diff options
| -rw-r--r-- | dbutil.c | 2 | ||||
| -rw-r--r-- | fuzz-common.c | 1 | ||||
| -rw-r--r-- | fuzz.h | 1 | ||||
| -rw-r--r-- | fuzzer-preauth.c | 4 | ||||
| -rw-r--r-- | svr-session.c | 2 |
5 files changed, 7 insertions, 3 deletions
@@ -122,7 +122,7 @@ static void generic_dropbear_exit(int exitcode, const char* format, #ifdef DROPBEAR_FUZZ // longjmp before cleaning up svr_opts - if (fuzz.fuzzing) { + if (fuzz.do_jmp) { longjmp(fuzz.jmp, 1); } #endif diff --git a/fuzz-common.c b/fuzz-common.c index 2d9044c..5c365d2 100644 --- a/fuzz-common.c +++ b/fuzz-common.c @@ -17,6 +17,7 @@ static void load_fixed_hostkeys(void); void common_setup_fuzzer(void) { fuzz.fuzzing = 1; fuzz.wrapfds = 1; + fuzz.do_jmp = 1; fuzz.input = m_malloc(sizeof(buffer)); _dropbear_log = fuzz_dropbear_log; crypto_init(); @@ -49,6 +49,7 @@ struct dropbear_fuzz_options { int wrapfds; // dropbear_exit() jumps back + int do_jmp; sigjmp_buf jmp; uid_t pw_uid; diff --git a/fuzzer-preauth.c b/fuzzer-preauth.c index 12b7fc2..e65a3bc 100644 --- a/fuzzer-preauth.c +++ b/fuzzer-preauth.c @@ -12,6 +12,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { static int once = 0; if (!once) { setup_fuzzer(); + // XXX temporarily disable setjmp to debug asan segv + fuzz.do_jmp = 0; once = 1; } @@ -40,7 +42,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { wrapfd_add(fakesock, fuzz.input, PLAIN); m_malloc_set_epoch(1); - // temporarily disable setjmp to debug asan segv + // XXX temporarily disable setjmp to debug asan segv svr_session(fakesock, fakesock); #if 0 if (setjmp(fuzz.jmp) == 0) { diff --git a/svr-session.c b/svr-session.c index a1466fe..543a830 100644 --- a/svr-session.c +++ b/svr-session.c @@ -185,7 +185,7 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) { #ifdef DROPBEAR_FUZZ // longjmp before cleaning up svr_opts - if (fuzz.fuzzing) { + if (fuzz.do_jmp) { longjmp(fuzz.jmp, 1); } #endif |