Mercurial > dropbear
diff packet.c @ 1597:8f7b6f75aa58
fix uninitialised memory in fuzzer codepath
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Tue, 06 Mar 2018 22:02:19 +0800 |
parents | 399d8eb961b5 |
children | a3bb8f8949de |
line wrap: on
line diff
--- a/packet.c Tue Mar 06 21:51:51 2018 +0800 +++ b/packet.c Tue Mar 06 22:02:19 2018 +0800 @@ -364,9 +364,11 @@ #if DROPBEAR_FUZZ if (fuzz.fuzzing) { - /* fail 1 in 2000 times to test error path. - note that mac_bytes is all zero prior to kex, so don't test ==0 ! */ - unsigned int value = *((unsigned int*)&mac_bytes); + /* fail 1 in 2000 times to test error path. */ + unsigned int value = 0; + if (mac_size > sizeof(value)) { + memcpy(&value, mac_bytes, sizeof(value)); + } if (value % 2000 == 99) { return DROPBEAR_FAILURE; }