Mercurial > dropbear
comparison fuzzer-pubkey.c @ 1563:1cbb7b3d6703
Merge fuzzing branch
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 28 Feb 2018 22:12:05 +0800 |
| parents | 92c93b4a3646 |
| children | cdfab509c392 |
comparison
equal
deleted
inserted
replaced
| 1560:f5026f7486de | 1563:1cbb7b3d6703 |
|---|---|
| 1 #include "fuzz.h" | |
| 2 #include "session.h" | |
| 3 #include "fuzz-wrapfd.h" | |
| 4 #include "debug.h" | |
| 5 | |
| 6 static void setup_fuzzer(void) { | |
| 7 fuzz_common_setup(); | |
| 8 } | |
| 9 | |
| 10 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { | |
| 11 static int once = 0; | |
| 12 if (!once) { | |
| 13 setup_fuzzer(); | |
| 14 once = 1; | |
| 15 } | |
| 16 | |
| 17 if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { | |
| 18 return 0; | |
| 19 } | |
| 20 | |
| 21 m_malloc_set_epoch(1); | |
| 22 | |
| 23 /* choose a keytype based on input */ | |
| 24 uint8_t b = 0; | |
| 25 size_t i; | |
| 26 for (i = 0; i < Size; i++) { | |
| 27 b ^= Data[i]; | |
| 28 } | |
| 29 const char* algoname = fuzz_signkey_names[b%DROPBEAR_SIGNKEY_NUM_NAMED]; | |
| 30 const char* keyblob = "blob"; /* keep short */ | |
| 31 | |
| 32 if (setjmp(fuzz.jmp) == 0) { | |
| 33 fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys", | |
| 34 algoname, strlen(algoname), | |
| 35 (unsigned char*)keyblob, strlen(keyblob)); | |
| 36 m_malloc_free_epoch(1, 0); | |
| 37 } else { | |
| 38 m_malloc_free_epoch(1, 1); | |
| 39 TRACE(("dropbear_exit longjmped")) | |
| 40 /* dropbear_exit jumped here */ | |
| 41 } | |
| 42 | |
| 43 return 0; | |
| 44 } |