Coverage Report

Created: 2024-09-03 06:03

/src/hpn-ssh/regress/misc/fuzz-harness/agent_fuzz_helper.c
Line
Count
Source (jump to first uncovered line)
1
#include "fixed-keys.h"
2
#include <assert.h>
3
4
#define main(ac, av) xxxmain(ac, av)
5
#include "../../../ssh-agent.c"
6
7
void test_one(const uint8_t* s, size_t slen);
8
9
static int
10
devnull_or_die(void)
11
1
{
12
1
  int fd;
13
14
1
  if ((fd = open("/dev/null", O_RDWR)) == -1) {
15
0
    error_f("open /dev/null: %s", strerror(errno));
16
0
    abort();
17
0
  }
18
1
  return fd;
19
1
}
20
21
static struct sshkey *
22
pubkey_or_die(const char *s)
23
6.48k
{
24
6.48k
  char *tmp, *cp;
25
6.48k
  struct sshkey *pubkey;
26
6.48k
  int r;
27
28
6.48k
  tmp = cp = xstrdup(s);
29
6.48k
  if ((pubkey = sshkey_new(KEY_UNSPEC)) == NULL)
30
0
    abort();
31
6.48k
  if ((r = sshkey_read(pubkey, &cp)) != 0) {
32
0
    error_fr(r, "parse");
33
0
    abort();
34
0
  }
35
6.48k
  free(tmp);
36
6.48k
  return pubkey;
37
6.48k
}
38
39
static struct sshkey *
40
privkey_or_die(const char *s)
41
12.9k
{
42
12.9k
  int r;
43
12.9k
  struct sshbuf *b;
44
12.9k
  struct sshkey *privkey;
45
46
12.9k
  if ((b = sshbuf_from(s, strlen(s))) == NULL) {
47
0
    error_f("sshbuf_from failed");
48
0
    abort();
49
0
  }
50
12.9k
  if ((r = sshkey_parse_private_fileblob(b, "", &privkey, NULL)) != 0) {
51
0
    error_fr(r, "parse");
52
0
    abort();
53
0
  }
54
12.9k
  sshbuf_free(b);
55
12.9k
  return privkey;
56
12.9k
}
57
58
static void
59
add_key(const char *privkey, const char *certpath)
60
6.48k
{
61
6.48k
  Identity *id;
62
6.48k
  int r;
63
6.48k
  struct sshkey *cert;
64
65
6.48k
  id = xcalloc(1, sizeof(Identity));
66
6.48k
  TAILQ_INSERT_TAIL(&idtab->idlist, id, next);
67
6.48k
  idtab->nentries++;
68
6.48k
  id->key = privkey_or_die(privkey);
69
6.48k
  id->comment = xstrdup("rhododaktulos Eos");
70
6.48k
  if (sshkey_is_sk(id->key))
71
2.16k
    id->sk_provider = xstrdup("internal");
72
73
  /* Now the cert too */
74
6.48k
  id = xcalloc(1, sizeof(Identity));
75
6.48k
  TAILQ_INSERT_TAIL(&idtab->idlist, id, next);
76
6.48k
  idtab->nentries++;
77
6.48k
  id->key = privkey_or_die(privkey);
78
6.48k
  cert = pubkey_or_die(certpath);
79
6.48k
  if ((r = sshkey_to_certified(id->key)) != 0) {
80
0
    error_fr(r, "sshkey_to_certified");
81
0
    abort();
82
0
  }
83
6.48k
  if ((r = sshkey_cert_copy(cert, id->key)) != 0) {
84
0
    error_fr(r, "sshkey_cert_copy");
85
0
    abort();
86
0
  }
87
6.48k
  sshkey_free(cert);
88
6.48k
  id->comment = xstrdup("outis");
89
6.48k
  if (sshkey_is_sk(id->key))
90
2.16k
    id->sk_provider = xstrdup("internal");
91
6.48k
}
92
93
static void
94
cleanup_idtab(void)
95
2.16k
{
96
2.16k
  Identity *id;
97
98
2.16k
  if (idtab == NULL) return;
99
14.0k
  for (id = TAILQ_FIRST(&idtab->idlist); id;
100
12.9k
      id = TAILQ_FIRST(&idtab->idlist)) {
101
12.9k
    TAILQ_REMOVE(&idtab->idlist, id, next);
102
12.9k
    free_identity(id);
103
12.9k
  }
104
1.08k
  free(idtab);
105
1.08k
  idtab = NULL;
106
1.08k
}
107
108
static void
109
reset_idtab(void)
110
1.08k
{
111
1.08k
  cleanup_idtab();
112
1.08k
  idtab_init();
113
  // Load keys.
