Mercurial > dropbear
comparison fuzzer-preauth.c @ 1456:a90fdd2d2ed8 fuzz
add fuzzer-preauth_nomaths
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Tue, 23 Jan 2018 23:05:47 +0800 |
parents | f0990c284663 |
children |
comparison
equal
deleted
inserted
replaced
1455:4afde04f0607 | 1456:a90fdd2d2ed8 |
---|---|
1 #include "fuzz.h" | 1 #include "fuzz.h" |
2 #include "session.h" | |
3 #include "fuzz-wrapfd.h" | |
4 #include "debug.h" | |
5 | 2 |
6 static void setup_fuzzer(void) { | 3 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { |
7 svr_setup_fuzzer(); | 4 return fuzz_run_preauth(Data, Size, 0); |
8 //debug_trace = 1; | |
9 } | 5 } |
10 | 6 |
11 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { | |
12 static int once = 0; | |
13 if (!once) { | |
14 setup_fuzzer(); | |
15 once = 1; | |
16 } | |
17 | |
18 if (fuzzer_set_input(Data, Size) == DROPBEAR_FAILURE) { | |
19 return 0; | |
20 } | |
21 | |
22 // get prefix. input format is | |
23 // string prefix | |
24 // uint32 wrapfd seed | |
25 // ... to be extended later | |
26 // [bytes] ssh input stream | |
27 | |
28 // be careful to avoid triggering buffer.c assertions | |
29 if (fuzz.input->len < 8) { | |
30 return 0; | |
31 } | |
32 size_t prefix_size = buf_getint(fuzz.input); | |
33 if (prefix_size != 4) { | |
34 return 0; | |
35 } | |
36 uint32_t wrapseed = buf_getint(fuzz.input); | |
37 wrapfd_setseed(wrapseed); | |
38 | |
39 int fakesock = 20; | |
40 wrapfd_add(fakesock, fuzz.input, PLAIN); | |
41 | |
42 m_malloc_set_epoch(1); | |
43 if (setjmp(fuzz.jmp) == 0) { | |
44 svr_session(fakesock, fakesock); | |
45 m_malloc_free_epoch(1, 0); | |
46 } else { | |
47 m_malloc_free_epoch(1, 1); | |
48 TRACE(("dropbear_exit longjmped")) | |
49 // dropbear_exit jumped here | |
50 } | |
51 | |
52 return 0; | |
53 } |