1 /*
2 * Copyright (c) 2019 Yubico AB. All rights reserved.
3 * Use of this source code is governed by a BSD-style
4 * license that can be found in the LICENSE file.
5 */
6
7 /*
8 * cc -fPIC -D_GNU_SOURCE -shared -o preload-fuzz.so preload-fuzz.c
9 * LD_PRELOAD=$(realpath preload-fuzz.so)
10 */
11
12 #include <sys/types.h>
13 #include <sys/stat.h>
14
15 #include <dlfcn.h>
16 #include <err.h>
17 #include <errno.h>
18 #include <fcntl.h>
19 #include <limits.h>
20 #include <stdarg.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <unistd.h>
25
26 #define FUZZ_DEV_PREFIX "nodev"
27
28 static int fd_fuzz = -1;
29 static int (*open_f)(const char *, int, mode_t);
30 static int (*close_f)(int);
31 static ssize_t (*write_f)(int, const void *, size_t);
32
33 int
open(const char * path,int flags,...)34 open(const char *path, int flags, ...)
35 {
36 va_list ap;
37 mode_t mode;
38
39 va_start(ap, flags);
40 mode = va_arg(ap, mode_t);
41 va_end(ap);
42
43 if (open_f == NULL) {
44 open_f = dlsym(RTLD_NEXT, "open");
45 if (open_f == NULL) {
46 warnx("%s: dlsym", __func__);
47 errno = EACCES;
48 return (-1);
49 }
50 }
51
52 if (strncmp(path, FUZZ_DEV_PREFIX, strlen(FUZZ_DEV_PREFIX)) != 0)
53 return (open_f(path, flags, mode));
54
55 if (fd_fuzz != -1) {
56 warnx("%s: fd_fuzz != -1", __func__);
57 errno = EACCES;
58 return (-1);
59 }
60
61 if ((fd_fuzz = dup(STDIN_FILENO)) < 0) {
62 warn("%s: dup", __func__);
63 errno = EACCES;
64 return (-1);
65 }
66
67 return (fd_fuzz);
68 }
69
70 int
close(int fd)71 close(int fd)
72 {
73 if (close_f == NULL) {
74 close_f = dlsym(RTLD_NEXT, "close");
75 if (close_f == NULL) {
76 warnx("%s: dlsym", __func__);
77 errno = EACCES;
78 return (-1);
79 }
80 }
81
82 if (fd == fd_fuzz)
83 fd_fuzz = -1;
84
85 return (close_f(fd));
86 }
87
88 ssize_t
write(int fd,const void * buf,size_t nbytes)89 write(int fd, const void *buf, size_t nbytes)
90 {
91 if (write_f == NULL) {
92 write_f = dlsym(RTLD_NEXT, "write");
93 if (write_f == NULL) {
94 warnx("%s: dlsym", __func__);
95 errno = EBADF;
96 return (-1);
97 }
98 }
99
100 if (fd != fd_fuzz)
101 return (write_f(fd, buf, nbytes));
102
103 return (nbytes);
104 }
105