Fuzz introspector: eap-aka-peer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
492 849 9 :

['wpa_hexdump', 'eap_aka_prime_derive_keys_reauth', 'eap_aka_response_reauth', 'eap_sim_derive_keys_reauth', 'eap_aka_clear_identities', 'eap_sim_parse_encr', 'free', 'eap_aka_state', 'eap_aka_learn_ids']

492 1242 eap_aka_process_reauthentication call site: 00000 /src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:1366
203 271 4 :

['eap_sim_msg_add_encr_start', 'eap_sim_msg_add_encr_end', 'eap_sim_msg_add', 'eap_sim_msg_free']

203 412 eap_aka_response_notification call site: 00000 /src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:867
109 109 2 :

['eap_aka_ext_sim_result', 'eap_aka_ext_sim_req']

109 109 eap_aka_umts_auth call site: 00000 /src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:292
103 103 1 :

['eap_aka_process_notification_reauth']

103 103 eap_aka_process_notification_auth call site: 00000 /src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:1282
18 18 2 :

['wpa_debug_print_timestamp', '__ctype_b_loc']

18 18 _wpa_hexdump_ascii call site: 00000 /src/hostap/src/utils/wpa_debug.c:423
14 14 1 :

['wpa_debug_print_timestamp']

14 14 _wpa_hexdump call site: 00035 /src/hostap/src/utils/wpa_debug.c:281
2 2 1 :

['eap_aka_prime_derive_keys']

2 574 eap_aka_process_challenge call site: 00000 /src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:1179
2 2 1 :

['eap_sm_request_identity']

2 2 eap_aka_process call site: 00000 /src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:1477
2 2 1 :

['eap_sim_verify_mac_sha256']

2 2 eap_aka_verify_mac call site: 00000 /src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:951
2 2 1 :

['atoi']

2 2 wpa_fuzzer_set_debug_level call site: 00002 /src/hostap/tests/fuzzing/sae/../fuzzer-common.c:23
0 135 2 :

['wpabuf_free', 'eap_aka_client_error']

0 135 eap_aka_process_identity call site: 00000 /src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:932
0 75 1 :

['eap_sim_msg_add_mac']

0 141 eap_aka_response_notification call site: 00000 /src/hostap/tests/fuzzing/eap-aka-peer/../../../src/eap_peer/eap_aka.c:883

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 wpa_fuzzer_set_debug_level [function] [call site] 00001
2 getenv [call site] 00002
2 atoi [call site] 00003
1 eap_peer_aka_register [function] [call site] 00004
2 eap_peer_method_alloc [function] [call site] 00005
3 os_zalloc [function] [call site] 00006
4 calloc [call site] 00007
2 eap_peer_method_register [function] [call site] 00008
1 os_zalloc [function] [call site] 00009
1 WPA_GET_BE16 [function] [call site] 00010
1 wpabuf_alloc_copy [function] [call site] 00011
2 wpabuf_alloc [function] [call site] 00012
3 os_zalloc [function] [call site] 00013
2 wpabuf_put_data [function] [call site] 00014
3 wpabuf_put [function] [call site] 00015
4 wpabuf_mhead_u8 [function] [call site] 00016
5 wpabuf_mhead [function] [call site] 00017
4 wpabuf_len [function] [call site] 00018
4 wpabuf_overflow [function] [call site] 00019
5 wpa_printf [function] [call site] 00020
6 wpa_debug_print_timestamp [function] [call site] 00021
7 os_get_time [function] [call site] 00022
8 gettimeofday [call site] 00023
7 fprintf [call site] 00024
7 printf [call site] 00025
6 vfprintf [call site] 00026
6 fprintf [call site] 00027
6 vprintf [call site] 00028
6 printf [call site] 00029
5 abort [call site] 00030
1 wpa_hexdump_buf [function] [call site] 00031
2 wpabuf_head [function] [call site] 00032
2 wpabuf_len [function] [call site] 00033
2 wpa_hexdump [function] [call site] 00034
3 _wpa_hexdump [function] [call site] 00035
4 wpa_debug_print_timestamp [function] [call site] 00036
4 fprintf [call site] 00037
4 fprintf [call site] 00038
4 fprintf [call site] 00039
4 fprintf [call site] 00040
4 fprintf [call site] 00041
4 printf [call site] 00042
4 printf [call site] 00043
4 printf [call site] 00044
4 printf [call site] 00045
4 printf [call site] 00046
1 wpa_hexdump_buf [function] [call site] 00047
1 wpabuf_free [function] [call site] 00048
1 wpabuf_free [function] [call site] 00049