Fuzz introspector: eap-mschapv2-peer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
70 70 2 :

['wpabuf_put_be24', 'wpabuf_put_be32']

70 70 eap_msg_alloc call site: 00118 /src/hostap/tests/fuzzing/eap-mschapv2-peer/../../../src/eap_common/eap_common.c:146
54 104 2 :

['generate_nt_response_pwhash', 'generate_authenticator_response_pwhash']

54 291 mschapv2_derive_response call site: 00154 /src/hostap/tests/fuzzing/eap-mschapv2-peer/../../../src/eap_peer/mschapv2.c:63
13 13 2 :

['__ctype_b_loc', 'wpa_debug_print_timestamp']

13 13 _wpa_hexdump_ascii call site: 00079 /src/hostap/tests/fuzzing/asn1/../../../src/utils/wpa_debug.c:423
11 11 1 :

['wpa_debug_print_timestamp']

11 11 _wpa_hexdump call site: 00141 /src/hostap/tests/fuzzing/asn1/../../../src/utils/wpa_debug.c:281
4 16 2 :

['eap_mschapv2_deinit', 'os_memdup']

4 16 eap_mschapv2_init call site: 00021 /src/hostap/tests/fuzzing/eap-mschapv2-peer/../../../src/eap_peer/eap_mschapv2.c:126
2 2 1 :

['atoi']

2 2 wpa_fuzzer_set_debug_level call site: 00002 /src/hostap/tests/fuzzing/asn1/../fuzzer-common.c:23
0 4 1 :

['wpabuf_free']

0 4 eap_mschapv2_challenge_reply call site: 00136 /src/hostap/tests/fuzzing/eap-mschapv2-peer/../../../src/eap_peer/eap_mschapv2.c:211
0 2 1 :

['eap_sm_request_identity']

0 2 eap_mschapv2_check_config call site: 00031 /src/hostap/tests/fuzzing/eap-mschapv2-peer/../../../src/eap_peer/eap_mschapv2.c:718
0 2 1 :

['eap_sm_request_password']

0 2 eap_mschapv2_check_config call site: 00035 /src/hostap/tests/fuzzing/eap-mschapv2-peer/../../../src/eap_peer/eap_mschapv2.c:724
0 0 None 8 32 eap_mschapv2_init call site: 00010 /src/hostap/tests/fuzzing/eap-mschapv2-peer/../../../src/eap_peer/eap_mschapv2.c:117
0 0 None 0 206 eap_mschapv2_challenge_reply call site: 00131 /src/hostap/tests/fuzzing/eap-mschapv2-peer/../../../src/eap_peer/eap_mschapv2.c:196
0 0 None 0 206 eap_mschapv2_challenge_reply call site: 00134 /src/hostap/tests/fuzzing/eap-mschapv2-peer/../../../src/eap_peer/eap_mschapv2.c:206

