diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2018-03-04 19:19:45 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2018-03-04 19:19:45 +0800 |
| commit | abee8093b3f029ea154b81e729b4a523dcfdb56e (patch) | |
| tree | 86ce59eba63932255234844bb96b2753af5ae4a8 | |
| parent | 2583b180c994ed37e462547e160b1141d9536d76 (diff) | |
use random keyblob from the fuzzer instead
| -rw-r--r-- | fuzzer-pubkey.c | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/fuzzer-pubkey.c b/fuzzer-pubkey.c index 3dfe7b5..cb648e4 100644 --- a/fuzzer-pubkey.c +++ b/fuzzer-pubkey.c @@ -20,19 +20,22 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { m_malloc_set_epoch(1); - /* choose a keytype based on input */ - uint8_t b = 0; - size_t i; - for (i = 0; i < Size; i++) { - b ^= Data[i]; - } - const char* algoname = fuzz_signkey_names[b%DROPBEAR_SIGNKEY_NUM_NAMED]; - const char* keyblob = "blob"; /* keep short */ - if (setjmp(fuzz.jmp) == 0) { - fuzz_checkpubkey_line(fuzz.input, 5, "/home/me/authorized_keys", - algoname, strlen(algoname), - (unsigned char*)keyblob, strlen(keyblob)); + buffer *line = buf_getstringbuf(fuzz.input); + buffer *keyblob = buf_getstringbuf(fuzz.input); + + unsigned int algolen; + const char* algoname = buf_getstring(keyblob, &algolen); + + if (have_algo(algo, algolen, sshhostkey) == DROPBEAR_FAILURE) { + dropbear_exit("fuzzer imagined a bogus algorithm"); + } + fuzz_checkpubkey_line(line, 5, "/home/me/authorized_keys", + algoname, algolen, + keyblob->data, keyblob->len); + + buf_free(line); + buf_free(keyblob); m_malloc_free_epoch(1, 0); } else { m_malloc_free_epoch(1, 1); |