114
1.08k
  add_key(PRIV_RSA, CERT_RSA);
115
1.08k
  add_key(PRIV_DSA, CERT_DSA);
116
1.08k
  add_key(PRIV_ECDSA, CERT_ECDSA);
117
1.08k
  add_key(PRIV_ED25519, CERT_ED25519);
118
1.08k
  add_key(PRIV_ECDSA_SK, CERT_ECDSA_SK);
119
1.08k
  add_key(PRIV_ED25519_SK, CERT_ED25519_SK);
120
1.08k
}
121
122
static void
123
cleanup_sockettab(void)
124
2.16k
{
125
2.16k
  u_int i;
126
12.9k
  for (i = 0; i < sockets_alloc; i++) {
127
10.8k
    if (sockets[i].type != AUTH_UNUSED)
128
1.08k
      close_socket(sockets + i);
129
10.8k
  }
130
2.16k
  free(sockets);
131
2.16k
  sockets = NULL;
132
2.16k
  sockets_alloc = 0;
133
2.16k
}
134
135
static void
136
reset_sockettab(int devnull)
137
1.08k
{
138
1.08k
  int fd;
139
140
1.08k
  cleanup_sockettab();
141
1.08k
  if ((fd = dup(devnull)) == -1) {
142
0
    error_f("dup: %s", strerror(errno));
143
0
    abort();
144
0
  }
145
1.08k
  new_socket(AUTH_CONNECTION, fd);
146
1.08k
  assert(sockets[0].type == AUTH_CONNECTION);
147
1.08k
  assert(sockets[0].fd == fd);
148
1.08k
}
149
150
55.3k
#define MAX_MESSAGES 256
151
void
152
test_one(const uint8_t* s, size_t slen)
153
1.08k
{
154
1.08k
  static int devnull = -1;
155
1.08k
  size_t i, olen, nlen;
156
157
1.08k
  if (devnull == -1) {
158
1
    log_init(__progname, SYSLOG_LEVEL_DEBUG3,
159
1
        SYSLOG_FACILITY_AUTH, 1);
160
1
    devnull = devnull_or_die();
161
1
    allowed_providers = xstrdup("");
162
1
    setenv("DISPLAY", "", 1); /* ban askpass */
163
1
  }
164
165
1.08k
  reset_idtab();
166
1.08k
  reset_sockettab(devnull);
167
1.08k
  (void)sshbuf_put(sockets[0].input, s, slen);
168
55.3k
  for (i = 0; i < MAX_MESSAGES; i++) {
169
55.2k
    olen = sshbuf_len(sockets[0].input);
170
55.2k
    process_message(0);
171
55.2k
    nlen = sshbuf_len(sockets[0].input);
172
55.2k
    if (nlen == 0 || nlen == olen)
173
1.05k
      break;
174
55.2k
  }
175
1.08k
  cleanup_idtab();
176
1.08k
  cleanup_sockettab();
177
1.08k
}
178
179
int
180
pkcs11_make_cert(const struct sshkey *priv,
181
    const struct sshkey *certpub, struct sshkey **certprivp)
182
0
{
183
0
  return -1; /* XXX */
184
0
}