Fuzz introspector: ssh_known_hosts_fuzzer_nalloc
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked Calltree index Parent function Callsite Largest blocked function
18 17 _ssh_log call site: 00017 ssh_vlog
13 236 ssh_buffer_unpack_va call site: 00236 _ssh_log
11 217 ssh_buffer_unpack_va call site: 00217 ssh_buffer_get_ssh_string
8 36 ssh_strict_fopen call site: 00036 _ssh_log
7 370 ssh_key_cmp call site: 00370 ssh_string_cmp
6 121 hmac_init call site: 00121 EVP_sha256
4 261 pki_pubkey_build_rsa call site: 00261 BN_clear_free
3 250 ssh_buffer_unpack_va call site: 00250 strlen
3 317 pki_pubkey_build_ed25519 call site: 00317 _ssh_log
2 12 ssh_strict_fopen call site: 00012 ssh_strerror
2 84 ssh_buffer_new call site: 00084 buffer_shift
2 313 pki_pubkey_build_ed25519 call site: 00313 _ssh_log

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 memchr [call site] 00001
1 getpid [call site] 00002
1 snprintf [call site] 00003
1 fopen [call site] 00004
1 fwrite [call site] 00005
1 fclose [call site] 00006
1 nalloc_start [function] [call site] 00007
2 nalloc_random_update [function] [call site] 00008
1 __assert_fail [call site] 00009
1 ssh_known_hosts_read_entries [function] [call site] 00010
2 ssh_strict_fopen [function] [call site] 00011
3 open [call site] 00012
3 __errno_location [call site] 00013
3 ssh_strerror [function] [call site] 00014
4 __xpg_strerror_r [call site] 00015
3 _ssh_log [function] [call site] 00016
4 ssh_get_log_level [function] [call site] 00017
4 ssh_vlog [function] [call site] 00018
5 vsnprintf [call site] 00019
5 ssh_log_function [function] [call site] 00020
6 ssh_get_log_callback [function] [call site] 00021
6 ssh_log_custom [function] [call site] 00022
7 snprintf [call site] 00023
7 ssh_get_log_userdata [function] [call site] 00024
6 ssh_log_stderr [function] [call site] 00025
7 current_timestring [function] [call site] 00026
8 gettimeofday [call site] 00027
8 localtime_r [call site] 00028
8 strftime [call site] 00029
8 snprintf [call site] 00030
8 strftime [call site] 00031
8 snprintf [call site] 00032
7 fprintf [call site] 00033
7 fprintf [call site] 00034
7 fprintf [call site] 00035
3 fstat [call site] 00036
3 __errno_location [call site] 00037
3 ssh_strerror [function] [call site] 00038
3 _ssh_log [function] [call site] 00039
3 close [call site] 00040
3 _ssh_log [function] [call site] 00041
3 close [call site] 00042
3 _ssh_log [function] [call site] 00043
3 close [call site] 00044
3 fdopen [call site] 00045
3 __errno_location [call site] 00046
3 ssh_strerror [function] [call site] 00047
3 _ssh_log [function] [call site] 00048
3 close [call site] 00049
2 __errno_location [call site] 00050
2 ssh_strerror [function] [call site] 00051
2 _ssh_log [function] [call site] 00052
2 ssh_list_new [function] [call site] 00053
2 fclose [call site] 00054
2 known_hosts_read_line [function] [call site] 00055
3 fgets [call site] 00056
3 strlen [call site] 00057
3 feof [call site] 00058
3 __errno_location [call site] 00059
2 strcspn [call site] 00060
2 __ctype_b_loc [call site] 00061
2 ssh_known_hosts_parse_line [function] [call site] 00062
3 strdup [call site] 00063
3 strtok_r [call site] 00064
3 calloc [function] [call site] 00065
4 nalloc_fail [function] [call site] 00066
5 nalloc_random_update [function] [call site] 00067
5 nalloc_random_update [function] [call site] 00068
5 nalloc_random_update [function] [call site] 00069
5 nalloc_backtrace_exclude [function] [call site] 00070
6 fprintf [call site] 00071
4 __errno_location [call site] 00072
4 __libc_calloc [call site] 00073
3 match_hashed_hostname [function] [call site] 00074
4 strncmp [call site] 00075
4 strdup [call site] 00076