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 wpa_fuzzer_set_debug_level [function] [call site] 00001
2 getenv [call site] 00002
2 atoi [call site] 00003
1 eap_peer_mschapv2_register [function] [call site] 00004
2 eap_peer_method_alloc [function] [call site] 00005
3 os_zalloc [function] [call site] 00006
4 calloc [call site] 00007
2 eap_mschapv2_init [function] [call site] 00008
3 os_zalloc [function] [call site] 00009
3 wpa_printf [function] [call site] 00010
4 wpa_debug_print_timestamp [function] [call site] 00011
5 os_get_time [function] [call site] 00012
6 gettimeofday [call site] 00013
5 fprintf [call site] 00014
5 printf [call site] 00015
4 vfprintf [call site] 00016
4 fprintf [call site] 00017
4 vprintf [call site] 00018
4 printf [call site] 00019
3 os_memdup [function] [call site] 00020
3 eap_mschapv2_deinit [function] [call site] 00021
4 wpabuf_free [function] [call site] 00022
4 bin_clear_free [function] [call site] 00023
5 forced_memzero [function] [call site] 00024
3 os_memdup [function] [call site] 00025
3 eap_mschapv2_deinit [function] [call site] 00026
2 eap_mschapv2_deinit [function] [call site] 00027
2 eap_mschapv2_process [function] [call site] 00028
3 eap_get_config [function] [call site] 00029
3 eap_mschapv2_check_config [function] [call site] 00030
4 eap_get_config_identity [function] [call site] 00031
5 strlen [call site] 00032
4 wpa_printf [function] [call site] 00033
4 eap_sm_request_identity [function] [call site] 00034
4 eap_get_config_password [function] [call site] 00035
5 eap_get_config [function] [call site] 00036
4 wpa_printf [function] [call site] 00037
4 eap_sm_request_password [function] [call site] 00038
3 wpa_printf [function] [call site] 00039
3 eap_hdr_validate [function] [call site] 00040
4 eap_hdr_len_valid [function] [call site] 00041
5 wpabuf_head [function] [call site] 00042
5 wpabuf_len [function] [call site] 00043
5 wpa_printf [function] [call site] 00044
5 __bswap_16 [function] [call site] 00045
5 wpabuf_len [function] [call site] 00046
5 wpa_printf [function] [call site] 00047
4 wpabuf_head [function] [call site] 00048
4 __bswap_16 [function] [call site] 00049
4 wpa_printf [function] [call site] 00050
4 WPA_GET_BE24 [function] [call site] 00051
4 WPA_GET_BE32 [function] [call site] 00052
4 wpa_printf [function] [call site] 00053
4 wpa_printf [function] [call site] 00054
3 eap_mschapv2_check_mslen [function] [call site] 00055
4 WPA_GET_BE16 [function] [call site] 00056
4 wpa_printf [function] [call site] 00057
4 wpa_printf [function] [call site] 00058
3 eap_get_id [function] [call site] 00059
4 wpabuf_len [function] [call site] 00060
4 wpabuf_head [function] [call site] 00061
3 wpa_printf [function] [call site] 00062
3 eap_mschapv2_copy_challenge [function] [call site] 00063
4 wpabuf_free [function] [call site] 00064
4 wpabuf_dup [function] [call site] 00065
5 wpabuf_len [function] [call site] 00066
5 wpabuf_alloc [function] [call site] 00067
6 os_zalloc [function] [call site] 00068
5 wpabuf_head [function] [call site] 00069
3 eap_mschapv2_challenge [function] [call site] 00070
4 eap_get_config_identity [function] [call site] 00071
4 eap_get_config_password [function] [call site] 00072
4 wpa_printf [function] [call site] 00073
4 wpa_printf [function] [call site] 00074
4 wpa_printf [function] [call site] 00075
4 wpa_printf [function] [call site] 00076
4 wpa_printf [function] [call site] 00077
4 wpa_hexdump_ascii [function] [call site] 00078
5 _wpa_hexdump_ascii [function] [call site] 00079
6 wpa_debug_print_timestamp [function] [call site] 00080
6 fprintf [call site] 00081
6 fprintf [call site] 00082
6 fprintf [call site] 00083
6 fprintf [call site] 00084
6 fprintf [call site] 00085
6 fprintf [call site] 00086
