ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-06-04 03:36:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add fuzzer-client_nomaths, fix client fuzzer

Browse Source 
--HG--
branch : fuzz
This commit is contained in:
Matt Johnston 2020-10-18 15:08:54 +08:00
parent 282fc81981
commit 33eba22966
5 changed files with 38 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Makefile.in
View File

@ -269,7 +269,7 @@ lint:
# list of fuzz targets # list of fuzz targets
FUZZ_TARGETS=fuzzer-preauth fuzzer-pubkey fuzzer-verify fuzzer-preauth_nomaths \ FUZZ_TARGETS=fuzzer-preauth fuzzer-pubkey fuzzer-verify fuzzer-preauth_nomaths \
fuzzer-kexdh fuzzer-kexecdh fuzzer-kexcurve25519 fuzzer-client fuzzer-kexdh fuzzer-kexecdh fuzzer-kexcurve25519 fuzzer-client fuzzer-client_nomaths
FUZZER_OPTIONS = $(addsuffix .options, $(FUZZ_TARGETS)) FUZZER_OPTIONS = $(addsuffix .options, $(FUZZ_TARGETS))
@ -311,6 +311,9 @@ fuzzer-kexcurve25519: fuzzer-kexcurve25519.o fuzz-harness.o
fuzzer-client: fuzzer-client.o fuzz-harness.o fuzzer-client: fuzzer-client.o fuzz-harness.o
$(CXX) $(CXXFLAGS) $@.o $(LDFLAGS) $(allobjs) -o $@$(EXEEXT) $(LIBTOM_LIBS) $(LIBS) $(FUZZLIB) @CRYPTLIB@ $(CXX) $(CXXFLAGS) $@.o $(LDFLAGS) $(allobjs) -o $@$(EXEEXT) $(LIBTOM_LIBS) $(LIBS) $(FUZZLIB) @CRYPTLIB@
fuzzer-client_nomaths: fuzzer-client_nomaths.o fuzz-harness.o
$(CXX) $(CXXFLAGS) $@.o $(LDFLAGS) $(allobjs) -o $@$(EXEEXT) $(LIBTOM_LIBS) $(LIBS) $(FUZZLIB) @CRYPTLIB@
fuzzer-%.options: Makefile fuzzer-%.options: Makefile
echo "[libfuzzer]" > $@ echo "[libfuzzer]" > $@
echo "max_len = 50000" >> $@ echo "max_len = 50000" >> $@

13
cli-kex.c
View File

@ -46,6 +46,13 @@ void send_msg_kexdh_init() {
TRACE(("send_msg_kexdh_init()")) TRACE(("send_msg_kexdh_init()"))
CHECKCLEARTOWRITE(); CHECKCLEARTOWRITE();
#if DROPBEAR_FUZZ
if (fuzz.fuzzing && fuzz.skip_kexmaths) {
return;
}
#endif
buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT); buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
switch (ses.newkeys->algo_kex->mode) { switch (ses.newkeys->algo_kex->mode) {
#if DROPBEAR_NORMAL_DH #if DROPBEAR_NORMAL_DH
@ -99,6 +106,12 @@ void recv_msg_kexdh_reply() {
TRACE(("enter recv_msg_kexdh_reply")) TRACE(("enter recv_msg_kexdh_reply"))
#if DROPBEAR_FUZZ
if (fuzz.fuzzing && fuzz.skip_kexmaths) {
return;
}
#endif
if (cli_ses.kex_state != KEXDH_INIT_SENT) { if (cli_ses.kex_state != KEXDH_INIT_SENT) {
dropbear_exit("Received out-of-order kexdhreply"); dropbear_exit("Received out-of-order kexdhreply");
} }

14
cli-session.c
View File

@ -352,6 +352,11 @@ static void cli_session_cleanup(void) {
(void)fcntl(cli_ses.stdoutcopy, F_SETFL, cli_ses.stdoutflags); (void)fcntl(cli_ses.stdoutcopy, F_SETFL, cli_ses.stdoutflags);
(void)fcntl(cli_ses.stderrcopy, F_SETFL, cli_ses.stderrflags); (void)fcntl(cli_ses.stderrcopy, F_SETFL, cli_ses.stderrflags);
/* Don't leak */
m_close(cli_ses.stdincopy);
m_close(cli_ses.stdoutcopy);
m_close(cli_ses.stderrcopy);
cli_tty_cleanup(); cli_tty_cleanup();
if (cli_ses.server_sig_algs) { if (cli_ses.server_sig_algs) {
buf_free(cli_ses.server_sig_algs); buf_free(cli_ses.server_sig_algs);
@ -430,10 +435,6 @@ void cli_dropbear_exit(int exitcode, const char* format, va_list param) {
/* Do the cleanup first, since then the terminal will be reset */ /* Do the cleanup first, since then the terminal will be reset */
session_cleanup(); session_cleanup();
/* Avoid printing onwards from terminal cruft */
fprintf(stderr, "\n");
dropbear_log(LOG_INFO, "%s", fullmsg);
#if DROPBEAR_FUZZ #if DROPBEAR_FUZZ
if (fuzz.do_jmp) { if (fuzz.do_jmp) {
@ -441,6 +442,11 @@ void cli_dropbear_exit(int exitcode, const char* format, va_list param) {
} }
#endif #endif
/* Avoid printing onwards from terminal cruft */
fprintf(stderr, "\n");
dropbear_log(LOG_INFO, "%s", fullmsg);
exit(exitcode); exit(exitcode);
} }

5
fuzz-common.c
View File

@ -37,6 +37,7 @@ int fuzz_set_input(const uint8_t *Data, size_t Size) {
memset(&ses, 0x0, sizeof(ses)); memset(&ses, 0x0, sizeof(ses));
memset(&svr_ses, 0x0, sizeof(svr_ses)); memset(&svr_ses, 0x0, sizeof(svr_ses));
memset(&cli_ses, 0x0, sizeof(cli_ses));
wrapfd_setup(fuzz.input); wrapfd_setup(fuzz.input);
fuzz_seed(); fuzz_seed();
@ -64,6 +65,7 @@ void fuzz_svr_setup(void) {
_dropbear_exit = svr_dropbear_exit; _dropbear_exit = svr_dropbear_exit;
char *argv[] = { char *argv[] = {
"dropbear",
"-E", "-E",
}; };
@ -80,6 +82,7 @@ void fuzz_cli_setup(void) {
_dropbear_log = cli_dropbear_log; _dropbear_log = cli_dropbear_log;
char *argv[] = { char *argv[] = {
"dbclient",
"-y", "-y",
"localhost", "localhost",
}; };
@ -168,7 +171,7 @@ int fuzz_spawn_command(int *ret_writefd, int *ret_readfd, int *ret_errfd, pid_t
if (ret_errfd) { if (ret_errfd) {
*ret_errfd = wrapfd_new(); *ret_errfd = wrapfd_new();
} }
ret_pid = 999; *ret_pid = 999;
return DROPBEAR_SUCCESS; return DROPBEAR_SUCCESS;
} }

6
fuzzer-client_nomaths.c Normal file
View File

@ -0,0 +1,6 @@
#include "fuzz.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
return fuzz_run_client(Data, Size, 1);
}