4 strchr [call site] 00077
4 base64_to_bin [function] [call site] 00078
5 strdup [call site] 00079
5 get_equals [function] [call site] 00080
6 strchr [call site] 00081
5 ssh_buffer_new [function] [call site] 00082
6 calloc [function] [call site] 00083
6 ssh_buffer_allocate_size [function] [call site] 00084
7 buffer_shift [function] [call site] 00085
8 explicit_bzero [call site] 00086
7 realloc_buffer [function] [call site] 00087
8 explicit_bzero [call site] 00088
8 realloc [function] [call site] 00089
9 nalloc_fail [function] [call site] 00090
9 __errno_location [call site] 00091
9 __libc_realloc [call site] 00092
5 ssh_buffer_set_secure [function] [call site] 00093
5 strlen [call site] 00094
5 _base64_to_bin [function] [call site] 00095
6 to_block4 [function] [call site] 00096
7 strchr [call site] 00097
7 strchr [call site] 00098
7 strchr [call site] 00099
7 strchr [call site] 00100
5 ssh_buffer_add_data [function] [call site] 00101
6 buffer_shift [function] [call site] 00102
6 realloc_buffer [function] [call site] 00103
5 _base64_to_bin [function] [call site] 00104
5 ssh_buffer_add_data [function] [call site] 00105
5 _base64_to_bin [function] [call site] 00106
5 ssh_buffer_add_data [function] [call site] 00107
5 _base64_to_bin [function] [call site] 00108
5 ssh_buffer_add_data [function] [call site] 00109
5 ssh_buffer_free [function] [call site] 00110
6 explicit_bzero [call site] 00111
6 explicit_bzero [call site] 00112
4 base64_to_bin [function] [call site] 00113
4 ssh_buffer_get [function] [call site] 00114
4 ssh_buffer_get_len [function] [call site] 00115
4 hash_hostname [function] [call site] 00116
5 hmac_init [function] [call site] 00117
6 EVP_MD_CTX_new [call site] 00118
6 EVP_PKEY_new_mac_key [call site] 00119
6 EVP_sha1 [call site] 00120
6 EVP_DigestSignInit [call site] 00121
6 EVP_sha256 [call site] 00122
6 EVP_DigestSignInit [call site] 00123
6 EVP_sha512 [call site] 00124
6 EVP_DigestSignInit [call site] 00125
6 EVP_md5 [call site] 00126
6 EVP_DigestSignInit [call site] 00127
6 EVP_PKEY_free [call site] 00128
6 EVP_MD_CTX_free [call site] 00129
5 strlen [call site] 00130
5 hmac_update [function] [call site] 00131
6 EVP_DigestUpdate [call site] 00132
5 hmac_final [function] [call site] 00133
6 EVP_DigestSignFinal [call site] 00134
6 EVP_MD_CTX_free [call site] 00135
4 ssh_buffer_get_len [function] [call site] 00136
4 ssh_buffer_get [function] [call site] 00137
4 memcmp [call site] 00138
4 ssh_buffer_free [function] [call site] 00139
4 ssh_buffer_free [function] [call site] 00140
3 strtok_r [call site] 00141
3 ssh_hostport [function] [call site] 00142
4 strlen [call site] 00143
4 snprintf [call site] 00144
3 strlen [call site] 00145
3 match_hostname [function] [call site] 00146
4 match_pattern_list [function] [call site] 00147
5 __ctype_b_loc [call site] 00148
5 tolower [call site] 00149
5 match_pattern [function] [call site] 00150
3 strlen [call site] 00151
3 match_hostname [function] [call site] 00152
3 strtok_r [call site] 00153
3 strdup [call site] 00154
3 strdup [call site] 00155
3 strtok_r [call site] 00156
3 strdup [call site] 00157
3 strtok_r [call site] 00158
3 ssh_key_type_from_name [function] [call site] 00159
4 strcmp [call site] 00160
4 strcmp [call site] 00161
4 strcmp [call site] 00162
4 strcmp [call site] 00163
4 strcmp [call site] 00164
4 strcmp [call site] 00165
4 strcmp [call site] 00166
4 strcmp [call site] 00167
4 strcmp [call site] 00168
4 strcmp [call site] 00169
4 strcmp [call site] 00170
4 strcmp [call site] 00171
4 strcmp [call site] 00172
4 strcmp [call site] 00173
4 strcmp [call site] 00174
4 strcmp [call site] 00175
4 strcmp [call site] 00176
