comparison fuzzer-kexecdh.c @ 1606:98d2b125eb89

kexhashbuf was much to small in kex fuzzers
author Matt Johnston <matt@ucc.asn.au>
date Thu, 08 Mar 2018 23:23:19 +0800
parents 4fe7cc9e45eb
children a57822db3eac
comparison
equal deleted inserted replaced
1605:bff41a61a1b6 1606:98d2b125eb89
58 unsigned int e = buf_getint(fuzz.input); 58 unsigned int e = buf_getint(fuzz.input);
59 struct kex_ecdh_param *ecdh_param = ecdh_params[e % NUM_PARAMS]; 59 struct kex_ecdh_param *ecdh_param = ecdh_params[e % NUM_PARAMS];
60 60
61 buffer * ecdh_qs = buf_getstringbuf(fuzz.input); 61 buffer * ecdh_qs = buf_getstringbuf(fuzz.input);
62 62
63 ses.kexhashbuf = buf_new(4); 63 ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
64 buf_putint(ses.kexhashbuf, 12345);
65 kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey); 64 kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey);
66 65
67 /* kexhashbuf is freed in kexdh_comb_key */ 66 /* kexhashbuf is freed in kexdh_comb_key */
68 m_free(ses.dh_K); 67 m_free(ses.dh_K);
69 buf_free(ecdh_qs); 68 buf_free(ecdh_qs);