Mercurial > dropbear

comparison fuzzer-preauth.c @ 1384:ecdd4e8ae427 fuzz

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
don't longjmp for fuzzer-preauth (temporary to debug asan)
author Matt Johnston <matt@ucc.asn.au>
date Tue, 30 May 2017 22:50:52 +0800
parents f03cfe9c76ac
children 6c92e97553f1
comparison
equal deleted inserted replaced
1383:f03cfe9c76ac 1384:ecdd4e8ae427
17 17
18 if (fuzzer_set_input(Data, Size) == DROPBEAR_FAILURE) { 18 if (fuzzer_set_input(Data, Size) == DROPBEAR_FAILURE) {
19 return 0; 19 return 0;
20 } 20 }
21 21
22 // get prefix. input format is 22 // get prefix. input format is
23 // string prefix 23 // string prefix
24 // uint32 wrapfd seed 24 // uint32 wrapfd seed
25 // ... to be extended later 25 // ... to be extended later
26 // [bytes] ssh input stream 26 // [bytes] ssh input stream
27 27
28 // be careful to avoid triggering buffer.c assertions 28 // be careful to avoid triggering buffer.c assertions
29 if (fuzz.input->len < 8) { 29 if (fuzz.input->len < 8) {
30 return 0; 30 return 0;
31 } 31 }
32 size_t prefix_size = buf_getint(fuzz.input); 32 size_t prefix_size = buf_getint(fuzz.input);
33 if (prefix_size != 4) { 33 if (prefix_size != 4) {
34 return 0; 34 return 0;
35 } 35 }
36 uint32_t wrapseed = buf_getint(fuzz.input); 36 uint32_t wrapseed = buf_getint(fuzz.input);
37 wrapfd_setseed(wrapseed); 37 wrapfd_setseed(wrapseed);
38 38
39 int fakesock = 20; 39 int fakesock = 20;
40 wrapfd_add(fakesock, fuzz.input, PLAIN); 40 wrapfd_add(fakesock, fuzz.input, PLAIN);
41 41
42 m_malloc_set_epoch(1); 42 m_malloc_set_epoch(1);
43 // temporarily disable setjmp to debug asan segv
44 svr_session(fakesock, fakesock);
45 #if 0
43 if (setjmp(fuzz.jmp) == 0) { 46 if (setjmp(fuzz.jmp) == 0) {
44 svr_session(fakesock, fakesock); 47 svr_session(fakesock, fakesock);
45 m_malloc_free_epoch(1, 0); 48 m_malloc_free_epoch(1, 0);
46 } else { 49 } else {
47 m_malloc_free_epoch(1, 1); 50 m_malloc_free_epoch(1, 1);
48 TRACE(("dropbear_exit longjmped")) 51 TRACE(("dropbear_exit longjmped"))
49 // dropbear_exit jumped here 52 // dropbear_exit jumped here
50 } 53 }
54 #endif
51 55
52 return 0; 56 return 0;
53 } 57 }