mirror of
https://github.com/clearml/dropbear
synced 2025-06-04 03:36:26 +00:00
Add fuzzer-client_nomaths, fix client fuzzer
--HG-- branch : fuzz
This commit is contained in:
parent
282fc81981
commit
33eba22966
@ -269,7 +269,7 @@ lint:
|
|||||||
|
|
||||||
# list of fuzz targets
|
# list of fuzz targets
|
||||||
FUZZ_TARGETS=fuzzer-preauth fuzzer-pubkey fuzzer-verify fuzzer-preauth_nomaths \
|
FUZZ_TARGETS=fuzzer-preauth fuzzer-pubkey fuzzer-verify fuzzer-preauth_nomaths \
|
||||||
fuzzer-kexdh fuzzer-kexecdh fuzzer-kexcurve25519 fuzzer-client
|
fuzzer-kexdh fuzzer-kexecdh fuzzer-kexcurve25519 fuzzer-client fuzzer-client_nomaths
|
||||||
|
|
||||||
FUZZER_OPTIONS = $(addsuffix .options, $(FUZZ_TARGETS))
|
FUZZER_OPTIONS = $(addsuffix .options, $(FUZZ_TARGETS))
|
||||||
|
|
||||||
@ -311,6 +311,9 @@ fuzzer-kexcurve25519: fuzzer-kexcurve25519.o fuzz-harness.o
|
|||||||
fuzzer-client: fuzzer-client.o fuzz-harness.o
|
fuzzer-client: fuzzer-client.o fuzz-harness.o
|
||||||
$(CXX) $(CXXFLAGS) $@.o $(LDFLAGS) $(allobjs) -o $@$(EXEEXT) $(LIBTOM_LIBS) $(LIBS) $(FUZZLIB) @CRYPTLIB@
|
$(CXX) $(CXXFLAGS) $@.o $(LDFLAGS) $(allobjs) -o $@$(EXEEXT) $(LIBTOM_LIBS) $(LIBS) $(FUZZLIB) @CRYPTLIB@
|
||||||
|
|
||||||
|
fuzzer-client_nomaths: fuzzer-client_nomaths.o fuzz-harness.o
|
||||||
|
$(CXX) $(CXXFLAGS) $@.o $(LDFLAGS) $(allobjs) -o $@$(EXEEXT) $(LIBTOM_LIBS) $(LIBS) $(FUZZLIB) @CRYPTLIB@
|
||||||
|
|
||||||
fuzzer-%.options: Makefile
|
fuzzer-%.options: Makefile
|
||||||
echo "[libfuzzer]" > $@
|
echo "[libfuzzer]" > $@
|
||||||
echo "max_len = 50000" >> $@
|
echo "max_len = 50000" >> $@
|
||||||
|
13
cli-kex.c
13
cli-kex.c
@ -46,6 +46,13 @@ void send_msg_kexdh_init() {
|
|||||||
TRACE(("send_msg_kexdh_init()"))
|
TRACE(("send_msg_kexdh_init()"))
|
||||||
|
|
||||||
CHECKCLEARTOWRITE();
|
CHECKCLEARTOWRITE();
|
||||||
|
|
||||||
|
#if DROPBEAR_FUZZ
|
||||||
|
if (fuzz.fuzzing && fuzz.skip_kexmaths) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
|
buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
|
||||||
switch (ses.newkeys->algo_kex->mode) {
|
switch (ses.newkeys->algo_kex->mode) {
|
||||||
#if DROPBEAR_NORMAL_DH
|
#if DROPBEAR_NORMAL_DH
|
||||||
@ -99,6 +106,12 @@ void recv_msg_kexdh_reply() {
|
|||||||
|
|
||||||
TRACE(("enter recv_msg_kexdh_reply"))
|
TRACE(("enter recv_msg_kexdh_reply"))
|
||||||
|
|
||||||
|
#if DROPBEAR_FUZZ
|
||||||
|
if (fuzz.fuzzing && fuzz.skip_kexmaths) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
if (cli_ses.kex_state != KEXDH_INIT_SENT) {
|
if (cli_ses.kex_state != KEXDH_INIT_SENT) {
|
||||||
dropbear_exit("Received out-of-order kexdhreply");
|
dropbear_exit("Received out-of-order kexdhreply");
|
||||||
}
|
}
|
||||||
|
@ -352,6 +352,11 @@ static void cli_session_cleanup(void) {
|
|||||||
(void)fcntl(cli_ses.stdoutcopy, F_SETFL, cli_ses.stdoutflags);
|
(void)fcntl(cli_ses.stdoutcopy, F_SETFL, cli_ses.stdoutflags);
|
||||||
(void)fcntl(cli_ses.stderrcopy, F_SETFL, cli_ses.stderrflags);
|
(void)fcntl(cli_ses.stderrcopy, F_SETFL, cli_ses.stderrflags);