6 fprintf [call site] 00087
6 __ctype_b_loc [call site] 00088
6 fprintf [call site] 00089
6 fprintf [call site] 00090
6 fprintf [call site] 00091
6 fprintf [call site] 00092
6 printf [call site] 00093
6 printf [call site] 00094
6 printf [call site] 00095
6 printf [call site] 00096
6 printf [call site] 00097
6 printf [call site] 00098
6 printf [call site] 00099
6 __ctype_b_loc [call site] 00100
6 printf [call site] 00101
6 printf [call site] 00102
6 printf [call site] 00103
6 printf [call site] 00104
4 eap_mschapv2_challenge_reply [function] [call site] 00105
5 wpa_printf [function] [call site] 00106
5 eap_get_config_identity [function] [call site] 00107
5 eap_get_config_password2 [function] [call site] 00108
6 eap_get_config [function] [call site] 00109
5 eap_msg_alloc [function] [call site] 00110
6 wpabuf_alloc [function] [call site] 00111
6 wpabuf_put [function] [call site] 00112
7 wpabuf_mhead_u8 [function] [call site] 00113
8 wpabuf_mhead [function] [call site] 00114
7 wpabuf_overflow [function] [call site] 00115
8 wpa_printf [function] [call site] 00116
8 abort [call site] 00117
6 __bswap_16 [function] [call site] 00118
6 wpabuf_put_u8 [function] [call site] 00119
7 wpabuf_put [function] [call site] 00120
6 wpabuf_put_u8 [function] [call site] 00121
6 wpabuf_put_be24 [function] [call site] 00122
7 wpabuf_put [function] [call site] 00123
7 WPA_PUT_BE24 [function] [call site] 00124
6 wpabuf_put_be32 [function] [call site] 00125
7 wpabuf_put [function] [call site] 00126
7 WPA_PUT_BE32 [function] [call site] 00127
5 wpabuf_put [function] [call site] 00128
5 WPA_PUT_BE16 [function] [call site] 00129
5 wpabuf_put_u8 [function] [call site] 00130
5 wpabuf_put [function] [call site] 00131
5 wpa_printf [function] [call site] 00132
5 os_get_random [function] [call site] 00133
5 wpabuf_free [function] [call site] 00134
5 wpa_printf [function] [call site] 00135
5 mschapv2_derive_response [function] [call site] 00136
6 wpa_hexdump_ascii [function] [call site] 00137
6 mschapv2_remove_domain [function] [call site] 00138
6 wpa_hexdump_ascii [function] [call site] 00139
6 wpa_hexdump [function] [call site] 00140
7 _wpa_hexdump [function] [call site] 00141
8 wpa_debug_print_timestamp [function] [call site] 00142
8 fprintf [call site] 00143
8 fprintf [call site] 00144
8 fprintf [call site] 00145
8 fprintf [call site] 00146
8 fprintf [call site] 00147
8 printf [call site] 00148
8 printf [call site] 00149
8 printf [call site] 00150
8 printf [call site] 00151
8 printf [call site] 00152
6 wpa_hexdump [function] [call site] 00153
6 wpa_hexdump_ascii [function] [call site] 00154
6 wpa_hexdump_key [function] [call site] 00155
7 _wpa_hexdump [function] [call site] 00156
6 generate_nt_response_pwhash [function] [call site] 00157
7 challenge_hash [function] [call site] 00158
8 sha1_vector [function] [call site] 00159
9 SHA1Init [function] [call site] 00160
9 SHA1Update [function] [call site] 00161
10 SHA1Transform [function] [call site] 00162
11 forced_memzero [function] [call site] 00163
10 SHA1Transform [function] [call site] 00164
9 SHA1Final [function] [call site] 00165
10 SHA1Update [function] [call site] 00166
10 SHA1Update [function] [call site] 00167
10 SHA1Update [function] [call site] 00168
10 forced_memzero [function] [call site] 00169
7 challenge_response [function] [call site] 00170
8 des_encrypt [function] [call site] 00171
9 deskey [function] [call site] 00172
10 cookey [function] [call site] 00173
9 WPA_GET_BE32 [function] [call site] 00174
9 WPA_GET_BE32 [function] [call site] 00175
9 desfunc [function] [call site] 00176
9 WPA_PUT_BE32 [function] [call site] 00177
9 WPA_PUT_BE32 [function] [call site] 00178
8 des_encrypt [function] [call site] 00179
