/src/hpn-ssh/regress/misc/fuzz-harness/agent_fuzz_helper.c
Line | Count | Source (jump to first uncovered line) |
1 | | #include "fixed-keys.h" |
2 | | #include <assert.h> |
3 | | |
4 | | #define main(ac, av) xxxmain(ac, av) |
5 | | #include "../../../ssh-agent.c" |
6 | | |
7 | | void test_one(const uint8_t* s, size_t slen); |
8 | | |
9 | | static int |
10 | | devnull_or_die(void) |
11 | 1 | { |
12 | 1 | int fd; |
13 | | |
14 | 1 | if ((fd = open("/dev/null", O_RDWR)) == -1) { |
15 | 0 | error_f("open /dev/null: %s", strerror(errno)); |
16 | 0 | abort(); |
17 | 0 | } |
18 | 1 | return fd; |
19 | 1 | } |
20 | | |
21 | | static struct sshkey * |
22 | | pubkey_or_die(const char *s) |
23 | 6.02k | { |
24 | 6.02k | char *tmp, *cp; |
25 | 6.02k | struct sshkey *pubkey; |
26 | 6.02k | int r; |
27 | | |
28 | 6.02k | tmp = cp = xstrdup(s); |
29 | 6.02k | if ((pubkey = sshkey_new(KEY_UNSPEC)) == NULL) |
30 | 0 | abort(); |
31 | 6.02k | if ((r = sshkey_read(pubkey, &cp)) != 0) { |
32 | 0 | error_fr(r, "parse"); |
33 | 0 | abort(); |
34 | 0 | } |
35 | 6.02k | free(tmp); |
36 | 6.02k | return pubkey; |
37 | 6.02k | } |
38 | | |
39 | | static struct sshkey * |
40 | | privkey_or_die(const char *s) |
41 | 12.0k | { |
42 | 12.0k | int r; |
43 | 12.0k | struct sshbuf *b; |
44 | 12.0k | struct sshkey *privkey; |
45 | | |
46 | 12.0k | if ((b = sshbuf_from(s, strlen(s))) == NULL) { |
47 | 0 | error_f("sshbuf_from failed"); |
48 | 0 | abort(); |
49 | 0 | } |
50 | 12.0k | if ((r = sshkey_parse_private_fileblob(b, "", &privkey, NULL)) != 0) { |
51 | 0 | error_fr(r, "parse"); |
52 | 0 | abort(); |
53 | 0 | } |
54 | 12.0k | sshbuf_free(b); |
55 | 12.0k | return privkey; |
56 | 12.0k | } |
57 | | |
58 | | static void |
59 | | add_key(const char *privkey, const char *certpath) |
60 | 6.02k | { |
61 | 6.02k | Identity *id; |
62 | 6.02k | int r; |
63 | 6.02k | struct sshkey *cert; |
64 | | |
65 | 6.02k | id = xcalloc(1, sizeof(Identity)); |
66 | 6.02k | TAILQ_INSERT_TAIL(&idtab->idlist, id, next); |
67 | 6.02k | idtab->nentries++; |
68 | 6.02k | id->key = privkey_or_die(privkey); |
69 | 6.02k | id->comment = xstrdup("rhododaktulos Eos"); |
70 | 6.02k | if (sshkey_is_sk(id->key)) |
71 | 2.40k | id->sk_provider = xstrdup("internal"); |
72 | | |
73 | | /* Now the cert too */ |
74 | 6.02k | id = xcalloc(1, sizeof(Identity)); |
75 | 6.02k | TAILQ_INSERT_TAIL(&idtab->idlist, id, next); |
76 | 6.02k | idtab->nentries++; |
77 | 6.02k | id->key = privkey_or_die(privkey); |
78 | 6.02k | cert = pubkey_or_die(certpath); |
79 | 6.02k | if ((r = sshkey_to_certified(id->key)) != 0) { |
80 | 0 | error_fr(r, "sshkey_to_certified"); |
81 | 0 | abort(); |
82 | 0 | } |
83 | 6.02k | if ((r = sshkey_cert_copy(cert, id->key)) != 0) { |
84 | 0 | error_fr(r, "sshkey_cert_copy"); |
85 | 0 | abort(); |
86 | 0 | } |
87 | 6.02k | sshkey_free(cert); |
88 | 6.02k | id->comment = xstrdup("outis"); |
89 | 6.02k | if (sshkey_is_sk(id->key)) |
90 | 2.40k | id->sk_provider = xstrdup("internal"); |
91 | 6.02k | } |
92 | | |
