/src/libssh/tests/fuzz/ssh_pubkey_fuzzer.c

Source
/*
 * Copyright 2023 Jakub Jelen <jjelen@redhat.com>
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
#include "config.h"

#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define LIBSSH_STATIC 1
#include "libssh/libssh.h"
#include "libssh/misc.h"

#include "nallocinc.c"

static void _fuzz_finalize(void)
{
    ssh_finalize();
}

int LLVMFuzzerInitialize(int *argc, char ***argv)
{
    (void)argc;

    nalloc_init(*argv[0]);

    ssh_init();

    atexit(_fuzz_finalize);

    return 0;
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
    ssh_key pkey = NULL;
    char *filename = NULL;
    int fd;
    int rc;
    ssize_t sz;

    filename = strdup("/tmp/libssh_pubkey_XXXXXX");
    if (filename == NULL) {
        return -1;
    }
    fd = mkstemp(filename);
    if (fd  == -1) {
        free(filename);
        close(fd);
        return -1;
    }
    sz = ssh_writen(fd, data, size);
    close(fd);
    if (sz == SSH_ERROR) {
        unlink(filename);
        free(filename);
        return -1;
    }

    assert(nalloc_start(data, size) > 0);

    rc = ssh_pki_import_pubkey_file(filename, &pkey);
    if (rc != SSH_OK) {
        goto out;
    }
    ssh_key_free(pkey);

out:
    unlink(filename);
    free(filename);
    nalloc_end();
    return 0;
}


Line	Count	Source
1		/*
2		* Copyright 2023 Jakub Jelen <jjelen@redhat.com>
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*/
16		#include "config.h"
17
18		#include <assert.h>
19		#include <stdio.h>
20		#include <stdlib.h>
21		#include <string.h>
22
23		#define LIBSSH_STATIC 1
24		#include "libssh/libssh.h"
25		#include "libssh/misc.h"
26
27		#include "nallocinc.c"
28
29		static void _fuzz_finalize(void)
30	4	{
31	4	ssh_finalize();
32	4	}
33
34		int LLVMFuzzerInitialize(int argc, char **argv)
35	32	{
36	32	(void)argc;
37
38	32	nalloc_init(*argv[0]);
39
40	32	ssh_init();
41
42	32	atexit(_fuzz_finalize);
43
44	32	return 0;
45	32	}
46
47		int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
48	2.68k	{
49	2.68k	ssh_key pkey = NULL;
50	2.68k	char *filename = NULL;
51	2.68k	int fd;
52	2.68k	int rc;
53	2.68k	ssize_t sz;
54
55	2.68k	filename = strdup("/tmp/libssh_pubkey_XXXXXX");
56	2.68k	if (filename == NULL) {
57	0	return -1;
58	0	}
59	2.68k	fd = mkstemp(filename);
60	2.68k	if (fd == -1) {
61	0	free(filename);
62	0	close(fd);
63	0	return -1;
64	0	}
65	2.68k	sz = ssh_writen(fd, data, size);
66	2.68k	close(fd);
67	2.68k	if (sz == SSH_ERROR) {
68	0	unlink(filename);
69	0	free(filename);
70	0	return -1;
71	0	}
72
73	2.68k	assert(nalloc_start(data, size) > 0);
74
75	2.68k	rc = ssh_pki_import_pubkey_file(filename, &pkey);
76	2.68k	if (rc != SSH_OK) {
77	2.55k	goto out;
78	2.55k	}
79	133	ssh_key_free(pkey);
80
81	2.68k	out:
82	2.68k	unlink(filename);
83	2.68k	free(filename);
84	2.68k	nalloc_end();
85	2.68k	return 0;
86	133	}
87

Coverage Report

Created: 2025-12-14 07:13