ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-04-21 14:44:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

kexhashbuf was much to small in kex fuzzers

Browse Source
This commit is contained in:
Matt Johnston 2018-03-08 23:23:19 +08:00
parent 933bc5f8a7
commit 397af3e6a6
2 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fuzzer-kexdh.c
View File

@ -54,8 +54,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
dropbear_exit("Bad kex value"); dropbear_exit("Bad kex value");
} }
ses.kexhashbuf = buf_new(4); ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
buf_putint(ses.kexhashbuf, 12345);
kexdh_comb_key(dh_param, &dh_e, svr_opts.hostkey); kexdh_comb_key(dh_param, &dh_e, svr_opts.hostkey);
/* kexhashbuf is freed in kexdh_comb_key */ /* kexhashbuf is freed in kexdh_comb_key */

3
fuzzer-kexecdh.c
View File

@ -60,8 +60,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
buffer * ecdh_qs = buf_getstringbuf(fuzz.input); buffer * ecdh_qs = buf_getstringbuf(fuzz.input);
ses.kexhashbuf = buf_new(4); ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS);
buf_putint(ses.kexhashbuf, 12345);
kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey); kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey);
/* kexhashbuf is freed in kexdh_comb_key */ /* kexhashbuf is freed in kexdh_comb_key */