Mercurial > dropbear
annotate fuzz-common.c @ 1629:258b57b208ae
Fix for issue successfull login of disabled user (#78)
This commit introduces fix for scenario:
1. Root login disabled on dropbear
2. PAM authentication model enabled
While login as root user, after prompt for password
user is being notified about login failrue, but
after second attempt of prompt for password within
same session, login becames succesfull.
Signed-off-by: Pawel Rapkiewicz <[email protected]>
| author | vincentto13 <33652988+vincentto13@users.noreply.github.com> |
|---|---|
| date | Wed, 20 Mar 2019 15:03:40 +0100 |
| parents | 35af85194268 |
| children | d32bcb5c557d |
| rev | line source |
|---|---|
| 1348 | 1 #include "includes.h" |
| 2 | |
| 3 #include "includes.h" | |
| 4 #include "fuzz.h" | |
| 5 #include "dbutil.h" | |
| 6 #include "runopts.h" | |
| 1353 | 7 #include "crypto_desc.h" |
| 8 #include "session.h" | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
9 #include "dbrandom.h" |
| 1457 | 10 #include "bignum.h" |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
11 #include "fuzz-wrapfd.h" |
| 1348 | 12 |
| 13 struct dropbear_fuzz_options fuzz; | |
| 14 | |
|
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
15 static void fuzz_dropbear_log(int UNUSED(priority), const char* format, va_list param); |
| 1348 | 16 static void load_fixed_hostkeys(void); |
| 17 | |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
18 void fuzz_common_setup(void) { |
| 1348 | 19 fuzz.fuzzing = 1; |
| 1357 | 20 fuzz.wrapfds = 1; |
|
1385
6c92e97553f1
Add a flag whether to longjmp, missed that last commit
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
21 fuzz.do_jmp = 1; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
22 fuzz.input = m_malloc(sizeof(buffer)); |
|
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
23 _dropbear_log = fuzz_dropbear_log; |
| 1350 | 24 crypto_init(); |
|
1589
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
25 fuzz_seed(); |
|
1529
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1457
diff
changeset
|
26 /* let any messages get flushed */ |
|
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1457
diff
changeset
|
27 setlinebuf(stdout); |
| 1348 | 28 } |
| 29 | |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
30 int fuzz_set_input(const uint8_t *Data, size_t Size) { |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
31 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
32 fuzz.input->data = (unsigned char*)Data; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
33 fuzz.input->size = Size; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
34 fuzz.input->len = Size; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
35 fuzz.input->pos = 0; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
36 |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
37 memset(&ses, 0x0, sizeof(ses)); |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
38 memset(&svr_ses, 0x0, sizeof(svr_ses)); |
|
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1373
diff
changeset
|
39 wrapfd_setup(); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
40 |
| 1369 | 41 fuzz_seed(); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
42 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
43 return DROPBEAR_SUCCESS; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
44 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
45 |
|
1558
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
46 #if DEBUG_TRACE |
|
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
47 static void fuzz_dropbear_log(int UNUSED(priority), const char* format, va_list param) { |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
48 if (debug_trace) { |
|
1558
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
49 char printbuf[1024]; |
|
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
50 vsnprintf(printbuf, sizeof(printbuf), format, param); |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
51 fprintf(stderr, "%s\n", printbuf); |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
52 } |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
53 } |
|
1558
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
54 #else |
|
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
55 static void fuzz_dropbear_log(int UNUSED(priority), const char* UNUSED(format), va_list UNUSED(param)) { |
|
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
56 /* No print */ |
|
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
57 } |
|
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
58 #endif /* DEBUG_TRACE */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
59 |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
60 void fuzz_svr_setup(void) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
61 fuzz_common_setup(); |
| 1353 | 62 |
| 63 _dropbear_exit = svr_dropbear_exit; | |
| 1348 | 64 |
| 65 char *argv[] = { | |
| 66 "-E", | |
| 67 }; | |
| 68 | |
| 69 int argc = sizeof(argv) / sizeof(*argv); | |
| 70 svr_getopts(argc, argv); | |
| 71 | |
| 72 /* user lookups might be slow, cache it */ | |
|
1386
f0990c284663
fuzzer-preauth don't call getpwnam(), bring back longjmp
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
73 fuzz.pw_name = m_strdup("person"); |
|
f0990c284663
fuzzer-preauth don't call getpwnam(), bring back longjmp
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
74 fuzz.pw_dir = m_strdup("/tmp"); |
|
f0990c284663
fuzzer-preauth don't call getpwnam(), bring back longjmp
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
75 fuzz.pw_shell = m_strdup("/bin/zsh"); |
| 1348 | 76 fuzz.pw_passwd = m_strdup("!!zzznope"); |
| 77 | |
| 78 load_fixed_hostkeys(); | |
| 79 } | |
| 80 | |
| 81 static void load_fixed_hostkeys(void) { | |
| 82 #include "fuzz-hostkeys.c" | |
| 83 | |
| 84 buffer *b = buf_new(3000); | |
| 85 enum signkey_type type; | |
| 86 | |
| 87 TRACE(("load fixed hostkeys")) | |
| 88 | |
| 89 svr_opts.hostkey = new_sign_key(); | |
| 90 | |
| 91 buf_setlen(b, 0); | |
| 92 buf_putbytes(b, keyr, keyr_len); | |
| 93 buf_setpos(b, 0); | |
| 94 type = DROPBEAR_SIGNKEY_RSA; | |
| 95 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
| 96 dropbear_exit("failed fixed rsa hostkey"); | |
| 97 } | |
| 98 | |
| 99 buf_setlen(b, 0); | |
| 100 buf_putbytes(b, keyd, keyd_len); | |
| 101 buf_setpos(b, 0); | |
| 102 type = DROPBEAR_SIGNKEY_DSS; | |
| 103 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
| 104 dropbear_exit("failed fixed dss hostkey"); | |
| 105 } | |
| 106 | |
| 107 buf_setlen(b, 0); | |
| 108 buf_putbytes(b, keye, keye_len); | |
| 109 buf_setpos(b, 0); | |
| 110 type = DROPBEAR_SIGNKEY_ECDSA_NISTP256; | |
