Mercurial > dropbear
annotate fuzz-common.c @ 1666:c148e7afa0d1
Handle early exit when addrstring isn't set
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 18 Mar 2020 23:37:45 +0800 |
| parents | d32bcb5c557d |
| children | 1051e4eea25a |
| rev | line source |
|---|---|
| 1348 | 1 #include "includes.h" |
| 2 | |
| 3 #include "includes.h" | |
| 4 #include "fuzz.h" | |
| 5 #include "dbutil.h" | |
| 6 #include "runopts.h" | |
| 1353 | 7 #include "crypto_desc.h" |
| 8 #include "session.h" | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
9 #include "dbrandom.h" |
| 1457 | 10 #include "bignum.h" |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
11 #include "fuzz-wrapfd.h" |
| 1348 | 12 |
| 13 struct dropbear_fuzz_options fuzz; | |
| 14 | |
|
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
15 static void fuzz_dropbear_log(int UNUSED(priority), const char* format, va_list param); |
| 1348 | 16 static void load_fixed_hostkeys(void); |
| 17 | |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
18 void fuzz_common_setup(void) { |
| 1348 | 19 fuzz.fuzzing = 1; |
| 1357 | 20 fuzz.wrapfds = 1; |
|
1385
6c92e97553f1
Add a flag whether to longjmp, missed that last commit
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
21 fuzz.do_jmp = 1; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
22 fuzz.input = m_malloc(sizeof(buffer)); |
|
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
23 _dropbear_log = fuzz_dropbear_log; |
| 1350 | 24 crypto_init(); |
|
1589
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
25 fuzz_seed(); |
|
1529
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1457
diff
changeset
|
26 /* let any messages get flushed */ |
|
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1457
diff
changeset
|
27 setlinebuf(stdout); |
| 1348 | 28 } |
| 29 | |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
30 int fuzz_set_input(const uint8_t *Data, size_t Size) { |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
31 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
32 fuzz.input->data = (unsigned char*)Data; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
33 fuzz.input->size = Size; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
34 fuzz.input->len = Size; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
35 fuzz.input->pos = 0; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
36 |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
37 memset(&ses, 0x0, sizeof(ses)); |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
38 memset(&svr_ses, 0x0, sizeof(svr_ses)); |
|
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1373
diff
changeset
|
39 wrapfd_setup(); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
40 |
| 1369 | 41 fuzz_seed(); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
42 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
43 return DROPBEAR_SUCCESS; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
44 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
45 |
|
1558
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
46 #if DEBUG_TRACE |
|
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
47 static void fuzz_dropbear_log(int UNUSED(priority), const char* format, va_list param) { |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
48 if (debug_trace) { |
|
1558
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
49 char printbuf[1024]; |
|
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
50 vsnprintf(printbuf, sizeof(printbuf), format, param); |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
51 fprintf(stderr, "%s\n", printbuf); |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
52 } |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
53 } |
|
1558
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
54 #else |
|
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
55 static void fuzz_dropbear_log(int UNUSED(priority), const char* UNUSED(format), va_list UNUSED(param)) { |
|
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
56 /* No print */ |
|
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
57 } |
|
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
58 #endif /* DEBUG_TRACE */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
59 |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
60 void fuzz_svr_setup(void) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
61 fuzz_common_setup(); |
| 1353 | 62 |
| 63 _dropbear_exit = svr_dropbear_exit; | |
| 1348 | 64 |
| 65 char *argv[] = { | |
| 66 "-E", | |
| 67 }; | |
| 68 | |
| 69 int argc = sizeof(argv) / sizeof(*argv); | |
| 70 svr_getopts(argc, argv); | |
| 71 | |
| 72 /* user lookups might be slow, cache it */ | |
|
1386
f0990c284663
fuzzer-preauth don't call getpwnam(), bring back longjmp
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
73 fuzz.pw_name = m_strdup("person"); |
|
f0990c284663
fuzzer-preauth don't call getpwnam(), bring back longjmp
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
74 fuzz.pw_dir = m_strdup("/tmp"); |
|
f0990c284663
fuzzer-preauth don't call getpwnam(), bring back longjmp
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
75 fuzz.pw_shell = m_strdup("/bin/zsh"); |
| 1348 | 76 fuzz.pw_passwd = m_strdup("!!zzznope"); |
| 77 | |
| 78 load_fixed_hostkeys(); | |
| 79 } | |
| 80 | |
| 81 static void load_fixed_hostkeys(void) { | |
| 82 #include "fuzz-hostkeys.c" | |
| 83 | |
| 84 buffer *b = buf_new(3000); | |
| 85 enum signkey_type type; | |
| 86 | |
| 87 TRACE(("load fixed hostkeys")) | |
| 88 | |
| 89 svr_opts.hostkey = new_sign_key(); | |
| 90 | |
| 91 buf_setlen(b, 0); | |
| 92 buf_putbytes(b, keyr, keyr_len); | |
| 93 buf_setpos(b, 0); | |
| 94 type = DROPBEAR_SIGNKEY_RSA; | |
| 95 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
| 96 dropbear_exit("failed fixed rsa hostkey"); | |
| 97 } | |
| 98 | |
| 99 buf_setlen(b, 0); | |
| 100 buf_putbytes(b, keyd, keyd_len); | |
| 101 buf_setpos(b, 0); | |
| 102 type = DROPBEAR_SIGNKEY_DSS; | |
| 103 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
| 104 dropbear_exit("failed fixed dss hostkey"); | |
| 105 } | |
| 106 | |
| 107 buf_setlen(b, 0); | |
| 108 buf_putbytes(b, keye, keye_len); | |
| 109 buf_setpos(b, 0); | |
| 110 type = DROPBEAR_SIGNKEY_ECDSA_NISTP256; | |
| 111 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
| 112 dropbear_exit("failed fixed ecdsa hostkey"); | |
| 113 } | |
| 114 | |
|
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1589
diff
changeset
|
115 buf_setlen(b, 0); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1589
diff
changeset
|
116 buf_putbytes(b, keyed25519, keyed25519_len); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1589
diff
changeset
|
117 buf_setpos(b, 0); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1589
diff
changeset
|
118 type = DROPBEAR_SIGNKEY_ED25519; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1589