|
||||||
|
|
||||||
|
/* Don't leak */
|
||||||
|
m_close(cli_ses.stdincopy);
|
||||||
|
m_close(cli_ses.stdoutcopy);
|
||||||
|
m_close(cli_ses.stderrcopy);
|
||||||
|
|
||||||
cli_tty_cleanup();
|
cli_tty_cleanup();
|
||||||
if (cli_ses.server_sig_algs) {
|
if (cli_ses.server_sig_algs) {
|
||||||
buf_free(cli_ses.server_sig_algs);
|
buf_free(cli_ses.server_sig_algs);
|
||||||
@ -430,10 +435,6 @@ void cli_dropbear_exit(int exitcode, const char* format, va_list param) {
|
|||||||
|
|
||||||
/* Do the cleanup first, since then the terminal will be reset */
|
/* Do the cleanup first, since then the terminal will be reset */
|
||||||
session_cleanup();
|
session_cleanup();
|
||||||
/* Avoid printing onwards from terminal cruft */
|
|
||||||
fprintf(stderr, "\n");
|
|
||||||
|
|
||||||
dropbear_log(LOG_INFO, "%s", fullmsg);
|
|
||||||
|
|
||||||
#if DROPBEAR_FUZZ
|
#if DROPBEAR_FUZZ
|
||||||
if (fuzz.do_jmp) {
|
if (fuzz.do_jmp) {
|
||||||
@ -441,6 +442,11 @@ void cli_dropbear_exit(int exitcode, const char* format, va_list param) {
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* Avoid printing onwards from terminal cruft */
|
||||||
|
fprintf(stderr, "\n");
|
||||||
|
|
||||||
|
dropbear_log(LOG_INFO, "%s", fullmsg);
|
||||||
|
|
||||||
exit(exitcode);
|
exit(exitcode);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -37,6 +37,7 @@ int fuzz_set_input(const uint8_t *Data, size_t Size) {
|
|||||||
|
|
||||||
memset(&ses, 0x0, sizeof(ses));
|
memset(&ses, 0x0, sizeof(ses));
|
||||||
memset(&svr_ses, 0x0, sizeof(svr_ses));
|
memset(&svr_ses, 0x0, sizeof(svr_ses));
|
||||||
|
memset(&cli_ses, 0x0, sizeof(cli_ses));
|
||||||
wrapfd_setup(fuzz.input);
|
wrapfd_setup(fuzz.input);
|
||||||
|
|
||||||
fuzz_seed();
|
fuzz_seed();
|
||||||
@ -64,6 +65,7 @@ void fuzz_svr_setup(void) {
|
|||||||
_dropbear_exit = svr_dropbear_exit;
|
_dropbear_exit = svr_dropbear_exit;
|
||||||
|
|
||||||
char *argv[] = {
|
char *argv[] = {
|
||||||
|
"dropbear",
|
||||||
"-E",
|
"-E",
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -80,6 +82,7 @@ void fuzz_cli_setup(void) {
|
|||||||
_dropbear_log = cli_dropbear_log;
|
_dropbear_log = cli_dropbear_log;
|
||||||
|
|
||||||
char *argv[] = {
|
char *argv[] = {
|
||||||
|
"dbclient",
|
||||||
"-y",
|
"-y",
|
||||||
"localhost",
|
"localhost",
|
||||||
};
|
};
|
||||||
@ -168,7 +171,7 @@ int fuzz_spawn_command(int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t
|
|||||||
if (ret_errfd) {
|
if (ret_errfd) {
|
||||||
*ret_errfd = wrapfd_new();
|
*ret_errfd = wrapfd_new();
|
||||||
}
|
}
|
||||||
ret_pid = 999;
|
*ret_pid = 999;
|
||||||
return DROPBEAR_SUCCESS;
|
return DROPBEAR_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
6
fuzzer-client_nomaths.c
Normal file
6
fuzzer-client_nomaths.c
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
#include "fuzz.h"
|
||||||
|
|
||||||
|
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
|
||||||
|
return fuzz_run_client(Data, Size, 1);
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user