add a fuzzer for private key parsing

author: Damien Miller <djm@mindrot.org> 2019-10-09 13:49:35 +1100
committer: Damien Miller <djm@mindrot.org> 2019-10-09 13:49:35 +1100
commit: 1ba130ac8fb2884307f658126f04578f8aef409e (patch)
tree: cc2fb5617da82942610d785629b4882263b8f65e /regress/misc
parent: cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c (diff)
2 files changed, 26 insertions, 1 deletions
diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile
index 85179ac4e..e164e8869 100644
--- a/regress/misc/fuzz-harness/Makefile
+++ b/regress/misc/fuzz-harness/Makefile
@@ -7,7 +7,8 @@ CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS)
 LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
 LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS)
-TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz sshsigopt_fuzz
+TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz \
+        sshsigopt_fuzz privkey_fuzz
 all: $(TARGETS)
@@ -29,5 +30,8 @@ sshsig_fuzz: sshsig_fuzz.o
 sshsigopt_fuzz: sshsigopt_fuzz.o
        $(CXX) -o $@ sshsigopt_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS)
+privkey_fuzz: privkey_fuzz.o
+        $(CXX) -o $@ privkey_fuzz.o $(LDFLAGS) $(LIBS)
 clean:
        -rm -f *.o $(TARGETS)
diff --git a/regress/misc/fuzz-harness/privkey_fuzz.cc b/regress/misc/fuzz-harness/privkey_fuzz.cc
new file mode 100644
index 000000000..ff0b0f776
--- /dev/null
+++ b/regress/misc/fuzz-harness/privkey_fuzz.cc
@@ -0,0 +1,21 @@
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+extern "C" {
+#include "sshkey.h"
+#include "sshbuf.h"
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+        struct sshkey *k = NULL;
+        struct sshbuf *b = sshbuf_from(data, size);
+        int r = sshkey_private_deserialize(b, &k);
+        if (r == 0) sshkey_free(k);
+        sshbuf_free(b);
+        return 0;
+}
+} // extern
author	Damien Miller <djm@mindrot.org>	2019-10-09 13:49:35 +1100
committer	Damien Miller <djm@mindrot.org>	2019-10-09 13:49:35 +1100
commit	1ba130ac8fb2884307f658126f04578f8aef409e (patch)
tree	cc2fb5617da82942610d785629b4882263b8f65e /regress/misc
parent	cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c (diff)

diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile index 85179ac4e..e164e8869 100644 --- a/regress/misc/fuzz-harness/Makefile +++ b/regress/misc/fuzz-harness/Makefile
@@ -7,7 +7,8 @@ CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS)
7	LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)	7	LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
8	LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS)	8	LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS)
9		9
10	TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz sshsigopt_fuzz	10	TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz \
		11	sshsigopt_fuzz privkey_fuzz
11		12
12	all: $(TARGETS)	13	all: $(TARGETS)
13		14
@@ -29,5 +30,8 @@ sshsig_fuzz: sshsig_fuzz.o
29	sshsigopt_fuzz: sshsigopt_fuzz.o	30	sshsigopt_fuzz: sshsigopt_fuzz.o
30	$(CXX) -o $@ sshsigopt_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS)	31	$(CXX) -o $@ sshsigopt_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS)
31		32
		33	privkey_fuzz: privkey_fuzz.o
		34	$(CXX) -o $@ privkey_fuzz.o $(LDFLAGS) $(LIBS)
		35
32	clean:	36	clean:
33	-rm -f *.o $(TARGETS)	37	-rm -f *.o $(TARGETS)


diff --git a/regress/misc/fuzz-harness/privkey_fuzz.cc b/regress/misc/fuzz-harness/privkey_fuzz.cc new file mode 100644 index 000000000..ff0b0f776 --- /dev/null +++ b/regress/misc/fuzz-harness/privkey_fuzz.cc
@@ -0,0 +1,21 @@
		1	#include <stddef.h>
		2	#include <stdio.h>
		3	#include <stdint.h>
		4
		5	extern "C" {
		6
		7	#include "sshkey.h"
		8	#include "sshbuf.h"
		9
		10	int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
		11	{
		12	struct sshkey *k = NULL;
		13	struct sshbuf *b = sshbuf_from(data, size);
		14	int r = sshkey_private_deserialize(b, &k);
		15	if (r == 0) sshkey_free(k);
		16	sshbuf_free(b);
		17	return 0;
		18	}
		19
		20	} // extern
		21