Mercurial > dropbear

comparison fuzz-common.c @ 1356:3677a510f545 fuzz

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add wrapfd. improve fuzzer in makefile
author Matt Johnston <matt@ucc.asn.au>
date Fri, 19 May 2017 00:48:46 +0800
parents f3c8975de38e
children 08f4fa4dc6a0
comparison
equal deleted inserted replaced
1355:3fdd8c5a0195 1356:3677a510f545
6 #include "fuzz.h" 6 #include "fuzz.h"
7 #include "dbutil.h" 7 #include "dbutil.h"
8 #include "runopts.h" 8 #include "runopts.h"
9 #include "crypto_desc.h" 9 #include "crypto_desc.h"
10 #include "session.h" 10 #include "session.h"
11 #include "dbrandom.h"
12 #include "fuzz-wrapfd.h"
11 13
12 struct dropbear_fuzz_options fuzz; 14 struct dropbear_fuzz_options fuzz;
13 15
14 static void load_fixed_hostkeys(void); 16 static void load_fixed_hostkeys(void);
15 17
16 static void common_setup_fuzzer(void) { 18 static void common_setup_fuzzer(void) {
17 fuzz.fuzzing = 1; 19 fuzz.fuzzing = 1;
20 fuzz.input = m_malloc(sizeof(buffer));
18 crypto_init(); 21 crypto_init();
19 } 22 }
23
24 int fuzzer_set_input(const uint8_t *Data, size_t Size) {
25
26 fuzz.input->data = (unsigned char*)Data;
27 fuzz.input->size = Size;
28 fuzz.input->len = Size;
29 fuzz.input->pos = 0;
30
31 // get prefix. input format is
32 // string prefix
33 // uint32_t seed
34 // ... to be extended later
35 // [bytes] ssh input stream
36
37 // be careful to avoid triggering buffer.c assertions
38 if (fuzz.input->len < 8) {
39 return DROPBEAR_FAILURE;
40 }
41 size_t prefix_size = buf_getint(fuzz.input);
42 if (prefix_size != 4) {
43 return DROPBEAR_FAILURE;
44 }
45 uint32_t wrapseed = buf_getint(fuzz.input);
46 wrapfd_setup(wrapseed);
47
48 seedrandom();
49
50 return DROPBEAR_SUCCESS;
51 }
52
20 53
21 void svr_setup_fuzzer(void) { 54 void svr_setup_fuzzer(void) {
22 struct passwd *pw; 55 struct passwd *pw;
23 56
24 common_setup_fuzzer(); 57 common_setup_fuzzer();