Mercurial > dropbear
view fuzzer-kexcurve25519.c @ 1665:7c17995bcdfb
Improve address logging on early exit messages (#83)
Change 'Early exit' and 'Exit before auth' messages to include the IP
address & port as part of the message.
This allows log scanning utilities such as 'fail2ban' to obtain the
offending IP address as part of the failure event instead of extracting
the PID from the message and then scanning the log again for match
'child connection from' messages
Signed-off-by: Kevin Darbyshire-Bryant <[email protected]>
author | Kevin Darbyshire-Bryant <6500011+ldir-EDB0@users.noreply.github.com> |
---|---|
date | Wed, 18 Mar 2020 15:28:56 +0000 |
parents | d32bcb5c557d |
children |
line wrap: on
line source
#include "fuzz.h" #include "session.h" #include "fuzz-wrapfd.h" #include "debug.h" #include "runopts.h" #include "algo.h" #include "bignum.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { static int once = 0; static struct key_context* keep_newkeys = NULL; /* number of generated parameters is limited by the timeout for the first run. TODO move this to the libfuzzer initialiser function instead if the timeout doesn't apply there */ #define NUM_PARAMS 20 static struct kex_curve25519_param *curve25519_params[NUM_PARAMS]; if (!once) { fuzz_common_setup(); fuzz_svr_setup(); keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context)); keep_newkeys->algo_kex = fuzz_get_algo(sshkex, "curve25519-sha256"); keep_newkeys->algo_hostkey = DROPBEAR_SIGNKEY_ED25519; ses.newkeys = keep_newkeys; /* Pre-generate parameters */ int i; for (i = 0; i < NUM_PARAMS; i++) { curve25519_params[i] = gen_kexcurve25519_param(); } once = 1; } if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { return 0; } m_malloc_set_epoch(1); if (setjmp(fuzz.jmp) == 0) { /* Based on recv_msg_kexdh_init()/send_msg_kexdh_reply() with DROPBEAR_KEX_CURVE25519 */ ses.newkeys = keep_newkeys; /* Choose from the collection of curve25519 params */ unsigned int e = buf_getint(fuzz.input); struct kex_curve25519_param *curve25519_param = curve25519_params[e % NUM_PARAMS]; buffer * ecdh_qs = buf_getstringbuf(fuzz.input); ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS); kexcurve25519_comb_key(curve25519_param, ecdh_qs, svr_opts.hostkey); mp_clear(ses.dh_K); m_free(ses.dh_K); buf_free(ecdh_qs); buf_free(ses.hash); buf_free(ses.session_id); /* kexhashbuf is freed in kexdh_comb_key */ m_malloc_free_epoch(1, 0); } else { m_malloc_free_epoch(1, 1); TRACE(("dropbear_exit longjmped")) /* dropbear_exit jumped here */ } return 0; }