changeset 1606:98d2b125eb89

kexhashbuf was much to small in kex fuzzers
author Matt Johnston <matt@ucc.asn.au>
date Thu, 08 Mar 2018 23:23:19 +0800
parents bff41a61a1b6
children 0bdbb9ecc403
files fuzzer-kexdh.c fuzzer-kexecdh.c
diffstat 2 files changed, 2 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/fuzzer-kexdh.c	Thu Mar 08 23:22:53 2018 +0800
+++ b/fuzzer-kexdh.c	Thu Mar 08 23:23:19 2018 +0800
@@ -54,8 +54,7 @@
 			dropbear_exit("Bad kex value");
 		}
 
-		ses.kexhashbuf = buf_new(4);
-		buf_putint(ses.kexhashbuf, 12345);
+		ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
 		kexdh_comb_key(dh_param, &dh_e, svr_opts.hostkey);
 
 		/* kexhashbuf is freed in kexdh_comb_key */
--- a/fuzzer-kexecdh.c	Thu Mar 08 23:22:53 2018 +0800
+++ b/fuzzer-kexecdh.c	Thu Mar 08 23:23:19 2018 +0800
@@ -60,8 +60,7 @@
 
 		buffer * ecdh_qs = buf_getstringbuf(fuzz.input);
 
-		ses.kexhashbuf = buf_new(4);
-		buf_putint(ses.kexhashbuf, 12345);
+		ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
 		kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey);
 
 		/* kexhashbuf is freed in kexdh_comb_key */