From 6bc5a24ac867bfdc3ed615589d69ac640f51674b Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 14 Sep 2018 15:16:34 +1000
Subject: fuzzer harness for authorized_keys option parsing

---
 regress/misc/fuzz-harness/Makefile     |   7 +++++--
 regress/misc/fuzz-harness/authopt_fuzz | Bin 0 -> 2386648 bytes
 2 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100755 regress/misc/fuzz-harness/authopt_fuzz

(limited to 'regress/misc/fuzz-harness')

diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile
index 8fbfc20c6..a2aa4441f 100644
--- a/regress/misc/fuzz-harness/Makefile
+++ b/regress/misc/fuzz-harness/Makefile
@@ -7,7 +7,7 @@ CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS)
 LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
 LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS)
 
-all: pubkey_fuzz sig_fuzz
+all: pubkey_fuzz sig_fuzz authopt_fuzz
 
 .cc.o:
 	$(CXX) $(CXXFLAGS) -c $< -o $@
@@ -18,5 +18,8 @@ pubkey_fuzz: pubkey_fuzz.o
 sig_fuzz: sig_fuzz.o
 	$(CXX) -o $@ sig_fuzz.o $(LDFLAGS) $(LIBS)
 
+authopt_fuzz: authopt_fuzz.o
+	$(CXX) -o $@ authopt_fuzz.o ../../../auth-options.o $(LDFLAGS) $(LIBS)
+
 clean:
-	-rm -f *.o pubkey_fuzz sig_fuzz
+	-rm -f *.o pubkey_fuzz sig_fuzz authopt_fuzz
diff --git a/regress/misc/fuzz-harness/authopt_fuzz b/regress/misc/fuzz-harness/authopt_fuzz
new file mode 100755
index 000000000..6c04faca1
Binary files /dev/null and b/regress/misc/fuzz-harness/authopt_fuzz differ
-- 
cgit v1.2.3


From 9201784b4a257c8345fbd740bcbdd70054885707 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sat, 15 Sep 2018 19:35:40 +1000
Subject: remove accidentally checked-in authopt_fuzz binary

---
 regress/misc/fuzz-harness/authopt_fuzz | Bin 2386648 -> 0 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100755 regress/misc/fuzz-harness/authopt_fuzz

(limited to 'regress/misc/fuzz-harness')

diff --git a/regress/misc/fuzz-harness/authopt_fuzz b/regress/misc/fuzz-harness/authopt_fuzz
deleted file mode 100755
index 6c04faca1..000000000
Binary files a/regress/misc/fuzz-harness/authopt_fuzz and /dev/null differ
-- 
cgit v1.2.3


From 4488ae1a6940af704c4dbf70f55bf2f756a16536 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sat, 15 Sep 2018 19:36:55 +1000
Subject: really add source for authopt_fuzz this time

---
 regress/misc/fuzz-harness/authopt_fuzz.cc | 33 +++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 regress/misc/fuzz-harness/authopt_fuzz.cc

(limited to 'regress/misc/fuzz-harness')

diff --git a/regress/misc/fuzz-harness/authopt_fuzz.cc b/regress/misc/fuzz-harness/authopt_fuzz.cc
new file mode 100644
index 000000000..a76d5a3f1
--- /dev/null
+++ b/regress/misc/fuzz-harness/authopt_fuzz.cc
@@ -0,0 +1,33 @@
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+
+extern "C" {
+
+#include "auth-options.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+	char *cp = (char *)malloc(size + 1);
+	struct sshauthopt *opts = NULL, *merge = NULL, *add = sshauthopt_new();
+
+	if (cp == NULL || add == NULL)
+		goto out;
+	memcpy(cp, data, size);
+	cp[size] = '\0';
+	if ((opts = sshauthopt_parse(cp, NULL)) == NULL)
+		goto out;
+	if ((merge = sshauthopt_merge(opts, add, NULL)) == NULL)
+		goto out;
+
+ out:
+	free(cp);
+	sshauthopt_free(add);
+	sshauthopt_free(opts);
+	sshauthopt_free(merge);
+	return 0;
+}
+
+} // extern "C"
-- 
cgit v1.2.3