fix uninitialised memory in fuzzer codepath

author: Matt Johnston <matt@ucc.asn.au> 2018-03-06 22:02:19 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2018-03-06 22:02:19 +0800
commit: 4fd3160179620e26e90b38ec9b093aa893cd0911 (patch)
tree: 20d3b3405d77501606ee0cd201314e9e64887376 /packet.c
parent: a60725740b65be8679afe612f7fec2639ed0eab7 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/packet.c b/packet.c
index 90470ee..cacc06d 100644
--- a/packet.c
+++ b/packet.c
@@ -364,9 +364,11 @@ static int checkmac() {
 
 #if DROPBEAR_FUZZ
 	if (fuzz.fuzzing) {
-		/* fail 1 in 2000 times to test error path.
-		   note that mac_bytes is all zero prior to kex, so don't test ==0 ! */
-		unsigned int value = *((unsigned int*)&mac_bytes);
+	 	/* fail 1 in 2000 times to test error path. */
+		unsigned int value = 0;
+		if (mac_size > sizeof(value)) {
+			memcpy(&value, mac_bytes, sizeof(value));
+		}
 		if (value % 2000 == 99) {
 			return DROPBEAR_FAILURE;
 		}
author	Matt Johnston <matt@ucc.asn.au>	2018-03-06 22:02:19 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2018-03-06 22:02:19 +0800
commit	4fd3160179620e26e90b38ec9b093aa893cd0911 (patch)
tree	20d3b3405d77501606ee0cd201314e9e64887376 /packet.c
parent	a60725740b65be8679afe612f7fec2639ed0eab7 (diff)