From abee8093b3f029ea154b81e729b4a523dcfdb56e Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sun, 4 Mar 2018 19:19:45 +0800
Subject: [PATCH] use random keyblob from the fuzzer instead

---
 fuzzer-pubkey.c | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/fuzzer-pubkey.c b/fuzzer-pubkey.c
index 3dfe7b5..cb648e4 100644
--- a/fuzzer-pubkey.c
+++ b/fuzzer-pubkey.c
@@ -20,19 +20,22 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 
 	m_malloc_set_epoch(1);
 
-	/* choose a keytype based on input */
-	uint8_t b = 0;
-	size_t i;
-	for (i = 0; i < Size; i++) {
-		b ^= Data[i];
-	}
-	const char* algoname = fuzz_signkey_names[b%DROPBEAR_SIGNKEY_NUM_NAMED];
-	const char* keyblob = "blob"; /* keep short */
-
 	if (setjmp(fuzz.jmp) == 0) {
-		fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys", 
-			algoname, strlen(algoname),
-			(unsigned char*)keyblob, strlen(keyblob));
+		buffer *line = buf_getstringbuf(fuzz.input);
+		buffer *keyblob = buf_getstringbuf(fuzz.input);
+
+		unsigned int algolen;
+		const char* algoname = buf_getstring(keyblob, &algolen);
+
+		if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) {
+			dropbear_exit("fuzzer imagined a bogus algorithm");
+		}
+		fuzz_checkpubkey_line(line, 5, "/home/me/authorized_keys",
+			algoname, algolen,
+			keyblob->data, keyblob->len);
+
+		buf_free(line);
+		buf_free(keyblob);
 		m_malloc_free_epoch(1, 0);
 	} else {
 		m_malloc_free_epoch(1, 1);