3 _ssh_log [function] [call site] 00177
3 strtok_r [call site] 00178
3 ssh_pki_import_pubkey_base64 [function] [call site] 00179
4 base64_to_bin [function] [call site] 00180
4 ssh_buffer_get_ssh_string [function] [call site] 00181
5 ssh_buffer_get_u32 [function] [call site] 00182
6 ssh_buffer_get_data [function] [call site] 00183
7 ssh_buffer_validate_length [function] [call site] 00184
5 ntohl [call site] 00185
5 ssh_buffer_validate_length [function] [call site] 00186
5 ssh_string_new [function] [call site] 00187
6 __errno_location [call site] 00188
6 htonl [call site] 00189
5 ssh_string_data [function] [call site] 00190
5 ssh_buffer_get_data [function] [call site] 00191
4 ssh_buffer_free [function] [call site] 00192
4 ssh_string_free [function] [call site] 00193
4 pki_import_cert_buffer [function] [call site] 00194
5 ssh_buffer_new [function] [call site] 00195
5 ssh_key_type_to_char [function] [call site] 00196
5 ssh_string_from_char [function] [call site] 00197
6 __errno_location [call site] 00198
6 strlen [call site] 00199
6 ssh_string_new [function] [call site] 00200
5 ssh_buffer_add_ssh_string [function] [call site] 00201
6 ssh_string_len [function] [call site] 00202
7 ntohl [call site] 00203
6 ssh_buffer_add_data [function] [call site] 00204
5 ssh_string_free [function] [call site] 00205
5 ssh_buffer_add_buffer [function] [call site] 00206
6 ssh_buffer_get [function] [call site] 00207
6 ssh_buffer_get_len [function] [call site] 00208
6 ssh_buffer_add_data [function] [call site] 00209
5 ssh_buffer_get_ssh_string [function] [call site] 00210
5 ssh_string_free [function] [call site] 00211
5 pki_import_pubkey_buffer [function] [call site] 00212
6 ssh_key_new [function] [call site] 00213
6 ssh_key_type_to_char [function] [call site] 00214
6 _ssh_buffer_unpack [function] [call site] 00215
7 ssh_buffer_unpack_va [function] [call site] 00216
8 ssh_buffer_get_len [function] [call site] 00217
8 ssh_buffer_get_u8 [function] [call site] 00218
9 ssh_buffer_get_data [function] [call site] 00219
8 ssh_buffer_get_data [function] [call site] 00220
8 ntohs [call site] 00221
8 ssh_buffer_get_u32 [function] [call site] 00222
8 ntohl [call site] 00223
8 ssh_buffer_get_u64 [function] [call site] 00224
9 ssh_buffer_get_data [function] [call site] 00225
8 ntohl [call site] 00226
8 ssh_buffer_get_ssh_string [function] [call site] 00227
8 ssh_make_string_bn [function] [call site] 00228
9 ssh_string_len [function] [call site] 00229
9 BN_new [call site] 00230
9 BN_bin2bn [call site] 00231
8 ssh_string_burn [function] [call site] 00232
9 ssh_string_len [function] [call site] 00233
9 explicit_bzero [call site] 00234
8 ssh_string_free [function] [call site] 00235
8 ssh_buffer_get_ssh_string [function] [call site] 00236
8 ssh_buffer_get_u32 [function] [call site] 00237
8 ntohl [call site] 00238
8 ssh_buffer_validate_length [function] [call site] 00239
8 ssh_buffer_get_data [function] [call site] 00240
8 ssh_buffer_validate_length [function] [call site] 00241
8 ssh_buffer_get_data [function] [call site] 00242
8 _ssh_log [function] [call site] 00243
8 abort [call site] 00244
8 explicit_bzero [call site] 00245
8 explicit_bzero [call site] 00246
8 explicit_bzero [call site] 00247
8 explicit_bzero [call site] 00248
8 BN_clear_free [call site] 00249
8 ssh_string_burn [function] [call site] 00250
8 strlen [call site] 00251
8 explicit_bzero [call site] 00252
8 explicit_bzero [call site] 00253
6 _ssh_log [function] [call site] 00254
6 pki_pubkey_build_rsa [function] [call site] 00255
7 RSA_new [call site] 00256
7 ssh_make_string_bn [function] [call site] 00257
7 ssh_make_string_bn [function] [call site] 00258
7 RSA_set0_key [call site] 00259
