kexhashbuf was much to small in kex fuzzers

2025-04-16 05:21:18 +00:00 · 2018-03-08 23:23:19 +08:00 · 2018-03-08 23:23:19 +08:00 · 397af3e6a6
commit 397af3e6a6
parent 933bc5f8a7
2 changed files with 2 additions and 4 deletions
--- a/fuzzer-kexdh.c
+++ b/fuzzer-kexdh.c
@ -54,8 +54,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 			dropbear_exit("Bad kex value");
 		}

-		ses.kexhashbuf = buf_new(4);
-		buf_putint(ses.kexhashbuf, 12345);
+		ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
 		kexdh_comb_key(dh_param, &dh_e, svr_opts.hostkey);

 		/* kexhashbuf is freed in kexdh_comb_key */
--- a/fuzzer-kexecdh.c
+++ b/fuzzer-kexecdh.c
@ -60,8 +60,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {

 		buffer * ecdh_qs = buf_getstringbuf(fuzz.input);

-		ses.kexhashbuf = buf_new(4);
-		buf_putint(ses.kexhashbuf, 12345);
+		ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
 		kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey);

 		/* kexhashbuf is freed in kexdh_comb_key */