Mercurial > dropbear
view fuzz-common.c @ 1367:00fb0a1f9b70 fuzz
define SIZE_T_MAX
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 22 May 2017 22:09:46 +0800 |
parents | 6b89eb92f872 |
children | ddfcadca3c4c |
line wrap: on
line source
#include "includes.h" #include "includes.h" #include "fuzz.h" #include "dbutil.h" #include "runopts.h" #include "crypto_desc.h" #include "session.h" #include "dbrandom.h" #include "fuzz-wrapfd.h" struct dropbear_fuzz_options fuzz; static void load_fixed_hostkeys(void); static void common_setup_fuzzer(void) { fuzz.fuzzing = 1; fuzz.wrapfds = 1; fuzz.input = m_malloc(sizeof(buffer)); crypto_init(); } int fuzzer_set_input(const uint8_t *Data, size_t Size) { fuzz.input->data = (unsigned char*)Data; fuzz.input->size = Size; fuzz.input->len = Size; fuzz.input->pos = 0; memset(&ses, 0x0, sizeof(ses)); memset(&svr_ses, 0x0, sizeof(svr_ses)); // get prefix. input format is // string prefix // uint32 wrapfd seed // ... to be extended later // [bytes] ssh input stream // be careful to avoid triggering buffer.c assertions if (fuzz.input->len < 8) { return DROPBEAR_FAILURE; } size_t prefix_size = buf_getint(fuzz.input); if (prefix_size != 4) { return DROPBEAR_FAILURE; } uint32_t wrapseed = buf_getint(fuzz.input); wrapfd_setup(wrapseed); seedfuzz(); return DROPBEAR_SUCCESS; } void svr_setup_fuzzer(void) { struct passwd *pw; common_setup_fuzzer(); _dropbear_exit = svr_dropbear_exit; _dropbear_log = svr_dropbear_log; char *argv[] = { "-E", }; int argc = sizeof(argv) / sizeof(*argv); svr_getopts(argc, argv); /* user lookups might be slow, cache it */ pw = getpwuid(getuid()); dropbear_assert(pw); fuzz.pw_name = m_strdup(pw->pw_name); fuzz.pw_dir = m_strdup(pw->pw_dir); fuzz.pw_shell = m_strdup(pw->pw_shell); fuzz.pw_passwd = m_strdup("!!zzznope"); load_fixed_hostkeys(); } static void load_fixed_hostkeys(void) { #include "fuzz-hostkeys.c" buffer *b = buf_new(3000); enum signkey_type type; TRACE(("load fixed hostkeys")) svr_opts.hostkey = new_sign_key(); buf_setlen(b, 0); buf_putbytes(b, keyr, keyr_len); buf_setpos(b, 0); type = DROPBEAR_SIGNKEY_RSA; if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { dropbear_exit("failed fixed rsa hostkey"); } buf_setlen(b, 0); buf_putbytes(b, keyd, keyd_len); buf_setpos(b, 0); type = DROPBEAR_SIGNKEY_DSS; if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { dropbear_exit("failed fixed dss hostkey"); } buf_setlen(b, 0); buf_putbytes(b, keye, keye_len); buf_setpos(b, 0); type = DROPBEAR_SIGNKEY_ECDSA_NISTP256; if (buf_get_priv_key(b, svr_opts.hostkey, &type) == DROPBEAR_FAILURE) { dropbear_exit("failed fixed ecdsa hostkey"); } buf_free(b); } void fuzz_kex_fakealgos(void) { ses.newkeys->recv.crypt_mode = &dropbear_mode_none; }