Mercurial > dropbear

view fuzzer-pubkey.c @ 1588:149a5329d83a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
dictionary for fuzzer-preauth
author Matt Johnston <matt@ucc.asn.au>
date Mon, 05 Mar 2018 00:59:17 +0800
parents e6a5e51a29c9
children 252b406d0e9a
line wrap: on
line source

#include "fuzz.h"
#include "session.h"
#include "fuzz-wrapfd.h"
#include "debug.h"

static void setup_fuzzer(void) {
	fuzz_common_setup();
}

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
	static int once = 0;
	if (!once) {
		setup_fuzzer();
		once = 1;
	}

	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
		return 0;
	}

	m_malloc_set_epoch(1);

	if (setjmp(fuzz.jmp) == 0) {
		buffer *line = buf_getstringbuf(fuzz.input);
		buffer *keyblob = buf_getstringbuf(fuzz.input);

		unsigned int algolen;
		char* algoname = buf_getstring(keyblob, &algolen);

		if (have_algo(algoname, algolen, sshhostkey) == DROPBEAR_FAILURE) {
			dropbear_exit("fuzzer imagined a bogus algorithm");
		}
		fuzz_checkpubkey_line(line, 5, "/home/me/authorized_keys",
			algoname, algolen,
			keyblob->data, keyblob->len);

		buf_free(line);
		buf_free(keyblob);
		m_free(algoname);
		m_malloc_free_epoch(1, 0);
	} else {
		m_malloc_free_epoch(1, 1);
		TRACE(("dropbear_exit longjmped"))
		/* dropbear_exit jumped here */
	}

	return 0;
}