summaryrefslogtreecommitdiff
path: root/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
diff options
context:
space:
mode:
Diffstat (limited to 'regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c')
-rw-r--r--regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c120
1 files changed, 120 insertions, 0 deletions
diff --git a/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
new file mode 100644
index 000000000..a382ee154
--- /dev/null
+++ b/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
@@ -0,0 +1,120 @@
1/* $OpenBSD: test_sshbuf_getput_fuzz.c,v 1.2 2014/05/02 02:54:00 djm Exp $ */
2/*
3 * Regress test for sshbuf.h buffer API
4 *
5 * Placed in the public domain
6 */
7
8#include <sys/types.h>
9#include <sys/param.h>
10#include <stdio.h>
11#include <stdint.h>
12#include <stdlib.h>
13#include <string.h>
14
15#include <openssl/bn.h>
16#include <openssl/ec.h>
17#include <openssl/objects.h>
18
19#include "test_helper.h"
20#include "ssherr.h"
21#include "sshbuf.h"
22
23void sshbuf_getput_fuzz_tests(void);
24
25static void
26attempt_parse_blob(u_char *blob, size_t len)
27{
28 struct sshbuf *p1;
29 BIGNUM *bn;
30 EC_KEY *eck;
31 u_char *s;
32 size_t l;
33 u_int8_t u8;
34 u_int16_t u16;
35 u_int32_t u32;
36 u_int64_t u64;
37
38 p1 = sshbuf_new();
39 ASSERT_PTR_NE(p1, NULL);
40 ASSERT_INT_EQ(sshbuf_put(p1, blob, len), 0);
41 sshbuf_get_u8(p1, &u8);
42 sshbuf_get_u16(p1, &u16);
43 sshbuf_get_u32(p1, &u32);
44 sshbuf_get_u64(p1, &u64);
45 if (sshbuf_get_string(p1, &s, &l) == 0) {
46 bzero(s, l);
47 free(s);
48 }
49 bn = BN_new();
50 sshbuf_get_bignum1(p1, bn);
51 BN_clear_free(bn);
52 bn = BN_new();
53 sshbuf_get_bignum2(p1, bn);
54 BN_clear_free(bn);
55 eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
56 ASSERT_PTR_NE(eck, NULL);
57 sshbuf_get_eckey(p1, eck);
58 EC_KEY_free(eck);
59 sshbuf_free(p1);
60}
61
62
63static void
64onerror(void *fuzz)
65{
66 fprintf(stderr, "Failed during fuzz:\n");
67 fuzz_dump((struct fuzz *)fuzz);
68}
69
70void
71sshbuf_getput_fuzz_tests(void)
72{
73 u_char blob[] = {
74 /* u8 */
75 0xd0,
76 /* u16 */
77 0xc0, 0xde,
78 /* u32 */
79 0xfa, 0xce, 0xde, 0xad,
80 /* u64 */
81 0xfe, 0xed, 0xac, 0x1d, 0x1f, 0x1c, 0xbe, 0xef,
82 /* string */
83 0x00, 0x00, 0x00, 0x09,
84 'O', ' ', 'G', 'o', 'r', 'g', 'o', 'n', '!',
85 /* bignum1 */
86 0x79,
87 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
88 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
89 /* bignum2 */
90 0x00, 0x00, 0x00, 0x14,
91 0x00,
92 0xf0, 0xe0, 0xd0, 0xc0, 0xb0, 0xa0, 0x90, 0x80,
93 0x70, 0x60, 0x50, 0x40, 0x30, 0x20, 0x10, 0x00,
94 0x7f, 0xff, 0x11,
95 /* EC point (NIST-256 curve) */
96 0x00, 0x00, 0x00, 0x41,
97 0x04,
98 0x0c, 0x82, 0x80, 0x04, 0x83, 0x9d, 0x01, 0x06,
99 0xaa, 0x59, 0x57, 0x52, 0x16, 0x19, 0x13, 0x57,
100 0x34, 0xb4, 0x51, 0x45, 0x9d, 0xad, 0xb5, 0x86,
101 0x67, 0x7e, 0xf9, 0xdf, 0x55, 0x78, 0x49, 0x99,
102 0x4d, 0x19, 0x6b, 0x50, 0xf0, 0xb4, 0xe9, 0x4b,
103 0x3c, 0x73, 0xe3, 0xa9, 0xd4, 0xcd, 0x9d, 0xf2,
104 0xc8, 0xf9, 0xa3, 0x5e, 0x42, 0xbd, 0xd0, 0x47,
105 0x55, 0x0f, 0x69, 0xd8, 0x0e, 0xc2, 0x3c, 0xd4,
106 };
107 struct fuzz *fuzz;
108
109 TEST_START("fuzz blob parsing");
110 fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | FUZZ_2_BIT_FLIP |
111 FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP |
112 FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, blob, sizeof(blob));
113 TEST_ONERROR(onerror, fuzz);
114 for(; !fuzz_done(fuzz); fuzz_next(fuzz))
115 attempt_parse_blob(blob, sizeof(blob));
116 fuzz_cleanup(fuzz);
117 TEST_DONE();
118 TEST_ONERROR(NULL, NULL);
119}
120