diff options
author | Damien Miller <djm@mindrot.org> | 2019-09-05 15:45:32 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-09-05 15:46:11 +1000 |
commit | ae631ad77daf8fd39723d15a687cd4b1482cbae8 (patch) | |
tree | 0bfae8bf56b0ebab6f4f76f7fab5b82a124a318b | |
parent | 69159afe24120c97e5ebaf81016c85968afb903e (diff) |
fuzzer for sshsig allowed_signers option parsing
-rw-r--r-- | regress/misc/fuzz-harness/Makefile | 9 | ||||
-rw-r--r-- | regress/misc/fuzz-harness/sshsigopt_fuzz.cc | 29 |
2 files changed, 36 insertions, 2 deletions
diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile index 6ab7d7217..744c1f8b2 100644 --- a/regress/misc/fuzz-harness/Makefile +++ b/regress/misc/fuzz-harness/Makefile | |||
@@ -7,7 +7,9 @@ CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS) | |||
7 | LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS) | 7 | LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS) |
8 | LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS) | 8 | LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS) |
9 | 9 | ||
10 | all: pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz | 10 | TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz sshsigopt_fuzz |
11 | |||
12 | all: $(TARGETS) | ||
11 | 13 | ||
12 | .cc.o: | 14 | .cc.o: |
13 | $(CXX) $(CXXFLAGS) -c $< -o $@ | 15 | $(CXX) $(CXXFLAGS) -c $< -o $@ |
@@ -24,5 +26,8 @@ authopt_fuzz: authopt_fuzz.o | |||
24 | sshsig_fuzz: sshsig_fuzz.o | 26 | sshsig_fuzz: sshsig_fuzz.o |
25 | $(CXX) -o $@ sshsig_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS) | 27 | $(CXX) -o $@ sshsig_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS) |
26 | 28 | ||
29 | sshsigopt_fuzz: sshsigopt_fuzz.o | ||
30 | $(CXX) -o $@ sshsigopt_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS) | ||
31 | |||
27 | clean: | 32 | clean: |
28 | -rm -f *.o pubkey_fuzz sig_fuzz authopt_fuzz | 33 | -rm -f *.o $(TARGETS) |
diff --git a/regress/misc/fuzz-harness/sshsigopt_fuzz.cc b/regress/misc/fuzz-harness/sshsigopt_fuzz.cc new file mode 100644 index 000000000..7424fcbe3 --- /dev/null +++ b/regress/misc/fuzz-harness/sshsigopt_fuzz.cc | |||
@@ -0,0 +1,29 @@ | |||
1 | #include <stddef.h> | ||
2 | #include <stdio.h> | ||
3 | #include <stdint.h> | ||
4 | #include <string.h> | ||
5 | #include <stdlib.h> | ||
6 | |||
7 | extern "C" { | ||
8 | |||
9 | #include "sshsig.h" | ||
10 | |||
11 | int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) | ||
12 | { | ||
13 | char *cp = (char *)malloc(size + 1); | ||
14 | struct sshsigopt *opts = NULL; | ||
15 | |||
16 | if (cp == NULL) | ||
17 | goto out; | ||
18 | memcpy(cp, data, size); | ||
19 | cp[size] = '\0'; | ||
20 | if ((opts = sshsigopt_parse(cp, "libfuzzer", 0, NULL)) == NULL) | ||
21 | goto out; | ||
22 | |||
23 | out: | ||
24 | free(cp); | ||
25 | sshsigopt_free(opts); | ||
26 | return 0; | ||
27 | } | ||
28 | |||
29 | } // extern "C" | ||