static void sanitise_send(struct syscallrecord *rec) { struct socketinfo *si = (struct socketinfo *) rec->a1; const struct netproto *proto; void *ptr; size_t size; rec->a1 = fd_from_socketinfo(si); if (si == NULL) // handle --disable-fds=sockets goto skip_si; proto = net_protocols[si->triplet.family].proto; if (proto != NULL) { if (proto->gen_packet != NULL) { ptr = &rec->a2; proto->gen_packet(&si->triplet, ptr, &rec->a3); // printf("Sending to family:%d type:%d proto:%d\n", // si->triplet.family, si->triplet.type, si->triplet.protocol); return; } } skip_si: /* The rest of this function is only used as a fallback, if the per-proto * send()'s aren't implemented. */ if (RAND_BOOL()) size = 1; else size = rnd() % page_size; ptr = malloc(size); rec->a2 = (unsigned long) ptr; if (ptr == NULL) return; rec->a3 = size; generate_rand_bytes(ptr, size); }
/* * SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned, flags) */ static void sanitise_sendmsg(struct syscallrecord *rec) { struct socketinfo *si = (struct socketinfo *) rec->a1; struct msghdr *msg; struct sockaddr *sa = NULL; socklen_t salen = 0; if (si == NULL) // handle --disable-fds=sockets goto skip_si; rec->a1 = fd_from_socketinfo((struct socketinfo *) rec->a1); generate_sockaddr((struct sockaddr **) &sa, (socklen_t *) &salen, si->triplet.family); skip_si: msg = zmalloc(sizeof(struct msghdr)); msg->msg_name = sa; msg->msg_namelen = salen; if (RAND_BOOL()) { unsigned int num_entries; num_entries = RAND_RANGE(1, 3); msg->msg_iov = alloc_iovec(num_entries); msg->msg_iovlen = num_entries; } if (RAND_BOOL()) { msg->msg_controllen = rand32() % 20480; // /proc/sys/net/core/optmem_max msg->msg_control = get_address(); } else { msg->msg_controllen = 0; } if (ONE_IN(100)) msg->msg_flags = rand32(); else msg->msg_flags = 0; rec->a2 = (unsigned long) msg; }
/* * SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned, flags) */ static void sanitise_sendmsg(struct syscallrecord *rec) { struct msghdr *msg; struct sockaddr *sa = NULL; socklen_t salen; rec->a1 = fd_from_socketinfo((struct socketinfo *) rec->a1); msg = zmalloc(sizeof(struct msghdr)); generate_sockaddr((struct sockaddr **) &sa, (socklen_t *) &salen, rnd() % TRINITY_PF_MAX); msg->msg_name = sa; msg->msg_namelen = salen; msg->msg_iov = get_address(); msg->msg_iovlen = get_len(); msg->msg_control = get_address(); msg->msg_controllen = get_len(); msg->msg_flags = rand32(); rec->a2 = (unsigned long) msg; }
static void sanitise_accept(struct syscallrecord *rec) { rec->a1 = fd_from_socketinfo((struct socketinfo *) rec->a1); }