93 | | static void |
94 | | cleanup_idtab(void) |
95 | 2.40k | { |
96 | 2.40k | Identity *id; |
97 | | |
98 | 2.40k | if (idtab == NULL) return; |
99 | 13.2k | for (id = TAILQ_FIRST(&idtab->idlist); id; |
100 | 12.0k | id = TAILQ_FIRST(&idtab->idlist)) { |
101 | 12.0k | TAILQ_REMOVE(&idtab->idlist, id, next); |
102 | 12.0k | free_identity(id); |
103 | 12.0k | } |
104 | 1.20k | free(idtab); |
105 | 1.20k | idtab = NULL; |
106 | 1.20k | } |
107 | | |
108 | | static void |
109 | | reset_idtab(void) |
110 | 1.20k | { |
111 | 1.20k | cleanup_idtab(); |
112 | 1.20k | idtab_init(); |
113 | | // Load keys. |
114 | 1.20k | add_key(PRIV_RSA, CERT_RSA); |
115 | 1.20k | add_key(PRIV_ECDSA, CERT_ECDSA); |
116 | 1.20k | add_key(PRIV_ED25519, CERT_ED25519); |
117 | 1.20k | add_key(PRIV_ECDSA_SK, CERT_ECDSA_SK); |
118 | 1.20k | add_key(PRIV_ED25519_SK, CERT_ED25519_SK); |
119 | 1.20k | } |
120 | | |
121 | | static void |
122 | | cleanup_sockettab(void) |
123 | 2.40k | { |
124 | 2.40k | u_int i; |
125 | 14.4k | for (i = 0; i < sockets_alloc; i++) { |
126 | 12.0k | if (sockets[i].type != AUTH_UNUSED) |
127 | 1.20k | close_socket(sockets + i); |
128 | 12.0k | } |
129 | 2.40k | free(sockets); |
130 | 2.40k | sockets = NULL; |
131 | 2.40k | sockets_alloc = 0; |
132 | 2.40k | } |
133 | | |
134 | | static void |
135 | | reset_sockettab(int devnull) |
136 | 1.20k | { |
137 | 1.20k | int fd; |
138 | | |
139 | 1.20k | cleanup_sockettab(); |
140 | 1.20k | if ((fd = dup(devnull)) == -1) { |
141 | 0 | error_f("dup: %s", strerror(errno)); |
142 | 0 | abort(); |
143 | 0 | } |
144 | 1.20k | new_socket(AUTH_CONNECTION, fd); |
145 | 1.20k | assert(sockets[0].type == AUTH_CONNECTION); |
146 | 1.20k | assert(sockets[0].fd == fd); |
147 | 1.20k | } |
148 | | |
149 | 59.5k | #define MAX_MESSAGES 256 |
150 | | void |
151 | | test_one(const uint8_t* s, size_t slen) |
152 | 1.20k | { |
153 | 1.20k | static int devnull = -1; |
154 | 1.20k | size_t i, olen, nlen; |
155 | | |
156 | 1.20k | if (devnull == -1) { |
157 | 1 | log_init(__progname, SYSLOG_LEVEL_DEBUG3, |
158 | 1 | SYSLOG_FACILITY_AUTH, 1); |
159 | 1 | devnull = devnull_or_die(); |
160 | 1 | allowed_providers = xstrdup(""); |
161 | 1 | websafe_allowlist = xstrdup("*"); |
162 | 1 | setenv("DISPLAY", "", 1); /* ban askpass */ |
163 | 1 | } |
164 | | |
165 | 1.20k | reset_idtab(); |
166 | 1.20k | reset_sockettab(devnull); |
167 | 1.20k | (void)sshbuf_put(sockets[0].input, s, slen); |
168 | 59.5k | for (i = 0; i < MAX_MESSAGES; i++) { |
169 | 59.5k | olen = sshbuf_len(sockets[0].input); |
170 | 59.5k | process_message(0); |
171 | 59.5k | nlen = sshbuf_len(sockets[0].input); |
172 | 59.5k | if (nlen == 0 || nlen == olen) |
173 | 1.17k | break; |
174 | 59.5k | } |
175 | 1.20k | cleanup_idtab(); |
176 | 1.20k | cleanup_sockettab(); |
177 | 1.20k | } |
178 | | |
179 | | int |
180 | | pkcs11_make_cert(const struct sshkey *priv, |
181 | | const struct sshkey *certpub, struct sshkey **certprivp) |
182 | 0 | { |
183 | 0 | return -1; /* XXX */ |
184 | 0 | } |