dropbear: fuzzer-verify.c annotate

annotate fuzzer-verify.c @ 1715:3974f087d9c0

Disallow leading lines before the ident for server (#102) Per RFC4253 4.2 clients must be able to process other lines of data before the version string, server behavior is not defined neither with MUST/SHOULD nor with MAY. If server process up to 50 lines too - it may cause too long hanging session with invalid/evil client that consume host resources and potentially may lead to DDoS on poor embedded boxes. Let's require first line from client to be version string and fail early if it's not - matches both RFC and real OpenSSH behavior.

author	Vladislav Grishenko <themiron@users.noreply.github.com>
date	Mon, 15 Jun 2020 18:22:18 +0500
parents	e01f9ec6d177
children

rev	line source
1380 d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 #include "fuzz.h"
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 #include "session.h"
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 #include "fuzz-wrapfd.h"
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 #include "debug.h"
1688 e01f9ec6d177 Fix untested rsa-sha256 change to fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	5 #include "dss.h"
1380 d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 static void setup_fuzzer(void) {
1456 a90fdd2d2ed8 add fuzzer-preauth_nomaths Matt Johnston <matt@ucc.asn.au> parents: 1380 diff changeset	8 fuzz_common_setup();
1380 d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 }
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 static buffer *verifydata;
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 /* Tests reading a public key and verifying a signature */
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 static int once = 0;
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 if (!once) {
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 setup_fuzzer();
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 verifydata = buf_new(30);
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 buf_putstring(verifydata, "x", 1);
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 once = 1;
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 }
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22
1456 a90fdd2d2ed8 add fuzzer-preauth_nomaths Matt Johnston <matt@ucc.asn.au> parents: 1380 diff changeset	23 if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
1380 d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 return 0;
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 }
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 m_malloc_set_epoch(1);
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 if (setjmp(fuzz.jmp) == 0) {
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	30 sign_key *key = new_sign_key();
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1655 diff changeset	31 enum signkey_type keytype = DROPBEAR_SIGNKEY_ANY;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1655 diff changeset	32 if (buf_get_pub_key(fuzz.input, key, &keytype) == DROPBEAR_SUCCESS) {
1676 d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	33 enum signature_type sigtype;
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1655 diff changeset	34 if (keytype == DROPBEAR_SIGNKEY_RSA) {
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1655 diff changeset	35 /* Flip a coin to decide rsa signature type */
1688 e01f9ec6d177 Fix untested rsa-sha256 change to fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	36 int flag = buf_getbyte(fuzz.input);
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1655 diff changeset	37 if (flag & 0x01) {
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1655 diff changeset	38 sigtype = DROPBEAR_SIGNATURE_RSA_SHA256;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1655 diff changeset	39 } else {
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1655 diff changeset	40 sigtype = DROPBEAR_SIGNATURE_RSA_SHA1;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1655 diff changeset	41 }
1676 d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	42 } else {
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	43 sigtype = signature_type_from_signkey(keytype);
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1655 diff changeset	44 }
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1655 diff changeset	45 if (buf_verify(fuzz.input, key, sigtype, verifydata) == DROPBEAR_SUCCESS) {
1529 66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	46 /* The fuzzer is capable of generating keys with a signature to match.
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	47 We don't want false positives if the key is bogus, since a client/server
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	48 wouldn't be trusting a bogus key anyway */
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	49 int boguskey = 0;
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	50
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1655 diff changeset	51 if (keytype == DROPBEAR_SIGNKEY_DSS) {
1529 66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	52 /* So far have seen dss keys with bad p/q/g domain parameters */
1655 f52919ffd3b1 update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79) Steffen Jaeckel <s_jaeckel@gmx.de> parents: 1559 diff changeset	53 int pprime, qprime, trials;
f52919ffd3b1 update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79) Steffen Jaeckel <s_jaeckel@gmx.de> parents: 1559 diff changeset	54 trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->p));
f52919ffd3b1 update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79) Steffen Jaeckel <s_jaeckel@gmx.de> parents: 1559 diff changeset	55 assert(mp_prime_is_prime(key->dsskey->p, trials, &pprime) == MP_OKAY);
f52919ffd3b1 update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79) Steffen Jaeckel <s_jaeckel@gmx.de> parents: 1559 diff changeset	56 trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->q));
f52919ffd3b1 update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79) Steffen Jaeckel <s_jaeckel@gmx.de> parents: 1559 diff changeset	57 assert(mp_prime_is_prime(key->dsskey->q, trials, &qprime) == MP_OKAY);
f52919ffd3b1 update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79) Steffen Jaeckel <s_jaeckel@gmx.de> parents: 1559 diff changeset	58 boguskey = !(pprime && qprime);
f52919ffd3b1 update ltm to 1.1.0 and enable FIPS 186.4 compliant key-generation (#79) Steffen Jaeckel <s_jaeckel@gmx.de> parents: 1559 diff changeset	59 /* Could also check g*q mod p == 1 /
1529 66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	60 }
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	61
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	62 if (!boguskey) {
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	63 printf("Random key/signature managed to verify!\n");
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	64 abort();
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	65 }
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	66
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	67
66a1a2547133 The fuzzer has managed to generated DSS key/signature pairs that Matt Johnston <matt@ucc.asn.au> parents: 1456 diff changeset	68 }
1380 d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69 }
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70 sign_key_free(key);
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	71 m_malloc_free_epoch(1, 0);
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	72 } else {
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	73 m_malloc_free_epoch(1, 1);
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	74 TRACE(("dropbear_exit longjmped"))
1559 92c93b4a3646 Fix to be able to compile normal(ish) binaries with --enable-fuzz Matt Johnston <matt@ucc.asn.au> parents: 1529 diff changeset	75 /* dropbear_exit jumped here */
1380 d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	76 }
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	77
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	78 return 0;
d201105df2ed add fuzzer-verify Matt Johnston <matt@ucc.asn.au> parents: diff changeset	79 }

Mercurial > dropbear

annotate fuzzer-verify.c @ 1715:3974f087d9c0