Mercurial > dropbear
annotate fuzz-common.c @ 1356:3677a510f545 fuzz
add wrapfd. improve fuzzer in makefile
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 19 May 2017 00:48:46 +0800 |
parents | f3c8975de38e |
children | 08f4fa4dc6a0 |
rev | line source |
---|---|
1348 | 1 #include "includes.h" |
2 | |
3 #ifdef DROPBEAR_FUZZ | |
4 | |
5 #include "includes.h" | |
6 #include "fuzz.h" | |
7 #include "dbutil.h" | |
8 #include "runopts.h" | |
1353 | 9 #include "crypto_desc.h" |
10 #include "session.h" | |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
11 #include "dbrandom.h" |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
12 #include "fuzz-wrapfd.h" |
1348 | 13 |
14 struct dropbear_fuzz_options fuzz; | |
15 | |
16 static void load_fixed_hostkeys(void); | |
17 | |
18 static void common_setup_fuzzer(void) { | |
19 fuzz.fuzzing = 1; | |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
20 fuzz.input = m_malloc(sizeof(buffer)); |
1350 | 21 crypto_init(); |
1348 | 22 } |
23 | |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
24 int fuzzer_set_input(const uint8_t *Data, size_t Size) { |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
25 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
26 fuzz.input->data = (unsigned char*)Data; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
27 fuzz.input->size = Size; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
28 fuzz.input->len = Size; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
29 fuzz.input->pos = 0; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
30 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
31 // get prefix. input format is |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
32 // string prefix |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
33 // uint32_t seed |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
34 // ... to be extended later |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
35 // [bytes] ssh input stream |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
36 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
37 // be careful to avoid triggering buffer.c assertions |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
38 if (fuzz.input->len < 8) { |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
39 return DROPBEAR_FAILURE; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
40 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
41 size_t prefix_size = buf_getint(fuzz.input); |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
42 if (prefix_size != 4) { |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
43 return DROPBEAR_FAILURE; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
44 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
45 uint32_t wrapseed = buf_getint(fuzz.input); |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
46 wrapfd_setup(wrapseed); |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
47 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
48 seedrandom(); |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
49 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
50 return DROPBEAR_SUCCESS; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
51 } |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
52 |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
53 |
1348 | 54 void svr_setup_fuzzer(void) { |
55 struct passwd *pw; | |
56 | |
57 common_setup_fuzzer(); | |
1353 | 58 |
59 _dropbear_exit = svr_dropbear_exit; | |
60 _dropbear_log = svr_dropbear_log; | |
1348 | 61 |
62 char *argv[] = { | |
63 "-E", | |
64 }; | |
65 | |
66 int argc = sizeof(argv) / sizeof(*argv); | |
67 svr_getopts(argc, argv); | |
68 | |
69 /* user lookups might be slow, cache it */ | |
70 pw = getpwuid(getuid()); | |
71 dropbear_assert(pw); | |
72 fuzz.pw_name = m_strdup(pw->pw_name); | |
73 fuzz.pw_dir = m_strdup(pw->pw_dir); | |
74 fuzz.pw_shell = m_strdup(pw->pw_shell); | |
75 fuzz.pw_passwd = m_strdup("!!zzznope"); | |
76 | |
77 load_fixed_hostkeys(); | |
78 } | |
79 | |
80 static void load_fixed_hostkeys(void) { | |
81 #include "fuzz-hostkeys.c" | |
82 | |
83 buffer *b = buf_new(3000); | |
84 enum signkey_type type; | |
85 | |
86 TRACE(("load fixed hostkeys")) | |
87 | |
88 svr_opts.hostkey = new_sign_key(); | |
89 | |
90 buf_setlen(b, 0); | |
91 buf_putbytes(b, keyr, keyr_len); | |
92 buf_setpos(b, 0); | |
93 type = DROPBEAR_SIGNKEY_RSA; | |
94 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
95 dropbear_exit("failed fixed rsa hostkey"); | |
96 } | |
97 | |
98 buf_setlen(b, 0); | |
99 buf_putbytes(b, keyd, keyd_len); | |
100 buf_setpos(b, 0); | |
101 type = DROPBEAR_SIGNKEY_DSS; | |
102 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
103 dropbear_exit("failed fixed dss hostkey"); | |
104 } | |
105 | |
106 buf_setlen(b, 0); | |
107 buf_putbytes(b, keye, keye_len); | |
108 buf_setpos(b, 0); | |
109 type = DROPBEAR_SIGNKEY_ECDSA_NISTP256; | |
110 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
111 dropbear_exit("failed fixed ecdsa hostkey"); | |
112 } | |
113 | |
114 buf_free(b); | |
115 } | |
116 | |
117 #endif /* DROPBEAR_FUZZ */ |