diff packet.c @ 1597:8f7b6f75aa58

fix uninitialised memory in fuzzer codepath
author Matt Johnston <matt@ucc.asn.au>
date Tue, 06 Mar 2018 22:02:19 +0800
parents 399d8eb961b5
children a3bb8f8949de
line wrap: on
line diff
--- a/packet.c	Tue Mar 06 21:51:51 2018 +0800
+++ b/packet.c	Tue Mar 06 22:02:19 2018 +0800
@@ -364,9 +364,11 @@
 
 #if DROPBEAR_FUZZ
 	if (fuzz.fuzzing) {
-		/* fail 1 in 2000 times to test error path.
-		   note that mac_bytes is all zero prior to kex, so don't test ==0 ! */
-		unsigned int value = *((unsigned int*)&mac_bytes);
+	 	/* fail 1 in 2000 times to test error path. */
+		unsigned int value = 0;
+		if (mac_size > sizeof(value)) {
+			memcpy(&value, mac_bytes, sizeof(value));
+		}
 		if (value % 2000 == 99) {
 			return DROPBEAR_FAILURE;
 		}