rights reserved. This program and the accompanying materials
are made available under the terms of the Eclipse Public License 2.0
and Eclipse Distribution License v1.0 which accompany this distribution.
The Eclipse Public License is available at
https://www.eclipse.org/legal/epl-2.0/
and the Eclipse Distribution License is available at
http://www.eclipse.org/org/documents/edl-v10.php.
SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
Contributors:
Roger Light - initial implementation and documentation.
*/
#include <arpa/inet.h>
#include <errno.h>
#include <netinet/in.h>
#include <pthread.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <unistd.h>
#include "broker_fuzz.h"
#define PORT 1883
/* The broker fuzz-only main function. */
extern "C" int mosquitto_fuzz_main(int argc, char *argv[]);
void *run_broker(void *args)
{
char *argv[4];
int argc = 4;
argv[0] = strdup("mosquitto");
argv[1] = strdup("-v");
argv[2] = strdup("-c");
argv[3] = strdup("/tmp/mosquitto.conf");
mosquitto_fuzz_main(argc, argv);
for(int i=0; i<argc; i++){
free(argv[i]);
}
pthread_exit(NULL);
return NULL;
}
void recv_timeout(int sock, void *buf, size_t len, int timeout_us)
{
struct timeval tv = {0, timeout_us};
setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (const char *)&tv, sizeof(tv));
(void)recv(sock, buf, len, 0);
}
int connect_retrying(int port)
{
struct sockaddr_in addr;
int sock;
int rc;
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = inet_addr("127.0.0.1");
sock = socket(AF_INET, SOCK_STREAM, 0);
while(1){
errno = 0;
rc = connect(sock, (struct sockaddr *)&addr, sizeof(addr));
if(rc < 0){
struct timespec ts;
ts.tv_sec = 0;
ts.tv_nsec = 10000000; /* 10ms */
nanosleep(&ts, NULL);
}else{
break;
}
}
return sock;
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
struct fuzz_data fuzz;
pthread_t thread;
FILE *fptr;
if(size < kMinInputLength || size > kMaxInputLength){
return 0;
}
signal(SIGPIPE, SIG_IGN);
memset(&fuzz, 0, sizeof(fuzz));
fuzz.port = PORT;
fuzz.size = size;
fuzz.data = (uint8_t *)data;
fptr = fopen("/tmp/mosquitto.conf", "wb");
if(!fptr){
printf("FILE %s\n", strerror(errno));
abort();
}
fprintf(fptr, "user root\n");
fprintf(fptr, "listener %d\n", PORT);
fprintf(fptr, "allow_anonymous true\n");
fclose(fptr);
pthread_create(&thread, NULL, run_broker, &fuzz);
run_client(&fuzz);
pthread_join(thread, NULL);
unlink("/tmp/mosquitto.conf");
return 0;
}
Reference in New Issue View Git Blame Copy Permalink