Mercurial > dropbear
annotate fuzzer-pubkey.c @ 1383:f03cfe9c76ac fuzz
Disable setnonblocking(), get_socket_address(), set_sock_priority()
for fuzzing
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 26 May 2017 22:10:51 +0800 |
parents | 7209a6e30932 |
children | a90fdd2d2ed8 |
rev | line source |
---|---|
1369 | 1 #include "fuzz.h" |
2 #include "session.h" | |
3 #include "fuzz-wrapfd.h" | |
4 #include "debug.h" | |
5 | |
6 static void setup_fuzzer(void) { | |
7 common_setup_fuzzer(); | |
8 } | |
9 | |
10 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { | |
11 static int once = 0; | |
12 if (!once) { | |
13 setup_fuzzer(); | |
14 once = 1; | |
15 } | |
16 | |
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
17 if (fuzzer_set_input(Data, Size) == DROPBEAR_FAILURE) { |
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
18 return 0; |
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
19 } |
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
20 |
1369 | 21 m_malloc_set_epoch(1); |
22 | |
1377
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
23 // choose a keytype based on input |
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
24 uint8_t b = 0; |
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
25 size_t i; |
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
26 for (i = 0; i < Size; i++) { |
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
27 b ^= Data[i]; |
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
28 } |
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
29 const char* algoname = fuzz_signkey_names[b%DROPBEAR_SIGNKEY_NUM_NAMED]; |
d4cc85e6c569
rearrange, all fuzzers now call fuzzer_set_input()
Matt Johnston <matt@ucc.asn.au>
parents:
1369
diff
changeset
|
30 const char* keyblob = "blob"; // keep short |
1369 | 31 |
32 if (setjmp(fuzz.jmp) == 0) { | |
33 fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys", | |
34 algoname, strlen(algoname), | |
1383
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1378
diff
changeset
|
35 (unsigned char*)keyblob, strlen(keyblob)); |
f03cfe9c76ac
Disable setnonblocking(), get_socket_address(), set_sock_priority()
Matt Johnston <matt@ucc.asn.au>
parents:
1378
diff
changeset
|
36 m_malloc_free_epoch(1, 0); |
1369 | 37 } else { |
1378 | 38 m_malloc_free_epoch(1, 1); |
1369 | 39 TRACE(("dropbear_exit longjmped")) |
40 // dropbear_exit jumped here | |
41 } | |
42 | |
43 return 0; | |
44 } |