/src/libssh/tests/fuzz/ssh_sshsig_fuzzer.c

Source
/*
 * Copyright 2025 Jakub Jelen <jjelen@redhat.com>
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define LIBSSH_STATIC 1
#include "libssh/libssh.h"

#include "nallocinc.c"

static void _fuzz_finalize(void)
{
    ssh_finalize();
}

int LLVMFuzzerInitialize(int *argc, char ***argv)
{
    (void)argc;

    nalloc_init(*argv[0]);

    ssh_init();

    atexit(_fuzz_finalize);

    return 0;
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
    ssh_key pkey = NULL;
    const char input[] = "badc0de";
    const char namespace[] = "namespace";
    char *signature = NULL;
    int rc;

    assert(nalloc_start(data, size) > 0);

    signature = (char *)malloc(size + 1);
    if (signature == NULL) {
        goto out;
    }
    strncpy(signature, (const char *)data, size);
    signature[size] = '\0';

    rc = sshsig_verify(input, sizeof(input), signature, namespace, &pkey);
    free(signature);
    if (rc != SSH_OK) {
        goto out;
    }
    ssh_key_free(pkey);

out:
    nalloc_end();
    return 0;
}

Line	Count	Source
1		/*
2		* Copyright 2025 Jakub Jelen <jjelen@redhat.com>
3		*
4		* Licensed under the Apache License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.apache.org/licenses/LICENSE-2.0
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*/
16
17		#include <assert.h>
18		#include <stdio.h>
19		#include <stdlib.h>
20		#include <string.h>
21
22		#define LIBSSH_STATIC 1
23		#include "libssh/libssh.h"
24
25		#include "nallocinc.c"
26
27		static void _fuzz_finalize(void)
28	4	{
29	4	ssh_finalize();
30	4	}
31
32		int LLVMFuzzerInitialize(int argc, char **argv)
33	36	{
34	36	(void)argc;
35
36	36	nalloc_init(*argv[0]);
37
38	36	ssh_init();
39
40	36	atexit(_fuzz_finalize);
41
42	36	return 0;
43	36	}
44
45		int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
46	2.10k	{
47	2.10k	ssh_key pkey = NULL;
48	2.10k	const char input[] = "badc0de";
49	2.10k	const char namespace[] = "namespace";
50	2.10k	char *signature = NULL;
51	2.10k	int rc;
52
53	2.10k	assert(nalloc_start(data, size) > 0);
54
55	2.10k	signature = (char *)malloc(size + 1);
56	2.10k	if (signature == NULL) {
57	182	goto out;
58	182	}
59	1.92k	strncpy(signature, (const char *)data, size);
60	1.92k	signature[size] = '\0';
61
62	1.92k	rc = sshsig_verify(input, sizeof(input), signature, namespace, &pkey);
63	1.92k	free(signature);
64	1.92k	if (rc != SSH_OK) {
65	1.92k	goto out;
66	1.92k	}
67	0	ssh_key_free(pkey);
68
69	2.10k	out:
70	2.10k	nalloc_end();
71	2.10k	return 0;
72	0	}

Coverage Report

Created: 2026-02-26 06:25