Mercurial > dropbear
diff packet.c @ 1357:08f4fa4dc6a0 fuzz
closer to working
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sat, 20 May 2017 13:23:16 +0800 |
| parents | 5c2899e35b63 |
| children | 27e65d3aed5f |
line wrap: on
line diff
--- a/packet.c Fri May 19 00:48:46 2017 +0800 +++ b/packet.c Sat May 20 13:23:16 2017 +0800 @@ -36,7 +36,6 @@ #include "channel.h" #include "netio.h" #include "runopts.h" -#include "fuzz.h" static int read_packet_init(void); static void make_mac(unsigned int seqno, const struct key_context_directional * key_state, @@ -371,6 +370,17 @@ buf_setpos(ses.readbuf, 0); make_mac(ses.recvseq, &ses.keys->recv, ses.readbuf, contents_len, mac_bytes); +#ifdef DROPBEAR_FUZZ + if (fuzz.fuzzing) { + // fail 1 in 1000 times to test error path + unsigned int value = *((unsigned int*)&mac_bytes); + if (value % 1000 == 0) { + return DROPBEAR_FAILURE; + } + return DROPBEAR_SUCCESS; + } +#endif + /* compare the hash */ buf_setpos(ses.readbuf, contents_len); if (constant_time_memcmp(mac_bytes, buf_getptr(ses.readbuf, mac_size), mac_size) != 0) {