Mercurial > dropbear

annotate fuzzer-preauth.c @ 1385:6c92e97553f1 fuzz

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add a flag whether to longjmp, missed that last commit
author Matt Johnston <matt@ucc.asn.au>
date Thu, 01 Jun 2017 21:30:26 +0800
parents ecdd4e8ae427
children f0990c284663
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 #include "fuzz.h"
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 #include "session.h"
1356
3677a510f545 add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
3 #include "fuzz-wrapfd.h"
1358
6b89eb92f872 glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents: 1357
diff changeset
4 #include "debug.h"
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5
1356
3677a510f545 add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
6 static void setup_fuzzer(void) {
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7 svr_setup_fuzzer();
1358
6b89eb92f872 glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents: 1357
diff changeset
8 //debug_trace = 1;
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9 }
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
12 static int once = 0;
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 if (!once) {
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 setup_fuzzer();
1385
6c92e97553f1 Add a flag whether to longjmp, missed that last commit
Matt Johnston <matt@ucc.asn.au>
parents: 1384
diff changeset
15 // XXX temporarily disable setjmp to debug asan segv
6c92e97553f1 Add a flag whether to longjmp, missed that last commit
Matt Johnston <matt@ucc.asn.au>
parents: 1384
diff changeset
16 fuzz.do_jmp = 0;
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 once = 1;
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 }
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19
1356
3677a510f545 add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
20 if (fuzzer_set_input(Data, Size) == DROPBEAR_FAILURE) {
3677a510f545 add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
21 return 0;
3677a510f545 add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
22 }
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
23
1384
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
24 // get prefix. input format is
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
25 // string prefix
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
26 // uint32 wrapfd seed
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
27 // ... to be extended later
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
28 // [bytes] ssh input stream
1377
d4cc85e6c569 rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents: 1364
diff changeset
29
1384
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
30 // be careful to avoid triggering buffer.c assertions
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
31 if (fuzz.input->len < 8) {
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
32 return 0;
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
33 }
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
34 size_t prefix_size = buf_getint(fuzz.input);
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
35 if (prefix_size != 4) {
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
36 return 0;
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
37 }
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
38 uint32_t wrapseed = buf_getint(fuzz.input);
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
39 wrapfd_setseed(wrapseed);
1377
d4cc85e6c569 rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents: 1364
diff changeset
40
1383
f03cfe9c76ac Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents: 1378
diff changeset
41 int fakesock = 20;
1356
3677a510f545 add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
42 wrapfd_add(fakesock, fuzz.input, PLAIN);
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
43
1361
f9f930e1a516 add dbmalloc epoch cleanup
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
44 m_malloc_set_epoch(1);
1385
6c92e97553f1 Add a flag whether to longjmp, missed that last commit
Matt Johnston <matt@ucc.asn.au>
parents: 1384
diff changeset
45 // XXX temporarily disable setjmp to debug asan segv
1384
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
46 svr_session(fakesock, fakesock);
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
47 #if 0
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 if (setjmp(fuzz.jmp) == 0) {
1356
3677a510f545 add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
49 svr_session(fakesock, fakesock);
1384
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
50 m_malloc_free_epoch(1, 0);
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
51 } else {
1378
7209a6e30932 linked list dbmalloc now
Matt Johnston <matt@ucc.asn.au>
parents: 1377
diff changeset
52 m_malloc_free_epoch(1, 1);
1357
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1356
diff changeset
53 TRACE(("dropbear_exit longjmped"))
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
54 // dropbear_exit jumped here
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55 }
1384
ecdd4e8ae427 don't longjmp for fuzzer-preauth (temporary to debug asan)
Matt Johnston <matt@ucc.asn.au>
parents: 1383
diff changeset
56 #endif
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
57
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
58 return 0;
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59 }