Mercurial > dropbear
changeset 1606:98d2b125eb89
kexhashbuf was much to small in kex fuzzers
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 08 Mar 2018 23:23:19 +0800 |
| parents | bff41a61a1b6 |
| children | 0bdbb9ecc403 |
| files | fuzzer-kexdh.c fuzzer-kexecdh.c |
| diffstat | 2 files changed, 2 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/fuzzer-kexdh.c Thu Mar 08 23:22:53 2018 +0800 +++ b/fuzzer-kexdh.c Thu Mar 08 23:23:19 2018 +0800 @@ -54,8 +54,7 @@ dropbear_exit("Bad kex value"); } - ses.kexhashbuf = buf_new(4); - buf_putint(ses.kexhashbuf, 12345); + ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS); kexdh_comb_key(dh_param, &dh_e, svr_opts.hostkey); /* kexhashbuf is freed in kexdh_comb_key */
--- a/fuzzer-kexecdh.c Thu Mar 08 23:22:53 2018 +0800 +++ b/fuzzer-kexecdh.c Thu Mar 08 23:23:19 2018 +0800 @@ -60,8 +60,7 @@ buffer * ecdh_qs = buf_getstringbuf(fuzz.input); - ses.kexhashbuf = buf_new(4); - buf_putint(ses.kexhashbuf, 12345); + ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS); kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey); /* kexhashbuf is freed in kexdh_comb_key */