/src/dropbear/fuzz/fuzzer-pubkey.c

Source
#include "fuzz.h"
#include "session.h"
#include "fuzz-wrapfd.h"
#include "debug.h"

static void setup_fuzzer(void) {
  fuzz_common_setup();
}

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
  static int once = 0;
  if (!once) {
    setup_fuzzer();
    once = 1;
  }

  if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
    return 0;
  }

  m_malloc_set_epoch(1);

  if (setjmp(fuzz.jmp) == 0) {
    buffer *line = buf_getstringbuf(fuzz.input);
    buffer *keyblob = buf_getstringbuf(fuzz.input);

    unsigned int algolen;
    char* algoname = buf_getstring(keyblob, &algolen);

    if (signature_type_from_name(algoname, algolen) == DROPBEAR_SIGNATURE_NONE) {
      dropbear_exit("fuzzer imagined a bogus algorithm");
    }

    int ret = fuzz_checkpubkey_line(line, 5, "/home/me/authorized_keys",
      algoname, algolen,
      keyblob->data, keyblob->len);

    if (ret == DROPBEAR_SUCCESS) {
      /* fuzz_checkpubkey_line() should have cleaned up for failure */
      svr_pubkey_options_cleanup();
    }

    buf_free(line);
    buf_free(keyblob);
    m_free(algoname);
    m_malloc_free_epoch(1, 0);
  } else {
    m_malloc_free_epoch(1, 1);
    TRACE(("dropbear_exit longjmped"))
    /* dropbear_exit jumped here */
  }

  return 0;
}

Line	Count	Source
1		#include "fuzz.h"
2		#include "session.h"
3		#include "fuzz-wrapfd.h"
4		#include "debug.h"
5
6	1	static void setup_fuzzer(void) {
7	1	fuzz_common_setup();
8	1	}
9
10	2.27k	int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
11	2.27k	static int once = 0;
12	2.27k	if (!once) {
13	1	setup_fuzzer();
14	1	once = 1;
15	1	}
16
17	2.27k	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
18	0	return 0;
19	0	}
20
21	2.27k	m_malloc_set_epoch(1);
22
23	2.27k	if (setjmp(fuzz.jmp) == 0) {
24	2.27k	buffer *line = buf_getstringbuf(fuzz.input);
25	2.27k	buffer *keyblob = buf_getstringbuf(fuzz.input);
26
27	2.27k	unsigned int algolen;
28	2.27k	char* algoname = buf_getstring(keyblob, &algolen);
29
30	2.27k	if (signature_type_from_name(algoname, algolen) == DROPBEAR_SIGNATURE_NONE) {
31	190	dropbear_exit("fuzzer imagined a bogus algorithm");
32	190	}
33
34	2.08k	int ret = fuzz_checkpubkey_line(line, 5, "/home/me/authorized_keys",
35	2.08k	algoname, algolen,
36	2.08k	keyblob->data, keyblob->len);
37
38	2.08k	if (ret == DROPBEAR_SUCCESS) {
39		/* fuzz_checkpubkey_line() should have cleaned up for failure */
40	156	svr_pubkey_options_cleanup();
41	156	}
42
43	2.08k	buf_free(line);
44	2.08k	buf_free(keyblob);
45	2.08k	m_free(algoname);
46	2.08k	m_malloc_free_epoch(1, 0);
47	2.08k	} else {
48	0	m_malloc_free_epoch(1, 1);
49	0	TRACE(("dropbear_exit longjmped"))
50		/* dropbear_exit jumped here */
51	0	}
52
53	2.08k	return 0;
54	2.27k	}

Coverage Report

Created: 2025-11-24 06:34