Mercurial > dropbear
comparison fuzzer-kexdh.c @ 1606:98d2b125eb89
kexhashbuf was much to small in kex fuzzers
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 08 Mar 2018 23:23:19 +0800 |
| parents | b711a8256919 |
| children | a57822db3eac |
comparison
equal
deleted
inserted
replaced
| 1605:bff41a61a1b6 | 1606:98d2b125eb89 |
|---|---|
| 52 m_mp_init(&dh_e); | 52 m_mp_init(&dh_e); |
| 53 if (buf_getmpint(fuzz.input, &dh_e) != DROPBEAR_SUCCESS) { | 53 if (buf_getmpint(fuzz.input, &dh_e) != DROPBEAR_SUCCESS) { |
| 54 dropbear_exit("Bad kex value"); | 54 dropbear_exit("Bad kex value"); |
| 55 } | 55 } |
| 56 | 56 |
| 57 ses.kexhashbuf = buf_new(4); | 57 ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS); |
| 58 buf_putint(ses.kexhashbuf, 12345); | |
| 59 kexdh_comb_key(dh_param, &dh_e, svr_opts.hostkey); | 58 kexdh_comb_key(dh_param, &dh_e, svr_opts.hostkey); |
| 60 | 59 |
| 61 /* kexhashbuf is freed in kexdh_comb_key */ | 60 /* kexhashbuf is freed in kexdh_comb_key */ |
| 62 m_free(ses.dh_K); | 61 m_free(ses.dh_K); |
| 63 mp_clear(&dh_e); | 62 mp_clear(&dh_e); |