diff
changeset
|
119 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1589
diff
changeset
|
120 dropbear_exit("failed fixed ed25519 hostkey"); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1589
diff
changeset
|
121 } |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1589
diff
changeset
|
122 |
| 1348 | 123 buf_free(b); |
| 124 } | |
| 125 | |
| 1357 | 126 void fuzz_kex_fakealgos(void) { |
| 127 ses.newkeys->recv.crypt_mode = &dropbear_mode_none; | |
| 128 } | |
|
1383
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
129 |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
130 void fuzz_get_socket_address(int UNUSED(fd), char **local_host, char **local_port, |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
131 char **remote_host, char **remote_port, int UNUSED(host_lookup)) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
132 if (local_host) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
133 *local_host = m_strdup("fuzzlocalhost"); |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
134 } |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
135 if (local_port) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
136 *local_port = m_strdup("1234"); |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
137 } |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
138 if (remote_host) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
139 *remote_host = m_strdup("fuzzremotehost"); |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
140 } |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
141 if (remote_port) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
142 *remote_port = m_strdup("9876"); |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
143 } |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
144 } |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
145 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
146 /* cut down version of svr_send_msg_kexdh_reply() that skips slow maths. Still populates structures */ |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
147 void fuzz_fake_send_kexdh_reply(void) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
148 assert(!ses.dh_K); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
149 m_mp_alloc_init_multi(&ses.dh_K, NULL); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
150 mp_set_int(ses.dh_K, 12345678); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
151 finish_kexhashbuf(); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
152 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
153 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
154 int fuzz_run_preauth(const uint8_t *Data, size_t Size, int skip_kexmaths) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
155 static int once = 0; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
156 if (!once) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
157 fuzz_svr_setup(); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
158 fuzz.skip_kexmaths = skip_kexmaths; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
159 once = 1; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
160 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
161 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
162 if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
163 return 0; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
164 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
165 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
166 /* |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
167 get prefix. input format is |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
168 string prefix |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
169 uint32 wrapfd seed |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
170 ... to be extended later |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
171 [bytes] ssh input stream |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
172 */ |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
173 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
174 /* be careful to avoid triggering buffer.c assertions */ |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
175 if (fuzz.input->len < 8) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
176 return 0; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
177 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
178 size_t prefix_size = buf_getint(fuzz.input); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
179 if (prefix_size != 4) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
180 return 0; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
181 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
182 uint32_t wrapseed = buf_getint(fuzz.input); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
183 wrapfd_setseed(wrapseed); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
184 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
185 int fakesock = 20; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
186 wrapfd_add(fakesock, fuzz.input, PLAIN); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
187 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
188 m_malloc_set_epoch(1); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
189 if (setjmp(fuzz.jmp) == 0) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
190 svr_session(fakesock, fakesock); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
191 m_malloc_free_epoch(1, 0); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
192 } else { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
193 m_malloc_free_epoch(1, 1); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
194 TRACE(("dropbear_exit longjmped")) |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
195 /* dropbear_exit jumped here */ |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
196 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
197 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
198 return 0; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
199 } |
|
1589
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
200 |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
201 const void* fuzz_get_algo(const algo_type *algos, const char* name) { |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
202 const algo_type *t; |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
203 for (t = algos; t->name; t++) { |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
204 if (strcmp(t->name, name) == 0) { |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
205 return t->data; |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
206 } |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
207 } |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
208 assert(0); |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
209 } |