ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-01-31 02:46:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Move fuzzer-kex initialisation into a constructor function

Browse Source 
Hopefully this can avoid hitting AFL timeouts
https://github.com/google/oss-fuzz/pull/2474
This commit is contained in:
Matt Johnston 2020-10-29 23:00:52 +08:00
parent 6aa065b1b4
commit b8352f8164
3 changed files with 65 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
fuzz/fuzzer-kexcurve25519.c
View File

@ -6,16 +6,14 @@
#include "algo.h"
#include "bignum.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
static int once = 0;
static struct key_context* keep_newkeys = NULL;
/* number of generated parameters is limited by the timeout for the first run.
TODO move this to the libfuzzer initialiser function instead if the timeout
doesn't apply there */
#define NUM_PARAMS 20
/* An arbitrary limit */
#define NUM_PARAMS 80
static struct kex_curve25519_param *curve25519_params[NUM_PARAMS];
if (!once) {
static void setup() __attribute__((constructor));
// Perform initial setup here to avoid hitting timeouts on first run
static void setup() {
fuzz_common_setup();
fuzz_svr_setup();
@ -29,10 +27,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
for (i = 0; i < NUM_PARAMS; i++) {
curve25519_params[i] = gen_kexcurve25519_param();
}
once = 1;
}
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
return 0;
}

14
fuzz/fuzzer-kexdh.c
View File

@ -6,16 +6,13 @@
#include "algo.h"
#include "bignum.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
static int once = 0;
static struct key_context* keep_newkeys = NULL;
/* number of generated parameters is limited by the timeout for the first run.
TODO move this to the libfuzzer initialiser function instead if the timeout
doesn't apply there */
#define NUM_PARAMS 20
#define NUM_PARAMS 80
static struct kex_dh_param *dh_params[NUM_PARAMS];
if (!once) {
static void setup() __attribute__((constructor));
// Perform initial setup here to avoid hitting timeouts on first run
static void setup() {
fuzz_common_setup();
fuzz_svr_setup();
@ -29,10 +26,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
for (i = 0; i < NUM_PARAMS; i++) {
dh_params[i] = gen_kexdh_param();
}
once = 1;
}
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
return 0;
}

12
fuzz/fuzzer-kexecdh.c
View File

@ -6,15 +6,15 @@
#include "algo.h"
#include "bignum.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
static int once = 0;
static const struct dropbear_kex *ecdh[3]; /* 256, 384, 521 */
static struct key_context* keep_newkeys = NULL;
/* number of generated parameters is limited by the timeout for the first run */
/* number of generated parameters. An arbitrary limit, but will delay startup */
#define NUM_PARAMS 80
static struct kex_ecdh_param *ecdh_params[NUM_PARAMS];
if (!once) {
static void setup() __attribute__((constructor));
// Perform initial setup here to avoid hitting timeouts on first run
static void setup() {
fuzz_common_setup();
fuzz_svr_setup();
@ -35,10 +35,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
ses.newkeys->algo_kex = ecdh[i % 3];
ecdh_params[i] = gen_kexecdh_param();
}
once = 1;
}
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
return 0;
}