rearrange, all fuzzers now call fuzzer_set_input()

--HG--
branch : fuzz

fuzz-common.c

@@ -31,23 +31,7 @@ int fuzzer_set_input(const uint8_t *Data, size_t Size) {
 
     memset(&ses, 0x0, sizeof(ses));
     memset(&svr_ses, 0x0, sizeof(svr_ses));
-
+    wrapfd_setup();
-    // get prefix. input format is
-    // string prefix
-    //     uint32 wrapfd seed
-    //     ... to be extended later
-    // [bytes] ssh input stream
-
-    // be careful to avoid triggering buffer.c assertions
-    if (fuzz.input->len < 8) {
-        return DROPBEAR_FAILURE;
-    }
-    size_t prefix_size = buf_getint(fuzz.input);
-    if (prefix_size != 4) {
-        return DROPBEAR_FAILURE;
-    }
-    uint32_t wrapseed = buf_getint(fuzz.input);
-    wrapfd_setup(wrapseed);
 
     fuzz_seed();
 

fuzz-wrapfd.c

@@ -26,13 +26,17 @@ static int wrap_used[IOWRAP_MAXFD+1];
 static unsigned int nused;
 static unsigned short rand_state[3];
 
-void wrapfd_setup(uint32_t seed) {
+void wrapfd_setup() {
 	TRACE(("wrapfd_setup %x", seed))
 	nused = 0;
 	memset(wrap_fds, 0x0, sizeof(wrap_fds));
 	memset(wrap_used, 0x0, sizeof(wrap_used));
 
 	memset(rand_state, 0x0, sizeof(rand_state));
+	wrapfd_setseed(50);
+}
+
+void wrapfd_setseed(uint32_t seed) {
 	*((uint32_t*)rand_state) = seed;
 	nrand48(rand_state);
 }

fuzz-wrapfd.h

@@ -10,7 +10,8 @@ enum wrapfd_mode {
     RANDOMIN,
 };
 
-void wrapfd_setup(uint32_t wrapseed);
+void wrapfd_setup();
+void wrapfd_setseed(uint32_t seed);
 // doesn't take ownership of buf. buf is optional.
 void wrapfd_add(int fd, buffer *buf, enum wrapfd_mode mode);
 

fuzz.h

@@ -13,7 +13,8 @@
 void common_setup_fuzzer(void);
 void svr_setup_fuzzer(void);
 
-// once per input. returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE
+// must be called once per fuzz iteration. 
+// returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE
 int fuzzer_set_input(const uint8_t *Data, size_t Size);
 
 // fuzzer functions that intrude into general code

fuzzer-preauth.c

@@ -19,6 +19,23 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 		return 0;
 	}
 
+    // get prefix. input format is
+    // string prefix
+    //     uint32 wrapfd seed
+    //     ... to be extended later
+    // [bytes] ssh input stream
+
+    // be careful to avoid triggering buffer.c assertions
+    if (fuzz.input->len < 8) {
+        return 0;
+    }
+    size_t prefix_size = buf_getint(fuzz.input);
+    if (prefix_size != 4) {
+        return 0;
+    }
+    uint32_t wrapseed = buf_getint(fuzz.input);
+    wrapfd_setseed(wrapseed);
+
 	int fakesock = 1;
 	wrapfd_add(fakesock, fuzz.input, PLAIN);
 

fuzzer-pubkey.c

@@ -14,26 +14,20 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 		once = 1;
 	}
 
+	if (fuzzer_set_input(Data, Size) == DROPBEAR_FAILURE) {
+		return 0;
+	}
+
 	m_malloc_set_epoch(1);
 
-    fuzz_seed();
+	// choose a keytype based on input
-    fuzz.input->data = (unsigned char*)Data;
+	uint8_t b = 0;
-    fuzz.input->len = Size;
+	size_t i;
-    fuzz.input->size = Size;
+	for (i = 0; i < Size; i++) {
-    fuzz.input->pos = 0;
+		b ^= Data[i];
-
+	}
-    if (Size < 4) {
+	const char* algoname = fuzz_signkey_names[b%DROPBEAR_SIGNKEY_NUM_NAMED];
-    	return 0;
+	const char* keyblob = "blob"; // keep short
-    }
-
-    // choose a keytype based on input
-    uint8_t b = 0;
-    size_t i;
-    for (i = 0; i < Size; i++) {
-    	b ^= Data[i];
-    }
-    const char* algoname = fuzz_signkey_names[b%DROPBEAR_SIGNKEY_NUM_NAMED];
-    const char* keyblob = "fakekeyblob";
 
 	if (setjmp(fuzz.jmp) == 0) {
 		fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys",