Mercurial > dropbear
changeset 1384:ecdd4e8ae427 fuzz
don't longjmp for fuzzer-preauth (temporary to debug asan)
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 30 May 2017 22:50:52 +0800 |
| parents | f03cfe9c76ac |
| children | 6c92e97553f1 |
| files | fuzzer-preauth.c |
| diffstat | 1 files changed, 20 insertions(+), 16 deletions(-) [+] |
line wrap: on
line diff
--- a/fuzzer-preauth.c Fri May 26 22:10:51 2017 +0800 +++ b/fuzzer-preauth.c Tue May 30 22:50:52 2017 +0800 @@ -19,35 +19,39 @@ return 0; } - // get prefix. input format is - // string prefix - // uint32 wrapfd seed - // ... to be extended later - // [bytes] ssh input stream + // get prefix. input format is + // string prefix + // uint32 wrapfd seed + // ... to be extended later + // [bytes] ssh input stream - // be careful to avoid triggering buffer.c assertions - if (fuzz.input->len < 8) { - return 0; - } - size_t prefix_size = buf_getint(fuzz.input); - if (prefix_size != 4) { - return 0; - } - uint32_t wrapseed = buf_getint(fuzz.input); - wrapfd_setseed(wrapseed); + // be careful to avoid triggering buffer.c assertions + if (fuzz.input->len < 8) { + return 0; + } + size_t prefix_size = buf_getint(fuzz.input); + if (prefix_size != 4) { + return 0; + } + uint32_t wrapseed = buf_getint(fuzz.input); + wrapfd_setseed(wrapseed); int fakesock = 20; wrapfd_add(fakesock, fuzz.input, PLAIN); m_malloc_set_epoch(1); + // temporarily disable setjmp to debug asan segv + svr_session(fakesock, fakesock); + #if 0 if (setjmp(fuzz.jmp) == 0) { svr_session(fakesock, fakesock); - m_malloc_free_epoch(1, 0); + m_malloc_free_epoch(1, 0); } else { m_malloc_free_epoch(1, 1); TRACE(("dropbear_exit longjmped")) // dropbear_exit jumped here } + #endif return 0; }