Mercurial > dropbear

diff fuzz-common.c @ 1356:3677a510f545 fuzz

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add wrapfd. improve fuzzer in makefile
author Matt Johnston <matt@ucc.asn.au>
date Fri, 19 May 2017 00:48:46 +0800
parents f3c8975de38e
children 08f4fa4dc6a0
line wrap: on
line diff
--- a/fuzz-common.c	Thu May 18 23:45:10 2017 +0800
+++ b/fuzz-common.c	Fri May 19 00:48:46 2017 +0800
@@ -8,6 +8,8 @@
 #include "runopts.h"
 #include "crypto_desc.h"
 #include "session.h"
+#include "dbrandom.h"
+#include "fuzz-wrapfd.h"
 
 struct dropbear_fuzz_options fuzz;
 
@@ -15,9 +17,40 @@
 
 static void common_setup_fuzzer(void) {
     fuzz.fuzzing = 1;
+    fuzz.input = m_malloc(sizeof(buffer));
     crypto_init();
 }
 
+int fuzzer_set_input(const uint8_t *Data, size_t Size) {
+
+    fuzz.input->data = (unsigned char*)Data;
+    fuzz.input->size = Size;
+    fuzz.input->len = Size;
+    fuzz.input->pos = 0;
+
+    // get prefix. input format is
+    // string prefix
+    //     uint32_t seed
+    //     ... to be extended later
+    // [bytes] ssh input stream
+
+    // be careful to avoid triggering buffer.c assertions
+    if (fuzz.input->len < 8) {
+        return DROPBEAR_FAILURE;
+    }
+    size_t prefix_size = buf_getint(fuzz.input);
+    if (prefix_size != 4) {
+        return DROPBEAR_FAILURE;
+    }
+    uint32_t wrapseed = buf_getint(fuzz.input);
+    wrapfd_setup(wrapseed);
+
+    seedrandom();
+
+    return DROPBEAR_SUCCESS;
+}
+
+
 void svr_setup_fuzzer(void) {
     struct passwd *pw;