rearrange, all fuzzers now call fuzzer_set_input()

--HG-- branch : fuzz
2025-04-21 06:34:28 +00:00 · 2017-05-25 22:21:49 +08:00 · 2017-05-25 22:21:49 +08:00 · b8fa712847
commit b8fa712847
parent 095b067857
6 changed files with 39 additions and 38 deletions
--- a/fuzz-common.c
+++ b/fuzz-common.c
@ -31,23 +31,7 @@ int fuzzer_set_input(const uint8_t *Data, size_t Size) {
    memset(&ses, 0x0, sizeof(ses));
    memset(&svr_ses, 0x0, sizeof(svr_ses));
-
+    wrapfd_setup();
    // get prefix. input format is
    // string prefix
    //     uint32 wrapfd seed
    //     ... to be extended later
    // [bytes] ssh input stream
    // be careful to avoid triggering buffer.c assertions
    if (fuzz.input->len < 8) {
        return DROPBEAR_FAILURE;
    }
    size_t prefix_size = buf_getint(fuzz.input);
    if (prefix_size != 4) {
        return DROPBEAR_FAILURE;
    }
    uint32_t wrapseed = buf_getint(fuzz.input);
    wrapfd_setup(wrapseed);
    fuzz_seed();
--- a/fuzz-wrapfd.c
+++ b/fuzz-wrapfd.c
@ -26,13 +26,17 @@ static int wrap_used[IOWRAP_MAXFD+1];
 static unsigned int nused;
 static unsigned short rand_state[3];
-void wrapfd_setup(uint32_t seed) {
+void wrapfd_setup() {
 	TRACE(("wrapfd_setup %x", seed))
 	nused = 0;
 	memset(wrap_fds, 0x0, sizeof(wrap_fds));
 	memset(wrap_used, 0x0, sizeof(wrap_used));
 	memset(rand_state, 0x0, sizeof(rand_state));
 	wrapfd_setseed(50);
 }
 void wrapfd_setseed(uint32_t seed) {
 	*((uint32_t*)rand_state) = seed;
 	nrand48(rand_state);
 }
--- a/fuzz-wrapfd.h
+++ b/fuzz-wrapfd.h
@ -10,7 +10,8 @@ enum wrapfd_mode {
    RANDOMIN,
 };
-void wrapfd_setup(uint32_t wrapseed);
+void wrapfd_setup();
 void wrapfd_setseed(uint32_t seed);
 // doesn't take ownership of buf. buf is optional.
 void wrapfd_add(int fd, buffer *buf, enum wrapfd_mode mode);
--- a/fuzz.h
+++ b/fuzz.h
@ -13,7 +13,8 @@
 void common_setup_fuzzer(void);
 void svr_setup_fuzzer(void);
-// once per input. returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE
+// must be called once per fuzz iteration. 
 // returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE
 int fuzzer_set_input(const uint8_t *Data, size_t Size);
 // fuzzer functions that intrude into general code
--- a/fuzzer-preauth.c
+++ b/fuzzer-preauth.c
@ -19,6 +19,23 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 		return 0;
 	}
    // get prefix. input format is
    // string prefix
    //     uint32 wrapfd seed
    //     ... to be extended later
    // [bytes] ssh input stream
    // be careful to avoid triggering buffer.c assertions
    if (fuzz.input->len < 8) {
        return 0;
    }
    size_t prefix_size = buf_getint(fuzz.input);
    if (prefix_size != 4) {
        return 0;
    }
    uint32_t wrapseed = buf_getint(fuzz.input);
    wrapfd_setseed(wrapseed);
 	int fakesock = 1;
 	wrapfd_add(fakesock, fuzz.input, PLAIN);
--- a/fuzzer-pubkey.c
+++ b/fuzzer-pubkey.c
@ -14,18 +14,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 		once = 1;
 	}
-	m_malloc_set_epoch(1);
+	if (fuzzer_set_input(Data, Size) == DROPBEAR_FAILURE) {
    fuzz_seed();
    fuzz.input->data = (unsigned char*)Data;
    fuzz.input->len = Size;
    fuzz.input->size = Size;
    fuzz.input->pos = 0;
    if (Size < 4) {
 		return 0;
 	}
 	m_malloc_set_epoch(1);
 	// choose a keytype based on input
 	uint8_t b = 0;
 	size_t i;
@ -33,7 +27,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 		b ^= Data[i];
 	}
 	const char* algoname = fuzz_signkey_names[b%DROPBEAR_SIGNKEY_NUM_NAMED];
-    const char* keyblob = "fakekeyblob";
+	const char* keyblob = "blob"; // keep short
 	if (setjmp(fuzz.jmp) == 0) {
 		fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys",