Mercurial > dropbear
annotate fuzz/fuzzer-pubkey.c @ 1902:4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
This reverts git commit f972813ecdc7bb981d25b5a63638bd158f1c8e72.
The sk algorithms need to remain in the sigalgs list so that they
are included in the server-sig-algs ext-info message sent by
the server. RFC8308 for server-sig-algs requires that all algorithms are
listed (though OpenSSH client 8.4p1 tested doesn't require that)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 24 Mar 2022 13:42:08 +0800 |
parents | 97ad26e397a5 |
children |
rev | line source |
---|---|
1369 | 1 #include "fuzz.h" |
2 #include "session.h" | |
3 #include "fuzz-wrapfd.h" | |
4 #include "debug.h" | |
5 | |
6 static void setup_fuzzer(void) { | |
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
7 fuzz_common_setup(); |
1369 | 8 } |
9 | |
10 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { | |
11 static int once = 0; | |
12 if (!once) { | |
13 setup_fuzzer(); | |
14 once = 1; | |
15 } | |
16 | |
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
17 if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { |
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
18 return 0; |
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
19 } |
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
20 |
1369 | 21 m_malloc_set_epoch(1); |
22 | |
1584
cdfab509c392
use random keyblob from the fuzzer instead
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
23 if (setjmp(fuzz.jmp) == 0) { |
cdfab509c392
use random keyblob from the fuzzer instead
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
24 buffer *line = buf_getstringbuf(fuzz.input); |
cdfab509c392
use random keyblob from the fuzzer instead
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
25 buffer *keyblob = buf_getstringbuf(fuzz.input); |
cdfab509c392
use random keyblob from the fuzzer instead
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
26 |
cdfab509c392
use random keyblob from the fuzzer instead
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
27 unsigned int algolen; |
1586
e6a5e51a29c9
- fuzzer-pubkey needs to free algoname, fix build
Matt Johnston <matt@ucc.asn.au>
parents:
1584
diff
changeset
|
28 char* algoname = buf_getstring(keyblob, &algolen); |
1369 | 29 |
1777
97ad26e397a5
Add server postauth fuzzer, wrap connect_remote()
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
30 if (signature_type_from_name(algoname, algolen) == DROPBEAR_SIGNATURE_NONE) { |
1584
cdfab509c392
use random keyblob from the fuzzer instead
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
31 dropbear_exit("fuzzer imagined a bogus algorithm"); |
cdfab509c392
use random keyblob from the fuzzer instead
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
32 } |
1598
252b406d0e9a
avoid leak of pubkey_options
Matt Johnston <matt@ucc.asn.au>
parents:
1586
diff
changeset
|
33 |
252b406d0e9a
avoid leak of pubkey_options
Matt Johnston <matt@ucc.asn.au>
parents:
1586
diff
changeset
|
34 int ret = fuzz_checkpubkey_line(line, 5, "/home/me/authorized_keys", |
1584
cdfab509c392
use random keyblob from the fuzzer instead
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
35 algoname, algolen, |
cdfab509c392
use random keyblob from the fuzzer instead
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
36 keyblob->data, keyblob->len); |
cdfab509c392
use random keyblob from the fuzzer instead
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
37 |
1598
252b406d0e9a
avoid leak of pubkey_options
Matt Johnston <matt@ucc.asn.au>
parents:
1586
diff
changeset
|
38 if (ret == DROPBEAR_SUCCESS) { |
252b406d0e9a
avoid leak of pubkey_options
Matt Johnston <matt@ucc.asn.au>
parents:
1586
diff
changeset
|
39 /* fuzz_checkpubkey_line() should have cleaned up for failure */ |
252b406d0e9a
avoid leak of pubkey_options
Matt Johnston <matt@ucc.asn.au>
parents:
1586
diff
changeset
|
40 svr_pubkey_options_cleanup(); |
252b406d0e9a
avoid leak of pubkey_options
Matt Johnston <matt@ucc.asn.au>
parents:
1586
diff
changeset
|
41 } |
252b406d0e9a
avoid leak of pubkey_options
Matt Johnston <matt@ucc.asn.au>
parents:
1586
diff
changeset
|
42 |
1584
cdfab509c392
use random keyblob from the fuzzer instead
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
43 buf_free(line); |
cdfab509c392
use random keyblob from the fuzzer instead
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
44 buf_free(keyblob); |
1586
e6a5e51a29c9
- fuzzer-pubkey needs to free algoname, fix build
Matt Johnston <matt@ucc.asn.au>
parents:
1584
diff
changeset
|
45 m_free(algoname); |
1383
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1378
diff
changeset
|
46 m_malloc_free_epoch(1, 0); |
1369 | 47 } else { |
1378 | 48 m_malloc_free_epoch(1, 1); |
1369 | 49 TRACE(("dropbear_exit longjmped")) |
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1456
diff
changeset
|
50 /* dropbear_exit jumped here */ |
1369 | 51 } |
52 | |
53 return 0; | |
54 } |