Mercurial > dropbear

comparison packet.c @ 1357:08f4fa4dc6a0 fuzz

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
closer to working
author Matt Johnston <matt@ucc.asn.au>
date Sat, 20 May 2017 13:23:16 +0800
parents 5c2899e35b63
children 27e65d3aed5f
comparison
equal deleted inserted replaced
1356:3677a510f545 1357:08f4fa4dc6a0
34 #include "service.h" 34 #include "service.h"
35 #include "auth.h" 35 #include "auth.h"
36 #include "channel.h" 36 #include "channel.h"
37 #include "netio.h" 37 #include "netio.h"
38 #include "runopts.h" 38 #include "runopts.h"
39 #include "fuzz.h"
40 39
41 static int read_packet_init(void); 40 static int read_packet_init(void);
42 static void make_mac(unsigned int seqno, const struct key_context_directional * key_state, 41 static void make_mac(unsigned int seqno, const struct key_context_directional * key_state,
43 buffer * clear_buf, unsigned int clear_len, 42 buffer * clear_buf, unsigned int clear_len,
44 unsigned char *output_mac); 43 unsigned char *output_mac);
368 mac_size = ses.keys->recv.algo_mac->hashsize; 367 mac_size = ses.keys->recv.algo_mac->hashsize;
369 contents_len = ses.readbuf->len - mac_size; 368 contents_len = ses.readbuf->len - mac_size;
370 369
371 buf_setpos(ses.readbuf, 0); 370 buf_setpos(ses.readbuf, 0);
372 make_mac(ses.recvseq, &ses.keys->recv, ses.readbuf, contents_len, mac_bytes); 371 make_mac(ses.recvseq, &ses.keys->recv, ses.readbuf, contents_len, mac_bytes);
372
373 #ifdef DROPBEAR_FUZZ
374 if (fuzz.fuzzing) {
375 // fail 1 in 1000 times to test error path
376 unsigned int value = *((unsigned int*)&mac_bytes);
377 if (value % 1000 == 0) {
378 return DROPBEAR_FAILURE;
379 }
380 return DROPBEAR_SUCCESS;
381 }
382 #endif
373 383
374 /* compare the hash */ 384 /* compare the hash */
375 buf_setpos(ses.readbuf, contents_len); 385 buf_setpos(ses.readbuf, contents_len);
376 if (constant_time_memcmp(mac_bytes, buf_getptr(ses.readbuf, mac_size), mac_size) != 0) { 386 if (constant_time_memcmp(mac_bytes, buf_getptr(ses.readbuf, mac_size), mac_size) != 0) {
377 return DROPBEAR_FAILURE; 387 return DROPBEAR_FAILURE;