1 /* 2 * Copyright (c) 2019 Yubico AB. All rights reserved. 3 * Use of this source code is governed by a BSD-style 4 * license that can be found in the LICENSE file. 5 */ 6 7 /* 8 * cc -fPIC -D_GNU_SOURCE -shared -o preload-fuzz.so preload-fuzz.c 9 * LD_PRELOAD=$(realpath preload-fuzz.so) 10 */ 11 12 #include <sys/types.h> 13 #include <sys/stat.h> 14 15 #include <dlfcn.h> 16 #include <err.h> 17 #include <errno.h> 18 #include <fcntl.h> 19 #include <limits.h> 20 #include <stdarg.h> 21 #include <stdio.h> 22 #include <stdlib.h> 23 #include <string.h> 24 #include <unistd.h> 25 26 #define FUZZ_DEV_PREFIX "nodev" 27 28 static int fd_fuzz = -1; 29 static int (*open_f)(const char *, int, mode_t); 30 static int (*close_f)(int); 31 static ssize_t (*write_f)(int, const void *, size_t); 32 33 int 34 open(const char *path, int flags, ...) 35 { 36 va_list ap; 37 mode_t mode; 38 39 va_start(ap, flags); 40 mode = va_arg(ap, mode_t); 41 va_end(ap); 42 43 if (open_f == NULL) { 44 open_f = dlsym(RTLD_NEXT, "open"); 45 if (open_f == NULL) { 46 warnx("%s: dlsym", __func__); 47 errno = EACCES; 48 return (-1); 49 } 50 } 51 52 if (strncmp(path, FUZZ_DEV_PREFIX, strlen(FUZZ_DEV_PREFIX)) != 0) 53 return (open_f(path, flags, mode)); 54 55 if (fd_fuzz != -1) { 56 warnx("%s: fd_fuzz != -1", __func__); 57 errno = EACCES; 58 return (-1); 59 } 60 61 if ((fd_fuzz = dup(STDIN_FILENO)) < 0) { 62 warn("%s: dup", __func__); 63 errno = EACCES; 64 return (-1); 65 } 66 67 return (fd_fuzz); 68 } 69 70 int 71 close(int fd) 72 { 73 if (close_f == NULL) { 74 close_f = dlsym(RTLD_NEXT, "close"); 75 if (close_f == NULL) { 76 warnx("%s: dlsym", __func__); 77 errno = EACCES; 78 return (-1); 79 } 80 } 81 82 if (fd == fd_fuzz) 83 fd_fuzz = -1; 84 85 return (close_f(fd)); 86 } 87 88 ssize_t 89 write(int fd, const void *buf, size_t nbytes) 90 { 91 if (write_f == NULL) { 92 write_f = dlsym(RTLD_NEXT, "write"); 93 if (write_f == NULL) { 94 warnx("%s: dlsym", __func__); 95 errno = EBADF; 96 return (-1); 97 } 98 } 99 100 if (fd != fd_fuzz) 101 return (write_f(fd, buf, nbytes)); 102 103 return (nbytes); 104 } 105