Mercurial > dropbear
annotate fuzzer-preauth.c @ 1385:6c92e97553f1 fuzz
Add a flag whether to longjmp, missed that last commit
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 01 Jun 2017 21:30:26 +0800 |
parents | ecdd4e8ae427 |
children | f0990c284663 |
rev | line source |
---|---|
1348 | 1 #include "fuzz.h" |
2 #include "session.h" | |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1348
diff
changeset
|
3 #include "fuzz-wrapfd.h" |
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
4 #include "debug.h" |
1348 | 5 |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1348
diff
changeset
|
6 static void setup_fuzzer(void) { |
1348 | 7 svr_setup_fuzzer(); |
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
8 //debug_trace = 1; |
1348 | 9 } |
10 | |
11 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { | |
12 static int once = 0; | |
13 if (!once) { | |
14 setup_fuzzer(); | |
1385
6c92e97553f1
Add a flag whether to longjmp, missed that last commit
Matt Johnston <matt@ucc.asn.au>
parents:
1384
diff
changeset
|
15 // XXX temporarily disable setjmp to debug asan segv |
6c92e97553f1
Add a flag whether to longjmp, missed that last commit
Matt Johnston <matt@ucc.asn.au>
parents:
1384
diff
changeset
|
16 fuzz.do_jmp = 0; |
1348 | 17 once = 1; |
18 } | |
19 | |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1348
diff
changeset
|
20 if (fuzzer_set_input(Data, Size) == DROPBEAR_FAILURE) { |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1348
diff
changeset
|
21 return 0; |
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1348
diff
changeset
|
22 } |
1348 | 23 |
1384
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
24 // get prefix. input format is |
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
25 // string prefix |
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
26 // uint32 wrapfd seed |
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
27 // ... to be extended later |
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
28 // [bytes] ssh input stream |
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1364
diff
changeset
|
29 |
1384
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
30 // be careful to avoid triggering buffer.c assertions |
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
31 if (fuzz.input->len < 8) { |
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
32 return 0; |
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
33 } |
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
34 size_t prefix_size = buf_getint(fuzz.input); |
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
35 if (prefix_size != 4) { |
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
36 return 0; |
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
37 } |
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
38 uint32_t wrapseed = buf_getint(fuzz.input); |
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
39 wrapfd_setseed(wrapseed); |
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1364
diff
changeset
|
40 |
1383
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1378
diff
changeset
|
41 int fakesock = 20; |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1348
diff
changeset
|
42 wrapfd_add(fakesock, fuzz.input, PLAIN); |
1348 | 43 |
1361
f9f930e1a516
add dbmalloc epoch cleanup
Matt Johnston <matt@ucc.asn.au>
parents:
1358
diff
changeset
|
44 m_malloc_set_epoch(1); |
1385
6c92e97553f1
Add a flag whether to longjmp, missed that last commit
Matt Johnston <matt@ucc.asn.au>
parents:
1384
diff
changeset
|
45 // XXX temporarily disable setjmp to debug asan segv |
1384
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
46 svr_session(fakesock, fakesock); |
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
47 #if 0 |
1348 | 48 if (setjmp(fuzz.jmp) == 0) { |
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1348
diff
changeset
|
49 svr_session(fakesock, fakesock); |
1384
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
50 m_malloc_free_epoch(1, 0); |
1348 | 51 } else { |
1378 | 52 m_malloc_free_epoch(1, 1); |
1357 | 53 TRACE(("dropbear_exit longjmped")) |
1348 | 54 // dropbear_exit jumped here |
55 } | |
1384
ecdd4e8ae427
don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
56 #endif |
1348 | 57 |
58 return 0; | |
59 } |