Mercurial > dropbear
comparison fuzz/fuzzer-pubkey.c @ 1756:d5680e12ac33
Move fuzzing code to fuzz/ subdirectory, improve Makefile.in
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 23 Oct 2020 23:10:20 +0800 |
| parents | fuzzer-pubkey.c@ba6fc7afe1c5 |
| children | 97ad26e397a5 |
comparison
equal
deleted
inserted
replaced
| 1753:7c0fcd19e492 | 1756:d5680e12ac33 |
|---|---|
| 1 #include "fuzz.h" | |
| 2 #include "session.h" | |
| 3 #include "fuzz-wrapfd.h" | |
| 4 #include "debug.h" | |
| 5 | |
| 6 static void setup_fuzzer(void) { | |
| 7 fuzz_common_setup(); | |
| 8 } | |
| 9 | |
| 10 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { | |
| 11 static int once = 0; | |
| 12 if (!once) { | |
| 13 setup_fuzzer(); | |
| 14 once = 1; | |
| 15 } | |
| 16 | |
| 17 if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { | |
| 18 return 0; | |
| 19 } | |
| 20 | |
| 21 m_malloc_set_epoch(1); | |
| 22 | |
| 23 if (setjmp(fuzz.jmp) == 0) { | |
| 24 buffer *line = buf_getstringbuf(fuzz.input); | |
| 25 buffer *keyblob = buf_getstringbuf(fuzz.input); | |
| 26 | |
| 27 unsigned int algolen; | |
| 28 char* algoname = buf_getstring(keyblob, &algolen); | |
| 29 | |
| 30 if (signature_type_from_name(algoname, algolen) == DROPBEAR_SIGNKEY_NONE) { | |
| 31 dropbear_exit("fuzzer imagined a bogus algorithm"); | |
| 32 } | |
| 33 | |
| 34 int ret = fuzz_checkpubkey_line(line, 5, "/home/me/authorized_keys", | |
| 35 algoname, algolen, | |
| 36 keyblob->data, keyblob->len); | |
| 37 | |
| 38 if (ret == DROPBEAR_SUCCESS) { | |
| 39 /* fuzz_checkpubkey_line() should have cleaned up for failure */ | |
| 40 svr_pubkey_options_cleanup(); | |
| 41 } | |
| 42 | |
| 43 buf_free(line); | |
| 44 buf_free(keyblob); | |
| 45 m_free(algoname); | |
| 46 m_malloc_free_epoch(1, 0); | |
| 47 } else { | |
| 48 m_malloc_free_epoch(1, 1); | |
| 49 TRACE(("dropbear_exit longjmped")) | |
| 50 /* dropbear_exit jumped here */ | |
| 51 } | |
| 52 | |
| 53 return 0; | |
| 54 } |