ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-04-08 22:54:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

use random keyblob from the fuzzer instead

Browse Source
This commit is contained in:
Matt Johnston 2018-03-04 19:19:45 +08:00
parent 2583b180c9
commit abee8093b3
1 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
fuzzer-pubkey.c
View File

@ -20,19 +20,22 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
m_malloc_set_epoch(1);
/* choose a keytype based on input */
uint8_t b = 0;
size_t i;
for (i = 0; i < Size; i++) {
b ^= Data[i];
}
const char* algoname = fuzz_signkey_names[b%DROPBEAR_SIGNKEY_NUM_NAMED];
const char* keyblob = "blob"; /* keep short */
if (setjmp(fuzz.jmp) == 0) {
fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys",
algoname, strlen(algoname),
(unsigned char*)keyblob, strlen(keyblob));
buffer *line = buf_getstringbuf(fuzz.input);
buffer *keyblob = buf_getstringbuf(fuzz.input);
unsigned int algolen;
const char* algoname = buf_getstring(keyblob, &algolen);
if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) {
dropbear_exit("fuzzer imagined a bogus algorithm");
}
fuzz_checkpubkey_line(line, 5, "/home/me/authorized_keys",
algoname, algolen,
keyblob->data, keyblob->len);
buf_free(line);
buf_free(keyblob);
m_malloc_free_epoch(1, 0);
} else {
m_malloc_free_epoch(1, 1);