8 des_encrypt [function] [call site] 00180
6 generate_authenticator_response_pwhash [function] [call site] 00181
7 hash_nt_password_hash [function] [call site] 00182
8 md4_vector [function] [call site] 00183
9 MD4Init [function] [call site] 00184
9 MD4Update [function] [call site] 00185
10 MD4Transform [function] [call site] 00186
10 MD4Transform [function] [call site] 00187
9 MD4Final [function] [call site] 00188
10 MD4Pad [function] [call site] 00189
11 MD4Update [function] [call site] 00190
11 MD4Update [function] [call site] 00191
7 challenge_hash [function] [call site] 00192
7 sha1_vector [function] [call site] 00193
6 wpa_hexdump_ascii_key [function] [call site] 00194
7 _wpa_hexdump_ascii [function] [call site] 00195
6 generate_nt_response [function] [call site] 00196
7 challenge_hash [function] [call site] 00197
7 nt_password_hash [function] [call site] 00198
8 utf8_to_ucs2 [function] [call site] 00199
9 WPA_PUT_LE16 [function] [call site] 00200
9 WPA_PUT_LE16 [function] [call site] 00201
9 WPA_PUT_LE16 [function] [call site] 00202
8 md4_vector [function] [call site] 00203
7 challenge_response [function] [call site] 00204
6 generate_authenticator_response [function] [call site] 00205
7 nt_password_hash [function] [call site] 00206
7 generate_authenticator_response_pwhash [function] [call site] 00207
6 wpa_hexdump [function] [call site] 00208
6 wpa_hexdump [function] [call site] 00209
6 hash_nt_password_hash [function] [call site] 00210
6 nt_password_hash [function] [call site] 00211
6 hash_nt_password_hash [function] [call site] 00212
6 get_master_key [function] [call site] 00213
7 sha1_vector [function] [call site] 00214
6 wpa_hexdump_key [function] [call site] 00215
5 wpa_printf [function] [call site] 00216
5 wpabuf_free [function] [call site] 00217
5 wpabuf_put_data [function] [call site] 00218
6 wpabuf_put [function] [call site] 00219
5 wpa_printf [function] [call site] 00220
3 eap_mschapv2_success [function] [call site] 00221
4 wpa_printf [function] [call site] 00222
4 mschapv2_verify_auth_response [function] [call site] 00223
5 hexstr2bin [function] [call site] 00224
6 hex2byte [function] [call site] 00225
7 hex2num [function] [call site] 00226
7 hex2num [function] [call site] 00227
5 os_memcmp_const [function] [call site] 00228
4 wpa_printf [function] [call site] 00229
4 wpa_hexdump_ascii [function] [call site] 00230
4 wpa_printf [function] [call site] 00231
4 eap_msg_alloc [function] [call site] 00232
4 wpa_printf [function] [call site] 00233
4 wpabuf_put_u8 [function] [call site] 00234
4 eap_mschapv2_password_changed [function] [call site] 00235
5 eap_get_config [function] [call site] 00236
5 wpa_msg [function] [call site] 00237
6 vsnprintf [call site] 00238
6 wpa_printf [function] [call site] 00239
6 snprintf [call site] 00240
6 os_snprintf_error [function] [call site] 00241
6 vsnprintf [call site] 00242
6 wpa_printf [function] [call site] 00243
6 bin_clear_free [function] [call site] 00244
5 bin_clear_free [function] [call site] 00245
5 nt_password_hash [function] [call site] 00246
5 bin_clear_free [function] [call site] 00247
5 bin_clear_free [function] [call site] 00248
3 eap_mschapv2_failure [function] [call site] 00249
4 wpa_printf [function] [call site] 00250
4 wpa_hexdump_ascii [function] [call site] 00251
4 dup_binstr [function] [call site] 00252
4 eap_mschapv2_failure_txt [function] [call site] 00253
5 eap_get_config [function] [call site] 00254
5 strncmp [call site] 00255
5 atoi [call site] 00256
5 wpa_printf [function] [call site] 00257
5 strchr [call site] 00258
5 strncmp [call site] 00259
5 atoi [call site] 00260
5 wpa_printf [function] [call site] 00261
5 strchr [call site] 00262
5 strncmp [call site] 00263
5 strchr [call site] 00264
