Mercurial > dropbear
comparison fuzzer-pubkey.c @ 1369:ddfcadca3c4c fuzz
fuzzer-pubkey
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 23 May 2017 22:43:34 +0800 |
| parents | |
| children | d4cc85e6c569 |
comparison
equal
deleted
inserted
replaced
| 1368:10df23099071 | 1369:ddfcadca3c4c |
|---|---|
| 1 #include "fuzz.h" | |
| 2 #include "session.h" | |
| 3 #include "fuzz-wrapfd.h" | |
| 4 #include "debug.h" | |
| 5 | |
| 6 static void setup_fuzzer(void) { | |
| 7 common_setup_fuzzer(); | |
| 8 } | |
| 9 | |
| 10 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { | |
| 11 static int once = 0; | |
| 12 if (!once) { | |
| 13 setup_fuzzer(); | |
| 14 once = 1; | |
| 15 } | |
| 16 | |
| 17 m_malloc_set_epoch(1); | |
| 18 | |
| 19 fuzz_seed(); | |
| 20 fuzz.input->data = (unsigned char*)Data; | |
| 21 fuzz.input->len = Size; | |
| 22 fuzz.input->size = Size; | |
| 23 fuzz.input->pos = 0; | |
| 24 | |
| 25 if (Size < 4) { | |
| 26 return 0; | |
| 27 } | |
| 28 | |
| 29 // choose a keytype based on input | |
| 30 uint8_t b = 0; | |
| 31 size_t i; | |
| 32 for (i = 0; i < Size; i++) { | |
| 33 b ^= Data[i]; | |
| 34 } | |
| 35 const char* algoname = fuzz_signkey_names[b%DROPBEAR_SIGNKEY_NUM_NAMED]; | |
| 36 const char* keyblob = "fakekeyblob"; | |
| 37 | |
| 38 if (setjmp(fuzz.jmp) == 0) { | |
| 39 fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys", | |
| 40 algoname, strlen(algoname), | |
| 41 keyblob, strlen(keyblob)); | |
| 42 } else { | |
| 43 m_malloc_free_epoch(1); | |
| 44 TRACE(("dropbear_exit longjmped")) | |
| 45 // dropbear_exit jumped here | |
| 46 } | |
| 47 | |
| 48 return 0; | |
| 49 } |