comparison fuzzer-preauth.c @ 1456:a90fdd2d2ed8 fuzz

add fuzzer-preauth_nomaths
author Matt Johnston <matt@ucc.asn.au>
date Tue, 23 Jan 2018 23:05:47 +0800
parents f0990c284663
children
comparison
equal deleted inserted replaced
1455:4afde04f0607 1456:a90fdd2d2ed8
1 #include "fuzz.h" 1 #include "fuzz.h"
2 #include "session.h"
3 #include "fuzz-wrapfd.h"
4 #include "debug.h"
5 2
6 static void setup_fuzzer(void) { 3 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
7 svr_setup_fuzzer(); 4 return fuzz_run_preauth(Data, Size, 0);
8 //debug_trace = 1;
9 } 5 }
10 6
11 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
12 static int once = 0;
13 if (!once) {
14 setup_fuzzer();
15 once = 1;
16 }
17
18 if (fuzzer_set_input(Data, Size) == DROPBEAR_FAILURE) {
19 return 0;
20 }
21
22 // get prefix. input format is
23 // string prefix
24 // uint32 wrapfd seed
25 // ... to be extended later
26 // [bytes] ssh input stream
27
28 // be careful to avoid triggering buffer.c assertions
29 if (fuzz.input->len < 8) {
30 return 0;
31 }
32 size_t prefix_size = buf_getint(fuzz.input);
33 if (prefix_size != 4) {
34 return 0;
35 }
36 uint32_t wrapseed = buf_getint(fuzz.input);
37 wrapfd_setseed(wrapseed);
38
39 int fakesock = 20;
40 wrapfd_add(fakesock, fuzz.input, PLAIN);
41
42 m_malloc_set_epoch(1);
43 if (setjmp(fuzz.jmp) == 0) {
44 svr_session(fakesock, fakesock);
45 m_malloc_free_epoch(1, 0);
46 } else {
47 m_malloc_free_epoch(1, 1);
48 TRACE(("dropbear_exit longjmped"))
49 // dropbear_exit jumped here
50 }
51
52 return 0;
53 }