Mercurial > dropbear
annotate fuzz-common.c @ 1659:d32bcb5c557d
Add Ed25519 support (#91)
* Add support for Ed25519 as a public key type
Ed25519 is a elliptic curve signature scheme that offers
better security than ECDSA and DSA and good performance. It may be
used for both user and host keys.
OpenSSH key import and fuzzer are not supported yet.
Initially inspired by Peter Szabo.
* Add curve25519 and ed25519 fuzzers
* Add import and export of Ed25519 keys
| author | Vladislav Grishenko <themiron@users.noreply.github.com> |
|---|---|
| date | Wed, 11 Mar 2020 21:09:45 +0500 |
| parents | 35af85194268 |
| children | 1051e4eea25a |
| rev | line source |
|---|---|
| 1348 | 1 #include "includes.h" |
| 2 | |
| 3 #include "includes.h" | |
| 4 #include "fuzz.h" | |
| 5 #include "dbutil.h" | |
| 6 #include "runopts.h" | |
| 1353 | 7 #include "crypto_desc.h" |
| 8 #include "session.h" | |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
9 #include "dbrandom.h" |
| 1457 | 10 #include "bignum.h" |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
11 #include "fuzz-wrapfd.h" |
| 1348 | 12 |
| 13 struct dropbear_fuzz_options fuzz; | |
| 14 | |
|
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
15 static void fuzz_dropbear_log(int UNUSED(priority), const char* format, va_list param); |
| 1348 | 16 static void load_fixed_hostkeys(void); |
| 17 | |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
18 void fuzz_common_setup(void) { |
| 1348 | 19 fuzz.fuzzing = 1; |
| 1357 | 20 fuzz.wrapfds = 1; |
|
1385
6c92e97553f1
Add a flag whether to longjmp, missed that last commit
Matt Johnston <matt@ucc.asn.au>
parents:
1383
diff
changeset
|
21 fuzz.do_jmp = 1; |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
22 fuzz.input = m_malloc(sizeof(buffer)); |
|
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
23 _dropbear_log = fuzz_dropbear_log; |
| 1350 | 24 crypto_init(); |
|
1589
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
25 fuzz_seed(); |
|
1529
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1457
diff
changeset
|
26 /* let any messages get flushed */ |
|
66a1a2547133
The fuzzer has managed to generated DSS key/signature pairs that
Matt Johnston <matt@ucc.asn.au>
parents:
1457
diff
changeset
|
27 setlinebuf(stdout); |
| 1348 | 28 } |
| 29 | |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
30 int fuzz_set_input(const uint8_t *Data, size_t Size) { |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
31 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
32 fuzz.input->data = (unsigned char*)Data; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
33 fuzz.input->size = Size; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
34 fuzz.input->len = Size; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
35 fuzz.input->pos = 0; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
36 |
|
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
37 memset(&ses, 0x0, sizeof(ses)); |
|
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
38 memset(&svr_ses, 0x0, sizeof(svr_ses)); |
|
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1373
diff
changeset
|
39 wrapfd_setup(); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
40 |
| 1369 | 41 fuzz_seed(); |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
42 |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
43 return DROPBEAR_SUCCESS; |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
44 } |
|
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
45 |
|
1558
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
46 #if DEBUG_TRACE |
|
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
47 static void fuzz_dropbear_log(int UNUSED(priority), const char* format, va_list param) { |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
48 if (debug_trace) { |
|
1558
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
49 char printbuf[1024]; |
|
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
50 vsnprintf(printbuf, sizeof(printbuf), format, param); |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
51 fprintf(stderr, "%s\n", printbuf); |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
52 } |
|
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
53 } |
|
1558
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
54 #else |
|
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
55 static void fuzz_dropbear_log(int UNUSED(priority), const char* UNUSED(format), va_list UNUSED(param)) { |
|
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
56 /* No print */ |
|
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
57 } |
|
2f64cb3d3007
- #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents:
1529
diff
changeset
|
58 #endif /* DEBUG_TRACE */ |
|
1356
3677a510f545
add wrapfd. improve fuzzer in makefile
Matt Johnston <matt@ucc.asn.au>
parents:
1353
diff
changeset
|
59 |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
60 void fuzz_svr_setup(void) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
61 fuzz_common_setup(); |
| 1353 | 62 |
| 63 _dropbear_exit = svr_dropbear_exit; | |
| 1348 | 64 |
| 65 char *argv[] = { | |
| 66 "-E", | |
| 67 }; | |
| 68 | |
| 69 int argc = sizeof(argv) / sizeof(*argv); | |
| 70 svr_getopts(argc, argv); | |
| 71 | |
| 72 /* user lookups might be slow, cache it */ | |
|
1386
f0990c284663
fuzzer-preauth don't call getpwnam(), bring back longjmp
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
73 fuzz.pw_name = m_strdup("person"); |
|
f0990c284663
fuzzer-preauth don't call getpwnam(), bring back longjmp
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
74 fuzz.pw_dir = m_strdup("/tmp"); |
|
f0990c284663
fuzzer-preauth don't call getpwnam(), bring back longjmp
Matt Johnston <matt@ucc.asn.au>
parents:
1385
diff
changeset
|
75 fuzz.pw_shell = m_strdup("/bin/zsh"); |
| 1348 | 76 fuzz.pw_passwd = m_strdup("!!zzznope"); |
| 77 | |
| 78 load_fixed_hostkeys(); | |
| 79 } | |
| 80 | |
| 81 static void load_fixed_hostkeys(void) { | |
| 82 #include "fuzz-hostkeys.c" | |
| 83 | |
| 84 buffer *b = buf_new(3000); | |
| 85 enum signkey_type type; | |
| 86 | |
| 87 TRACE(("load fixed hostkeys")) | |
| 88 | |
| 89 svr_opts.hostkey = new_sign_key(); | |
| 90 | |
| 91 buf_setlen(b, 0); | |
| 92 buf_putbytes(b, keyr, keyr_len); | |
| 93 buf_setpos(b, 0); | |
| 94 type = DROPBEAR_SIGNKEY_RSA; | |
| 95 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
| 96 dropbear_exit("failed fixed rsa hostkey"); | |
| 97 } | |
| 98 | |
| 99 buf_setlen(b, 0); | |
| 100 buf_putbytes(b, keyd, keyd_len); | |
| 101 buf_setpos(b, 0); | |
| 102 type = DROPBEAR_SIGNKEY_DSS; | |
| 103 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
| 104 dropbear_exit("failed fixed dss hostkey"); | |
| 105 } | |
| 106 | |
| 107 buf_setlen(b, 0); | |
| 108 buf_putbytes(b, keye, keye_len); | |
| 109 buf_setpos(b, 0); | |
| 110 type = DROPBEAR_SIGNKEY_ECDSA_NISTP256; | |
| 111 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { | |
| 112 dropbear_exit("failed fixed ecdsa hostkey"); | |
| 113 } | |
| 114 | |
|
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1589
diff
changeset
|
115 buf_setlen(b, 0); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1589
diff
changeset
|
116 buf_putbytes(b, keyed25519, keyed25519_len); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1589
