Fuzz introspector: sig_fuzz
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
465 465 2 :

['sshkey_free', 'cert_new']

465 465 sshkey_new call site: 00010 /src/hpn-ssh/sshkey.c:733
225 225 1 :

['sshkey_free']

225 225 sshkey_generate call site: 00007 /src/hpn-ssh/sshkey.c:1521
165 165 1 :

['_getentropy_fail']

169 230 _rs_stir call site: 00000 /src/hpn-ssh/openbsd-compat/arc4random.c:116
165 165 2 :

['sshfatal', 'ERR_get_error']

165 165 _ssh_compat_getentropy call site: 00000 /src/hpn-ssh/openbsd-compat/bsd-getentropy.c:45
158 158 5 :

['do_log', 'match_pattern_list', 'getpid', 'strlcpy', 'strrchr']

158 158 sshlogv call site: 00031 /src/hpn-ssh/log.c:469
73 73 2 :

['abort', 'ssh_err']

73 73 generate_or_die(int,unsignedint) call site: 00000 /src/hpn-ssh/regress/misc/fuzz-harness/sig_fuzz.cc:18
13 13 1 :

['rsa_hash_id_from_keyname']

23 674 ssh_rsa_verify call site: 00000 /src/hpn-ssh/ssh-rsa.c:504
2 2 1 :

['_exit']

2 2 _rs_init call site: 00000 /src/hpn-ssh/openbsd-compat/arc4random.c:102
2 2 1 :

['memset']

2 2 _rs_forkdetect call site: 00000 /src/hpn-ssh/openbsd-compat/./arc4random.h:60
2 2 1 :

['munmap']

2 2 _rs_allocate call site: 00000 /src/hpn-ssh/openbsd-compat/./arc4random.h:73
2 2 1 :

['BN_clear_free']

2 2 sshbuf_get_bignum2 call site: 00000 /src/hpn-ssh/sshbuf-getput-crypto.c:48
0 199 1 :

['sshbuf_free']

0 199 sshbuf_froms call site: 00000 /src/hpn-ssh/sshbuf-getput-basic.c:561

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 __cxa_guard_acquire [call site] 00001
1 generate_or_die(int, unsigned int) [function] [call site] 00002
2 sshkey_generate [function] [call site] 00003
3 sshkey_type_is_cert [function] [call site] 00004
4 sshkey_impl_from_type [function] [call site] 00005
3 sshkey_impl_from_type [function] [call site] 00006
3 sshkey_new [function] [call site] 00007
4 sshkey_impl_from_type [function] [call site] 00008
4 calloc [call site] 00009
4 sshkey_is_cert [function] [call site] 00010
5 sshkey_type_is_cert [function] [call site] 00011
4 cert_new [function] [call site] 00012
5 calloc [call site] 00013
5 sshbuf_new_label [function] [call site] 00014
6 calloc [call site] 00015
6 strncpy [call site] 00016
6 calloc [call site] 00017
5 sshbuf_new_label [function] [call site] 00018
5 sshbuf_new_label [function] [call site] 00019
5 cert_free [function] [call site] 00020
6 sshbuf_free [function] [call site] 00021
7 sshbuf_check_sanity [function] [call site] 00022
8 ssh_signal [function] [call site] 00023
9 memset [call site] 00024
9 sigfillset [call site] 00025
9 sigaction [call site] 00026
9 strsignal [call site] 00027
9 __errno_location [call site] 00028
9 strerror [call site] 00029
9 sshlog [function] [call site] 00030
10 sshlogv [function] [call site] 00031
11 strrchr [call site] 00032
11 getpid [call site] 00033
11 snprintf [call site] 00034
11 match_pattern_list [function] [call site] 00035
12 strlen [call site] 00036
12 __ctype_b_loc [call site] 00037
12 tolower [call site] 00038
12 match_pattern [function] [call site] 00039
13 match_pattern [function] [call site] 00040
14 match_pattern [function] [call site] 00041
11 snprintf [call site] 00042
11 snprintf [call site] 00043
11 strlcpy [function] [call site] 00044
11 do_log [function] [call site] 00045
12 __errno_location [call site] 00046
12 snprintf [call site] 00047
12 vsnprintf [call site] 00048
12 vsnprintf [call site] 00049
12 snprintf [call site] 00050
12 strlcpy [function] [call site] 00051
12 strnvis [function] [call site] 00052
13 __ctype_b_loc [call site] 00053
13 vis [function] [call site] 00054
14 __ctype_b_loc [call site] 00055
14 __ctype_b_loc [call site] 00056
13 vis [function] [call site] 00057
12 snprintf [call site] 00058
12 strlen [call site] 00059
12 write [call site] 00060
12 openlog [call site] 00061
12 syslog [call site] 00062
12 closelog [call site] 00063
12 __errno_location [call site] 00064
8 raise [call site] 00065
7 sshbuf_free [function] [call site] 00066
8 freezero [function] [call site] 00067
9 explicit_bzero [call site] 00068
8 freezero [function] [call site] 00069
6 sshbuf_free [function] [call site] 00070
6 sshbuf_free [function] [call site] 00071
6 sshkey_free [function] [call site] 00072
7 sshkey_free_contents [function] [call site] 00073
8 sshkey_impl_from_type [function] [call site] 00074
8 sshkey_is_cert [function] [call site] 00075
8 cert_free [function] [call site] 00076
9 freezero [function] [call site] 00077
8 freezero [function] [call site] 00078
8 sshkey_prekey_free [function] [call site] 00079
9 munmap [call site] 00080
7 freezero [function] [call site] 00081
4 sshkey_free [function] [call site] 00082
3 sshkey_free [function] [call site] 00083
2 ssh_err [function] [call site] 00084
3 __errno_location [call site] 00085
3 strerror [call site] 00086
2 fprintf [call site] 00087
2 abort [call site] 00088
1 __cxa_guard_release [call site] 00089
1 __cxa_guard_acquire [call site] 00090
1 generate_or_die(int, unsigned int) [function] [call site] 00091
1 __cxa_guard_release [call site] 00092
1 __cxa_guard_acquire [call site] 00093
1 generate_or_die(int, unsigned int) [function] [call site] 00094
1 __cxa_guard_release [call site] 00095
1 __cxa_guard_acquire [call site] 00096
1 generate_or_die(int, unsigned int) [function] [call site] 00097
1 __cxa_guard_release [call site] 00098
1 __cxa_guard_acquire [call site] 00099
1 generate_or_die(int, unsigned int) [function] [call site] 00100
1 __cxa_guard_release [call site] 00101
1 __cxa_guard_acquire [call site] 00102
1 strlen [call site] 00103
1 __cxa_guard_release [call site] 00104
1 sshkey_verify [function] [call site] 00105
2 sshkey_impl_from_key [function] [call site] 00106
3 sshkey_impl_from_type_nid [function] [call site] 00107
1 sshkey_sig_details_free [function] [call site] 00108
2 freezero [function] [call site] 00109
1 sshkey_verify [function] [call site] 00110
1 sshkey_sig_details_free [function] [call site] 00111
1 sshkey_verify [function] [call site] 00112
1 sshkey_sig_details_free [function] [call site] 00113
1 sshkey_verify [function] [call site] 00114
1 sshkey_sig_details_free [function] [call site] 00115
1 sshkey_verify [function] [call site] 00116
1 sshkey_sig_details_free [function] [call site] 00117
1 __cxa_guard_abort [call site] 00118
1 __cxa_guard_abort [call site] 00119
1 __cxa_guard_abort [call site] 00120
1 __cxa_guard_abort [call site] 00121
1 __cxa_guard_abort [call site] 00122