Mercurial > dropbear
diff fuzzer-preauth.c @ 1456:a90fdd2d2ed8 fuzz
add fuzzer-preauth_nomaths
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 23 Jan 2018 23:05:47 +0800 |
| parents | f0990c284663 |
| children |
line wrap: on
line diff
--- a/fuzzer-preauth.c Tue Jan 23 22:46:07 2018 +0800 +++ b/fuzzer-preauth.c Tue Jan 23 23:05:47 2018 +0800 @@ -1,53 +1,6 @@ #include "fuzz.h" -#include "session.h" -#include "fuzz-wrapfd.h" -#include "debug.h" - -static void setup_fuzzer(void) { - svr_setup_fuzzer(); - //debug_trace = 1; -} int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - static int once = 0; - if (!once) { - setup_fuzzer(); - once = 1; - } - - if (fuzzer_set_input(Data, Size) == DROPBEAR_FAILURE) { - return 0; - } - - // get prefix. input format is - // string prefix - // uint32 wrapfd seed - // ... to be extended later - // [bytes] ssh input stream + return fuzz_run_preauth(Data, Size, 0); +} - // be careful to avoid triggering buffer.c assertions - if (fuzz.input->len < 8) { - return 0; - } - size_t prefix_size = buf_getint(fuzz.input); - if (prefix_size != 4) { - return 0; - } - uint32_t wrapseed = buf_getint(fuzz.input); - wrapfd_setseed(wrapseed); - - int fakesock = 20; - wrapfd_add(fakesock, fuzz.input, PLAIN); - - m_malloc_set_epoch(1); - if (setjmp(fuzz.jmp) == 0) { - svr_session(fakesock, fakesock); - m_malloc_free_epoch(1, 0); - } else { - m_malloc_free_epoch(1, 1); - TRACE(("dropbear_exit longjmped")) - // dropbear_exit jumped here - } - - return 0; -}