diff
changeset
|
117 buf_setpos(b, 0); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1589
diff
changeset
|
118 type = DROPBEAR_SIGNKEY_ED25519; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1589
diff
changeset
|
119 if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1589
diff
changeset
|
120 dropbear_exit("failed fixed ed25519 hostkey"); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1589
diff
changeset
|
121 } |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1589
diff
changeset
|
122 |
| 1348 | 123 buf_free(b); |
| 124 } | |
| 125 | |
| 1357 | 126 void fuzz_kex_fakealgos(void) { |
| 127 ses.newkeys->recv.crypt_mode = &dropbear_mode_none; | |
| 128 } | |
|
1383
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
129 |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
130 void fuzz_get_socket_address(int UNUSED(fd), char **local_host, char **local_port, |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
131 char **remote_host, char **remote_port, int UNUSED(host_lookup)) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
132 if (local_host) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
133 *local_host = m_strdup("fuzzlocalhost"); |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
134 } |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
135 if (local_port) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
136 *local_port = m_strdup("1234"); |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
137 } |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
138 if (remote_host) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
139 *remote_host = m_strdup("fuzzremotehost"); |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
140 } |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
141 if (remote_port) { |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
142 *remote_port = m_strdup("9876"); |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
143 } |
|
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1377
diff
changeset
|
144 } |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
145 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
146 /* cut down version of svr_send_msg_kexdh_reply() that skips slow maths. Still populates structures */ |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
147 void fuzz_fake_send_kexdh_reply(void) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
148 assert(!ses.dh_K); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
149 m_mp_alloc_init_multi(&ses.dh_K, NULL); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
150 mp_set_int(ses.dh_K, 12345678); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
151 finish_kexhashbuf(); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
152 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
153 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
154 int fuzz_run_preauth(const uint8_t *Data, size_t Size, int skip_kexmaths) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
155 static int once = 0; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
156 if (!once) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
157 fuzz_svr_setup(); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
158 fuzz.skip_kexmaths = skip_kexmaths; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
159 once = 1; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
160 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
161 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
162 if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
163 return 0; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
164 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
165 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
166 /* |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
167 get prefix. input format is |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
168 string prefix |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
169 uint32 wrapfd seed |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
170 ... to be extended later |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
171 [bytes] ssh input stream |
|
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
172 */ |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
173 |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
174 /* be careful to avoid triggering buffer.c assertions */ |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
175 if (fuzz.input->len < 8) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
176 return 0; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
177 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
178 size_t prefix_size = buf_getint(fuzz.input); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
179 if (prefix_size != 4) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
180 return 0; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
181 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
182 uint32_t wrapseed = buf_getint(fuzz.input); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
183 wrapfd_setseed(wrapseed); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
184 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
185 int fakesock = 20; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
186 wrapfd_add(fakesock, fuzz.input, PLAIN); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
187 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
188 m_malloc_set_epoch(1); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
189 if (setjmp(fuzz.jmp) == 0) { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
190 svr_session(fakesock, fakesock); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
191 m_malloc_free_epoch(1, 0); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
192 } else { |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
193 m_malloc_free_epoch(1, 1); |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
194 TRACE(("dropbear_exit longjmped")) |
|
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1558
diff
changeset
|
195 /* dropbear_exit jumped here */ |
|
1456
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
196 } |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
197 |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
198 return 0; |
|
a90fdd2d2ed8
add fuzzer-preauth_nomaths
Matt Johnston <matt@ucc.asn.au>
parents:
1386
diff
changeset
|
199 } |
|
1589
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
200 |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
201 const void* fuzz_get_algo(const algo_type *algos, const char* name) { |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
202 const algo_type *t; |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
203 for (t = algos; t->name; t++) { |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
204 if (strcmp(t->name, name) == 0) { |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
205 return t->data; |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
206 } |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
207 } |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
208 assert(0); |
|
35af85194268
Add kexdh and kexecdh fuzzers
Matt Johnston <matt@ucc.asn.au>
parents:
1559
diff
changeset
|
209 } |