dropbear: fuzzer-verify.c annotate

annotate fuzzer-verify.c @ 1629:258b57b208ae

Fix for issue successfull login of disabled user (#78) This commit introduces fix for scenario: 1. Root login disabled on dropbear 2. PAM authentication model enabled While login as root user, after prompt for password user is being notified about login failrue, but after second attempt of prompt for password within same session, login becames succesfull. Signed-off-by: Pawel Rapkiewicz <[email protected]>

author	vincentto13 <33652988+vincentto13@users.noreply.github.com>
date	Wed, 20 Mar 2019 15:03:40 +0100
parents	92c93b4a3646
children	f52919ffd3b1

rev	line source
1380 d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 #include "fuzz.h"
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 #include "session.h"
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 #include "fuzz-wrapfd.h"
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 #include "debug.h"
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 static void setup_fuzzer(void) {
1456 a90fdd2d2ed8 add fuzzer-preauth_nomaths Matt Johnston <matt@ucc.asn.au> parents: 1380 diff changeset	7 fuzz_common_setup();
1380 d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 }
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 static buffer *verifydata;
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12 /* Tests reading a public key and verifying a signature */
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 static int once = 0;
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 if (!once) {
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 setup_fuzzer();
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 verifydata = buf_new(30);
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 buf_putstring(verifydata, "x", 1);
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 once = 1;
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 }
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21
1456 a90fdd2d2ed8 add fuzzer-preauth_nomaths Matt Johnston <matt@ucc.asn.au> parents: 1380 diff changeset	22 if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
1380 d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 return 0;
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 }
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 m_malloc_set_epoch(1);
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 if (setjmp(fuzz.jmp) == 0) {
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 sign_key *key = new_sign_key();
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	30 enum signkey_type type = DROPBEAR_SIGNKEY_ANY;
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31 if (buf_get_pub_key(fuzz.input, key, &type) == DROPBEAR_SUCCESS) {
1529 66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	32 if (buf_verify(fuzz.input, key, verifydata) == DROPBEAR_SUCCESS) {
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	33 /* The fuzzer is capable of generating keys with a signature to match.
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	34 We don't want false positives if the key is bogus, since a client/server
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	35 wouldn't be trusting a bogus key anyway */
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	36 int boguskey = 0;
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	37
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	38 if (type == DROPBEAR_SIGNKEY_DSS) {
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	39 /* So far have seen dss keys with bad p/q/g domain parameters */
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	40 int pprime, qprime;
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	41 assert(mp_prime_is_prime(key->dsskey->p, 5, &pprime) == MP_OKAY);
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	42 assert(mp_prime_is_prime(key->dsskey->q, 18, &qprime) == MP_OKAY);
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	43 boguskey = !(pprime && qprime);
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	44 /* Could also check g*q mod p == 1 /
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	45 }
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	46
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	47 if (!boguskey) {
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	48 printf("Random key/signature managed to verify!\n");
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	49 abort();
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	50 }
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	51
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	52
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	53 }
1380 d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	54 }
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55 sign_key_free(key);
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56 m_malloc_free_epoch(1, 0);
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 } else {
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 m_malloc_free_epoch(1, 1);
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59 TRACE(("dropbear_exit longjmped"))
1559 92c93b4a3646 Fix to be able to compile normal(ish) binaries with --enable-fuzz Matt Johnston <matt@ucc.asn.au> parents: 1529 diff changeset	60 /* dropbear_exit jumped here */
1380 d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 }
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	62
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	63 return 0;
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	64 }

Mercurial > dropbear

annotate fuzzer-verify.c @ 1629:258b57b208ae