/src/ntp-dev/tests/fuzz/fuzz_ntpd_receive.c

Source
#include <stddef.h>
#include <stdint.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

#include "config.h"
#include "recvbuff.h"
#include "ntpd.h"

const char *Version = "libntpq 0.3beta";
int listen_to_virtual_ips = TRUE;
int mdnstries = 5;
char const *progname = "fuzz_ntpd_receive";
#ifdef HAVE_WORKING_FORK
int    waitsync_fd_to_close = -1;    /* -w/--wait-sync */
int    daemon_pipe[2] = { -1, -1 };
#endif

static int initialized = 0;
int sockfd;
uint8_t itf_index;

void fuzz_itf_selecter(void * data, interface_info_t * itf) {
    endpt **ep = (endpt **)data;
    if (itf_index == 0) {
        *ep = itf->ep;
    }
    itf_index--;
}

int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) {
    struct recvbuf rbufp;
    struct sockaddr_in addr;

    // Initialize the address to prevent an assertion failure in restrictions()
    addr.sin_family = AF_INET;
    addr.sin_port = htons(123);
    addr.sin_addr.s_addr = htonl(0x7f000001);
    rbufp.recv_srcadr.sa4 = addr;
    //memcpy(&rbufp.recv_srcadr, &addr, sizeof(struct sockaddr_in));

    if (initialized == 0) {
        sockfd = open("/dev/null", O_RDWR );
        //adds interfaces
        init_io();
        init_auth();
        init_util();
        init_restrict();
        init_mon();
        init_timer();
        init_lib();
        init_request();
        init_control();
        init_peer();
        init_proto();
        init_loopfilter();
        io_open_sockets();
        initialized = 1;
    }

    if (Size < sizeof(l_fp)) {
        return 0;
    }
    memcpy(&rbufp.recv_time, Data, sizeof(l_fp));
    Data += sizeof(l_fp);
    Size -= sizeof(l_fp);

    if (Size < 1) {
        return 0;
    }
    itf_index = Data[0];
    rbufp.dstadr = NULL;
    interface_enumerate(fuzz_itf_selecter, &rbufp.dstadr);
    if (rbufp.dstadr == NULL) {
        return 0;
    }
    Data++;
    Size--;

    if (Size > RX_BUFF_SIZE) {
        Size = RX_BUFF_SIZE;
    }
    rbufp.recv_length = Size;
    memcpy(rbufp.recv_buffer, Data, Size);

    rbufp.msg_flags = 0;
    rbufp.used = 0;
    rbufp.link = NULL;
    rbufp.fd = sockfd;

    receive(&rbufp);
    return 0;
}

Line	Count	Source
1		#include <stddef.h>
2		#include <stdint.h>
3		#include <sys/types.h>
4		#include <sys/stat.h>
5		#include <fcntl.h>
6
7		#include "config.h"
8		#include "recvbuff.h"
9		#include "ntpd.h"
10
11		const char *Version = "libntpq 0.3beta";
12		int listen_to_virtual_ips = TRUE;
13		int mdnstries = 5;
14		char const *progname = "fuzz_ntpd_receive";
15		#ifdef HAVE_WORKING_FORK
16		int waitsync_fd_to_close = -1; /* -w/--wait-sync */
17		int daemon_pipe[2] = { -1, -1 };
18		#endif
19
20		static int initialized = 0;
21		int sockfd;
22		uint8_t itf_index;
23
24	8.16k	void fuzz_itf_selecter(void * data, interface_info_t * itf) {
25	8.16k	endpt ep = (endpt )data;
26	8.16k	if (itf_index == 0) {
27	2.03k	*ep = itf->ep;
28	2.03k	}
29	8.16k	itf_index--;
30	8.16k	}
31
32	2.04k	int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) {
33	2.04k	struct recvbuf rbufp;
34	2.04k	struct sockaddr_in addr;
35
36		// Initialize the address to prevent an assertion failure in restrictions()
37	2.04k	addr.sin_family = AF_INET;
38	2.04k	addr.sin_port = htons(123);
39	2.04k	addr.sin_addr.s_addr = htonl(0x7f000001);
40	2.04k	rbufp.recv_srcadr.sa4 = addr;
41		//memcpy(&rbufp.recv_srcadr, &addr, sizeof(struct sockaddr_in));
42
43	2.04k	if (initialized == 0) {
44	1	sockfd = open("/dev/null", O_RDWR );
45		//adds interfaces
46	1	init_io();
47	1	init_auth();
48	1	init_util();
49	1	init_restrict();
50	1	init_mon();
51	1	init_timer();
52	1	init_lib();
53	1	init_request();
54	1	init_control();
55	1	init_peer();
56	1	init_proto();
57	1	init_loopfilter();
58	1	io_open_sockets();
59	1	initialized = 1;
60	1	}
61
62	2.04k	if (Size < sizeof(l_fp)) {
63	5	return 0;
64	5	}
65	2.04k	memcpy(&rbufp.recv_time, Data, sizeof(l_fp));
66	2.04k	Data += sizeof(l_fp);
67	2.04k	Size -= sizeof(l_fp);
68
69	2.04k	if (Size < 1) {
70	1	return 0;
71	1	}
72	2.04k	itf_index = Data[0];
73	2.04k	rbufp.dstadr = NULL;
74	2.04k	interface_enumerate(fuzz_itf_selecter, &rbufp.dstadr);
75	2.04k	if (rbufp.dstadr == NULL) {
76	7	return 0;
77	7	}
78	2.03k	Data++;
79	2.03k	Size--;
80
81	2.03k	if (Size > RX_BUFF_SIZE) {
82	29	Size = RX_BUFF_SIZE;
83	29	}
84	2.03k	rbufp.recv_length = Size;
85	2.03k	memcpy(rbufp.recv_buffer, Data, Size);
86
87	2.03k	rbufp.msg_flags = 0;
88	2.03k	rbufp.used = 0;
89	2.03k	rbufp.link = NULL;
90	2.03k	rbufp.fd = sockfd;
91
92	2.03k	receive(&rbufp);
93	2.03k	return 0;
94	2.04k	}

Coverage Report

Created: 2026-02-26 06:20