From 1ba130ac8fb2884307f658126f04578f8aef409e Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Wed, 9 Oct 2019 13:49:35 +1100
Subject: add a fuzzer for private key parsing

---
 regress/misc/fuzz-harness/Makefile        |  6 +++++-
 regress/misc/fuzz-harness/privkey_fuzz.cc | 21 +++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 regress/misc/fuzz-harness/privkey_fuzz.cc

(limited to 'regress/misc')

diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile
index 85179ac4e..e164e8869 100644
--- a/regress/misc/fuzz-harness/Makefile
+++ b/regress/misc/fuzz-harness/Makefile
@@ -7,7 +7,8 @@ CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS)
 LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
 LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS)
 
-TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz sshsigopt_fuzz
+TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz \
+	sshsigopt_fuzz privkey_fuzz
 
 all: $(TARGETS)
 
@@ -29,5 +30,8 @@ sshsig_fuzz: sshsig_fuzz.o
 sshsigopt_fuzz: sshsigopt_fuzz.o
 	$(CXX) -o $@ sshsigopt_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS)
 
+privkey_fuzz: privkey_fuzz.o
+	$(CXX) -o $@ privkey_fuzz.o $(LDFLAGS) $(LIBS)
+
 clean:
 	-rm -f *.o $(TARGETS)
diff --git a/regress/misc/fuzz-harness/privkey_fuzz.cc b/regress/misc/fuzz-harness/privkey_fuzz.cc
new file mode 100644
index 000000000..ff0b0f776
--- /dev/null
+++ b/regress/misc/fuzz-harness/privkey_fuzz.cc
@@ -0,0 +1,21 @@
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+
+extern "C" {
+
+#include "sshkey.h"
+#include "sshbuf.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+	struct sshkey *k = NULL;
+	struct sshbuf *b = sshbuf_from(data, size);
+	int r = sshkey_private_deserialize(b, &k);
+	if (r == 0) sshkey_free(k);
+	sshbuf_free(b);
+	return 0;
+}
+
+} // extern
+
-- 
cgit v1.2.3