Mercurial > dropbear

view fuzzer-pubkey.c @ 1663:c795520269f9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fallback for key gen without hard link support (#89) Add a non-atomic fallback for key generation on platforms where link() is not permitted (such as most stock Android installs) or on filesystems without hard link support (such as FAT).
author Matt Robinson <git@nerdoftheherd.com>
date Sat, 14 Mar 2020 14:37:35 +0000
parents 252b406d0e9a
children ba6fc7afe1c5
line wrap: on
line source

#include "fuzz.h"
#include "session.h"
#include "fuzz-wrapfd.h"
#include "debug.h"

static void setup_fuzzer(void) {
	fuzz_common_setup();
}

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
	static int once = 0;
	if (!once) {
		setup_fuzzer();
		once = 1;
	}

	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
		return 0;
	}

	m_malloc_set_epoch(1);

	if (setjmp(fuzz.jmp) == 0) {
		buffer *line = buf_getstringbuf(fuzz.input);
		buffer *keyblob = buf_getstringbuf(fuzz.input);

		unsigned int algolen;
		char* algoname = buf_getstring(keyblob, &algolen);

		if (have_algo(algoname, algolen, sshhostkey) == DROPBEAR_FAILURE) {
			dropbear_exit("fuzzer imagined a bogus algorithm");
		}

		int ret = fuzz_checkpubkey_line(line, 5, "/home/me/authorized_keys",
			algoname, algolen,
			keyblob->data, keyblob->len);

		if (ret == DROPBEAR_SUCCESS) {
			/* fuzz_checkpubkey_line() should have cleaned up for failure */
			svr_pubkey_options_cleanup();
		}

		buf_free(line);
		buf_free(keyblob);
		m_free(algoname);
		m_malloc_free_epoch(1, 0);
	} else {
		m_malloc_free_epoch(1, 1);
		TRACE(("dropbear_exit longjmped"))
		/* dropbear_exit jumped here */
	}

	return 0;
}