static void bpf_prog_load(union bpf_attr *attr)
{
unsigned long *insns = NULL, len = 0;
attr->prog_type = RAND_ARRAY(bpf_prog_types);
switch (attr->prog_type) {
case BPF_PROG_TYPE_SOCKET_FILTER:
bpf_gen_filter(&insns, &len);
break;
default:
// this will go away when all the other cases are enumerated
insns = zmalloc(page_size);
generate_rand_bytes((unsigned char *)insns, len);
break;
}
attr->insn_cnt = len;
attr->insns = (u64) insns;
attr->license = (u64) license;
attr->log_level = 0;
attr->log_size = rnd() % page_size;
attr->log_buf = (u64) get_writable_address(page_size);
attr->kern_version = rnd(); // TODO: stick uname in here.
}
static void unix_gen_sockaddr(struct sockaddr **addr, socklen_t *addrlen)
{
struct sockaddr_un *unixsock;
unsigned int len;
unixsock = zmalloc(sizeof(struct sockaddr_un));
unixsock->sun_family = PF_UNIX;
len = rnd() % 20;
generate_rand_bytes((unsigned char *)unixsock->sun_path, len);
*addr = (struct sockaddr *) unixsock;
*addrlen = sizeof(struct sockaddr_un);
}
static void sanitise_send(struct syscallrecord *rec)
{
struct socketinfo *si = (struct socketinfo *) rec->a1;
const struct netproto *proto;
void *ptr;
size_t size;
rec->a1 = fd_from_socketinfo(si);
if (si == NULL) // handle --disable-fds=sockets
goto skip_si;
proto = net_protocols[si->triplet.family].proto;
if (proto != NULL) {
if (proto->gen_packet != NULL) {
ptr = &rec->a2;
proto->gen_packet(&si->triplet, ptr, &rec->a3);
// printf("Sending to family:%d type:%d proto:%d\n",
// si->triplet.family, si->triplet.type, si->triplet.protocol);
return;
}
}
skip_si:
/* The rest of this function is only used as a fallback, if the per-proto
* send()'s aren't implemented.
*/
if (RAND_BOOL())
size = 1;
else
size = rnd() % page_size;
ptr = malloc(size);
rec->a2 = (unsigned long) ptr;
if (ptr == NULL)
return;
rec->a3 = size;
generate_rand_bytes(ptr, size);
}
static void rose_gen_sockaddr(struct sockaddr **addr, socklen_t *addrlen)
{
struct sockaddr_rose *rose;
rose = zmalloc(sizeof(struct sockaddr_rose));
rose->srose_family = PF_ROSE;
rose->srose_addr.rose_addr[0] = rnd();
rose->srose_addr.rose_addr[1] = rnd();
rose->srose_addr.rose_addr[2] = rnd();
rose->srose_addr.rose_addr[3] = rnd();
rose->srose_addr.rose_addr[4] = rnd();
generate_rand_bytes((unsigned char *) rose->srose_call.ax25_call, sizeof(ax25_address));
rose->srose_ndigis = rnd();
*addr = (struct sockaddr *) rose;
*addrlen = sizeof(struct sockaddr_rose);
}
static void sanitise_send(struct syscallrecord *rec)
{
void *ptr;
unsigned int size;
rec->a1 = generic_fd_from_socketinfo((struct socketinfo *) rec->a1);
if (RAND_BOOL())
size = 1;
else
size = rand() % page_size;
ptr = malloc(size);
rec->a2 = (unsigned long) ptr;
if (ptr == NULL)
return;
rec->a3 = size;
// TODO: only use this as a fallback, and actually have
// some per-proto generators here.
generate_rand_bytes(ptr, size);
}
