/src/libssh2/tests/ossfuzz/ssh2_client_fuzzer.cc

Source
/* Copyright (C) The libssh2 project and its contributors.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
#include <assert.h>
#include <errno.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <unistd.h>
#include <libssh2.h>
#include "testinput.h"

#define FUZZ_ASSERT(COND)                                      \
    do {                                                       \
        if(!(COND)) {                                          \
            fprintf(stderr, "Assertion failed: " #COND "\n%s", \
                    strerror(errno));                          \
            goto EXIT_LABEL;                                   \
        }                                                      \
    } while(0)

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
    int socket_fds[2] = { -1, -1 };
    ssize_t written;
    int rc;
    LIBSSH2_SESSION *session = NULL;
    int handshake_completed = 0;

    rc = libssh2_init(0);

    if(rc) {
        fprintf(stderr, "libssh2 initialization failed (%d)\n", rc);
        goto EXIT_LABEL;
    }

    /* Create a socket pair so data can be sent in. */
    rc = socketpair(AF_UNIX, SOCK_STREAM, 0, socket_fds);
    FUZZ_ASSERT(rc == 0);

    written = send(socket_fds[1], data, size, 0);

    if(written != (ssize_t)size) {
        /* Handle whatever error case we're in. */
        fprintf(stderr, "send() of %zu bytes returned %zu (%d)\n",
                size,
                written,
                errno);
        goto EXIT_LABEL;
    }

    rc = shutdown(socket_fds[1], SHUT_WR);
    if(rc) {
        fprintf(stderr, "socket shutdown failed (%d)\n", rc);
        goto EXIT_LABEL;
    }

    /* Create a session and start the handshake using the fuzz data
       passed in. */
    session = libssh2_session_init();
    if(session) {
        libssh2_session_set_blocking(session, 1);
    }
    else {
        goto EXIT_LABEL;
    }

    if(libssh2_session_handshake(session, socket_fds[0])) {
        goto EXIT_LABEL;
    }

    /* If we get here the handshake actually completed. */
    handshake_completed = 1;

EXIT_LABEL:

    if(session) {
        if(handshake_completed) {
            libssh2_session_disconnect(session,
                                       "Normal Shutdown, "
                                       "Thank you for playing");
        }

        libssh2_session_free(session);
    }

    libssh2_exit();

    close(socket_fds[0]);
    close(socket_fds[1]);

    return 0;
}

Line	Count	Source
1		/* Copyright (C) The libssh2 project and its contributors.
2		*
3		* SPDX-License-Identifier: BSD-3-Clause
4		*/
5		#include <assert.h>
6		#include <errno.h>
7		#include <stdbool.h>
8		#include <stdio.h>
9		#include <stdlib.h>
10		#include <string.h>
11		#include <sys/socket.h>
12		#include <unistd.h>
13		#include <libssh2.h>
14		#include "testinput.h"
15
16		#define FUZZ_ASSERT(COND) \
17	152	do { \
18	152	if(!(COND)) { \
19	0	fprintf(stderr, "Assertion failed: " #COND "\n%s", \
20	0	strerror(errno)); \
21	0	goto EXIT_LABEL; \
22	0	} \
23	152	} while(0)
24
25		extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
26	152	{
27	152	int socket_fds[2] = { -1, -1 };
28	152	ssize_t written;
29	152	int rc;
30	152	LIBSSH2_SESSION *session = NULL;
31	152	int handshake_completed = 0;
32
33	152	rc = libssh2_init(0);
34
35	152	if(rc) {
36	0	fprintf(stderr, "libssh2 initialization failed (%d)\n", rc);
37	0	goto EXIT_LABEL;
38	0	}
39
40		/* Create a socket pair so data can be sent in. */
41	152	rc = socketpair(AF_UNIX, SOCK_STREAM, 0, socket_fds);
42	152	FUZZ_ASSERT(rc == 0);
43
44	152	written = send(socket_fds[1], data, size, 0);
45
46	152	if(written != (ssize_t)size) {
47		/* Handle whatever error case we're in. */
48	11	fprintf(stderr, "send() of %zu bytes returned %zu (%d)\n",
49	11	size,
50	11	written,
51	11	errno);
52	11	goto EXIT_LABEL;
53	11	}
54
55	141	rc = shutdown(socket_fds[1], SHUT_WR);
56	141	if(rc) {
57	0	fprintf(stderr, "socket shutdown failed (%d)\n", rc);
58	0	goto EXIT_LABEL;
59	0	}
60
61		/* Create a session and start the handshake using the fuzz data
62		passed in. */
63	141	session = libssh2_session_init();
64	141	if(session) {
65	141	libssh2_session_set_blocking(session, 1);
66	141	}
67	0	else {
68	0	goto EXIT_LABEL;
69	0	}
70
71	141	if(libssh2_session_handshake(session, socket_fds[0])) {
72	141	goto EXIT_LABEL;
73	141	}
74
75		/* If we get here the handshake actually completed. */
76	0	handshake_completed = 1;
77
78	152	EXIT_LABEL:
79
80	152	if(session) {
81	141	if(handshake_completed) {
82	0	libssh2_session_disconnect(session,
83	0	"Normal Shutdown, "
84	0	"Thank you for playing");
85	0	}
86
87	141	libssh2_session_free(session);
88	141	}
89
90	152	libssh2_exit();
91
92	152	close(socket_fds[0]);
93	152	close(socket_fds[1]);
94
95	152	return 0;
96	0	}

Coverage Report

Created: 2026-05-30 07:03