diff options
| -rw-r--r-- | fuzzer-preauth.c | 38 |
1 files changed, 21 insertions, 17 deletions
diff --git a/fuzzer-preauth.c b/fuzzer-preauth.c index 7f31471..12b7fc2 100644 --- a/fuzzer-preauth.c +++ b/fuzzer-preauth.c @@ -19,35 +19,39 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { return 0; } - // get prefix. input format is - // string prefix - // uint32 wrapfd seed - // ... to be extended later - // [bytes] ssh input stream - - // be careful to avoid triggering buffer.c assertions - if (fuzz.input->len < 8) { - return 0; - } - size_t prefix_size = buf_getint(fuzz.input); - if (prefix_size != 4) { - return 0; - } - uint32_t wrapseed = buf_getint(fuzz.input); - wrapfd_setseed(wrapseed); + // get prefix. input format is + // string prefix + // uint32 wrapfd seed + // ... to be extended later + // [bytes] ssh input stream + + // be careful to avoid triggering buffer.c assertions + if (fuzz.input->len < 8) { + return 0; + } + size_t prefix_size = buf_getint(fuzz.input); + if (prefix_size != 4) { + return 0; + } + uint32_t wrapseed = buf_getint(fuzz.input); + wrapfd_setseed(wrapseed); int fakesock = 20; wrapfd_add(fakesock, fuzz.input, PLAIN); m_malloc_set_epoch(1); + // temporarily disable setjmp to debug asan segv + svr_session(fakesock, fakesock); + #if 0 if (setjmp(fuzz.jmp) == 0) { svr_session(fakesock, fakesock); - m_malloc_free_epoch(1, 0); + m_malloc_free_epoch(1, 0); } else { m_malloc_free_epoch(1, 1); TRACE(("dropbear_exit longjmped")) // dropbear_exit jumped here } + #endif return 0; } |