Mercurial > dropbear
comparison packet.c @ 1597:8f7b6f75aa58
fix uninitialised memory in fuzzer codepath
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 06 Mar 2018 22:02:19 +0800 |
| parents | 399d8eb961b5 |
| children | a3bb8f8949de |
comparison
equal
deleted
inserted
replaced
| 1596:60fceff95858 | 1597:8f7b6f75aa58 |
|---|---|
| 362 buf_setpos(ses.readbuf, 0); | 362 buf_setpos(ses.readbuf, 0); |
| 363 make_mac(ses.recvseq, &ses.keys->recv, ses.readbuf, contents_len, mac_bytes); | 363 make_mac(ses.recvseq, &ses.keys->recv, ses.readbuf, contents_len, mac_bytes); |
| 364 | 364 |
| 365 #if DROPBEAR_FUZZ | 365 #if DROPBEAR_FUZZ |
| 366 if (fuzz.fuzzing) { | 366 if (fuzz.fuzzing) { |
| 367 /* fail 1 in 2000 times to test error path. | 367 /* fail 1 in 2000 times to test error path. */ |
| 368 note that mac_bytes is all zero prior to kex, so don't test ==0 ! */ | 368 unsigned int value = 0; |
| 369 unsigned int value = *((unsigned int*)&mac_bytes); | 369 if (mac_size > sizeof(value)) { |
| 370 memcpy(&value, mac_bytes, sizeof(value)); | |
| 371 } | |
| 370 if (value % 2000 == 99) { | 372 if (value % 2000 == 99) { |
| 371 return DROPBEAR_FAILURE; | 373 return DROPBEAR_FAILURE; |
| 372 } | 374 } |
| 373 return DROPBEAR_SUCCESS; | 375 return DROPBEAR_SUCCESS; |
| 374 } | 376 } |