Mercurial > dropbear
comparison fuzzer-kexecdh.c @ 1606:98d2b125eb89
kexhashbuf was much to small in kex fuzzers
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 08 Mar 2018 23:23:19 +0800 |
| parents | 4fe7cc9e45eb |
| children | a57822db3eac |
comparison
equal
deleted
inserted
replaced
| 1605:bff41a61a1b6 | 1606:98d2b125eb89 |
|---|---|
| 58 unsigned int e = buf_getint(fuzz.input); | 58 unsigned int e = buf_getint(fuzz.input); |
| 59 struct kex_ecdh_param *ecdh_param = ecdh_params[e % NUM_PARAMS]; | 59 struct kex_ecdh_param *ecdh_param = ecdh_params[e % NUM_PARAMS]; |
| 60 | 60 |
| 61 buffer * ecdh_qs = buf_getstringbuf(fuzz.input); | 61 buffer * ecdh_qs = buf_getstringbuf(fuzz.input); |
| 62 | 62 |
| 63 ses.kexhashbuf = buf_new(4); | 63 ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS); |
| 64 buf_putint(ses.kexhashbuf, 12345); | |
| 65 kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey); | 64 kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey); |
| 66 | 65 |
| 67 /* kexhashbuf is freed in kexdh_comb_key */ | 66 /* kexhashbuf is freed in kexdh_comb_key */ |
| 68 m_free(ses.dh_K); | 67 m_free(ses.dh_K); |
| 69 buf_free(ecdh_qs); | 68 buf_free(ecdh_qs); |