| 111 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
| 112 dropbear_exit("failed fixed ecdsa hostkey"); | |
| 113 } | |
| 114 | |
| 115 buf_free(b); | |
| 116 } | |
| 117 | |
| 1357 | 118 void fuzz_kex_fakealgos(void) { |
| 119 ses.newkeys->recv.crypt_mode = &dropbear_mode_none; | |
| 120 } | |
|
1383
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
121 |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
122 void fuzz_get_socket_address(int UNUSED(fd), char **local_host, char **local_port, |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
123 char **remote_host, char **remote_port, int UNUSED(host_lookup)) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
124 if (local_host) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
125 *local_host = m_strdup("fuzzlocalhost"); |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
126 } |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
127 if (local_port) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
128 *local_port = m_strdup("1234"); |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
129 } |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
130 if (remote_host) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
131 *remote_host = m_strdup("fuzzremotehost"); |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
132 } |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
133 if (remote_port) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
134 *remote_port = m_strdup("9876"); |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
135 } |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
136 } |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
137 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
138 /* cut down version of svr_send_msg_kexdh_reply() that skips slow maths. Still populates structures */ |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
139 void fuzz_fake_send_kexdh_reply(void) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
140 assert(!ses.dh_K); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
141 m_mp_alloc_init_multi(&ses.dh_K, NULL); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
142 mp_set_int(ses.dh_K, 12345678); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
143 finish_kexhashbuf(); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
144 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
145 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
146 int fuzz_run_preauth(const uint8_t *Data, size_t Size, int skip_kexmaths) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
147 static int once = 0; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
148 if (!once) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
149 fuzz_svr_setup(); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
150 fuzz.skip_kexmaths = skip_kexmaths; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
151 once = 1; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
152 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
153 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
154 if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
155 return 0; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
156 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
157 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
158 /* |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
159 get prefix. input format is |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
160 string prefix |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
161 uint32 wrapfd seed |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
162 ... to be extended later |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
163 [bytes] ssh input stream |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
164 */ |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
165 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
166 /* be careful to avoid triggering buffer.c assertions */ |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
167 if (fuzz.input->len < 8) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
168 return 0; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
169 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
170 size_t prefix_size = buf_getint(fuzz.input); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
171 if (prefix_size != 4) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
172 return 0; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
173 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
174 uint32_t wrapseed = buf_getint(fuzz.input); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
175 wrapfd_setseed(wrapseed); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
176 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
177 int fakesock = 20; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
178 wrapfd_add(fakesock, fuzz.input, PLAIN); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
179 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
180 m_malloc_set_epoch(1); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
181 if (setjmp(fuzz.jmp) == 0) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
182 svr_session(fakesock, fakesock); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
183 m_malloc_free_epoch(1, 0); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
184 } else { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
185 m_malloc_free_epoch(1, 1); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
186 TRACE(("dropbear_exit longjmped")) |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
187 /* dropbear_exit jumped here */ |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
188 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
189 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
190 return 0; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
191 } |
|
1589
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
192 |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
193 const void* fuzz_get_algo(const algo_type *algos, const char* name) { |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
194 const algo_type *t; |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
195 for (t = algos; t->name; t++) { |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
196 if (strcmp(t->name, name) == 0) { |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
197 return t->data; |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
198 } |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
199 } |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
200 assert(0); |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
201 } |