5 hexstr2bin [function] [call site] 00265
5 wpa_printf [function] [call site] 00266
5 wpa_hexdump [function] [call site] 00267
5 wpa_printf [function] [call site] 00268
5 strchr [call site] 00269
5 wpa_printf [function] [call site] 00270
5 atoi [call site] 00271
5 wpa_printf [function] [call site] 00272
5 strchr [call site] 00273
5 strncmp [call site] 00274
5 strstr [call site] 00275
5 wpa_printf [function] [call site] 00276
5 wpa_msg [function] [call site] 00277
5 wpa_msg [function] [call site] 00278
5 eap_sm_request_new_password [function] [call site] 00279
5 eap_sm_request_identity [function] [call site] 00280
5 eap_sm_request_password [function] [call site] 00281
4 eap_get_config [function] [call site] 00282
4 eap_mschapv2_change_password [function] [call site] 00283
5 eap_get_config_identity [function] [call site] 00284
5 eap_get_config_password2 [function] [call site] 00285
5 eap_get_config_new_password [function] [call site] 00286
5 mschapv2_remove_domain [function] [call site] 00287
5 eap_msg_alloc [function] [call site] 00288
5 wpabuf_put [function] [call site] 00289
5 WPA_PUT_BE16 [function] [call site] 00290
5 wpabuf_put [function] [call site] 00291
5 encrypt_pw_block_with_password_hash [function] [call site] 00292
6 utf8_to_ucs2 [function] [call site] 00293
6 os_get_random [function] [call site] 00294
6 WPA_PUT_LE16 [function] [call site] 00295
6 rc4_skip [function] [call site] 00296
5 new_password_encrypted_with_old_nt_password_hash [function] [call site] 00297
6 nt_password_hash [function] [call site] 00298
6 encrypt_pw_block_with_password_hash [function] [call site] 00299
5 nt_password_hash [function] [call site] 00300
5 nt_password_hash_encrypted_with_block [function] [call site] 00301
6 des_encrypt [function] [call site] 00302
6 des_encrypt [function] [call site] 00303
5 old_nt_password_hash_encrypted_with_new_nt_password_hash [function] [call site] 00304
6 nt_password_hash [function] [call site] 00305
6 nt_password_hash [function] [call site] 00306
6 nt_password_hash_encrypted_with_block [function] [call site] 00307
5 os_get_random [function] [call site] 00308
5 wpa_hexdump [function] [call site] 00309
5 wpa_hexdump [function] [call site] 00310
5 wpa_hexdump_ascii [function] [call site] 00311
5 wpa_hexdump_ascii_key [function] [call site] 00312
5 generate_nt_response [function] [call site] 00313
5 wpa_hexdump [function] [call site] 00314
5 generate_authenticator_response [function] [call site] 00315
5 nt_password_hash [function] [call site] 00316
5 hash_nt_password_hash [function] [call site] 00317
5 get_master_key [function] [call site] 00318
5 wpa_printf [function] [call site] 00319
5 wpabuf_free [function] [call site] 00320
4 eap_msg_alloc [function] [call site] 00321
4 wpabuf_put_u8 [function] [call site] 00322
3 wpa_printf [function] [call site] 00323
2 eap_mschapv2_isKeyAvailable [function] [call site] 00324
2 eap_mschapv2_getKey [function] [call site] 00325
3 get_asymetric_start_key [function] [call site] 00326
4 sha1_vector [function] [call site] 00327
3 get_asymetric_start_key [function] [call site] 00328
3 wpa_hexdump_key [function] [call site] 00329
2 eap_peer_method_register [function] [call site] 00330
1 os_zalloc [function] [call site] 00331
1 WPA_GET_BE16 [function] [call site] 00332
1 wpabuf_alloc_copy [function] [call site] 00333
2 wpabuf_alloc [function] [call site] 00334
2 wpabuf_put_data [function] [call site] 00335
1 wpa_hexdump_buf [function] [call site] 00336
2 wpabuf_head [function] [call site] 00337
2 wpabuf_len [function] [call site] 00338
2 wpa_hexdump [function] [call site] 00339
1 wpa_hexdump_buf [function] [call site] 00340
1 wpabuf_free [function] [call site] 00341
1 wpabuf_free [function] [call site] 00342