7 EVP_PKEY_new [call site] 00260
7 EVP_PKEY_assign [call site] 00261
7 BN_clear_free [call site] 00262
7 BN_clear_free [call site] 00263
7 EVP_PKEY_free [call site] 00264
7 RSA_free [call site] 00265
6 ssh_string_burn [function] [call site] 00266
6 ssh_string_free [function] [call site] 00267
6 ssh_string_burn [function] [call site] 00268
6 ssh_string_free [function] [call site] 00269
6 _ssh_log [function] [call site] 00270
6 _ssh_buffer_unpack [function] [call site] 00271
6 _ssh_log [function] [call site] 00272
6 ssh_string_get_char [function] [call site] 00273
7 ssh_string_len [function] [call site] 00274
6 pki_key_ecdsa_nid_from_name [function] [call site] 00275
7 strcmp [call site] 00276
7 strcmp [call site] 00277
7 strcmp [call site] 00278
6 ssh_string_free [function] [call site] 00279
6 ssh_string_burn [function] [call site] 00280
6 ssh_string_free [function] [call site] 00281
6 pki_pubkey_build_ecdsa [function] [call site] 00282
7 EC_KEY_new_by_curve_name [call site] 00283
7 EC_KEY_get0_group [call site] 00284
7 EC_POINT_new [call site] 00285
7 EC_KEY_free [call site] 00286
7 ssh_string_data [function] [call site] 00287
7 ssh_string_len [function] [call site] 00288
7 EC_POINT_oct2point [call site] 00289
7 EC_KEY_free [call site] 00290
7 EC_POINT_free [call site] 00291
7 EC_KEY_set_public_key [call site] 00292
7 EC_POINT_free [call site] 00293
7 EC_KEY_free [call site] 00294
7 EVP_PKEY_new [call site] 00295
7 EC_KEY_free [call site] 00296
7 EVP_PKEY_assign [call site] 00297
7 EC_KEY_free [call site] 00298
6 ssh_string_burn [function] [call site] 00299
6 ssh_string_free [function] [call site] 00300
6 _ssh_log [function] [call site] 00301
6 ssh_buffer_get_ssh_string [function] [call site] 00302
6 _ssh_log [function] [call site] 00303
6 ssh_key_type_to_char [function] [call site] 00304
6 ssh_buffer_get_ssh_string [function] [call site] 00305
6 ssh_string_len [function] [call site] 00306
6 _ssh_log [function] [call site] 00307
6 ssh_string_burn [function] [call site] 00308
6 ssh_string_free [function] [call site] 00309
6 pki_pubkey_build_ed25519 [function] [call site] 00310
7 ssh_string_len [function] [call site] 00311
7 _ssh_log [function] [call site] 00312
7 FIPS_mode [call site] 00313
7 _ssh_log [function] [call site] 00314
7 ssh_string_data [function] [call site] 00315
7 ssh_string_data [function] [call site] 00316
7 EVP_PKEY_new_raw_public_key [call site] 00317
7 ERR_get_error [call site] 00318
7 ERR_error_string [call site] 00319
7 _ssh_log [function] [call site] 00320
6 ssh_string_burn [function] [call site] 00321
6 ssh_string_free [function] [call site] 00322
6 _ssh_log [function] [call site] 00323
6 ssh_buffer_get_ssh_string [function] [call site] 00324
6 _ssh_log [function] [call site] 00325
6 _ssh_log [function] [call site] 00326
6 ssh_key_free [function] [call site] 00327
7 ssh_key_clean [function] [call site] 00328
8 pki_key_clean [function] [call site] 00329
9 EVP_PKEY_free [call site] 00330
8 ssh_buffer_free [function] [call site] 00331
8 ssh_string_burn [function] [call site] 00332
8 ssh_string_free [function] [call site] 00333
8 ssh_string_burn [function] [call site] 00334
8 ssh_string_free [function] [call site] 00335
8 ssh_string_burn [function] [call site] 00336
8 ssh_string_free [function] [call site] 00337
8 ssh_string_burn [function] [call site] 00338
8 ssh_string_free [function] [call site] 00339
5 pki_import_pubkey_buffer [function] [call site] 00340
5 pki_import_pubkey_buffer [function] [call site] 00341
5 pki_import_pubkey_buffer [function] [call site] 00342
5 pki_import_pubkey_buffer [function] [call site] 00343
5 pki_import_pubkey_buffer [function] [call site] 00344
5 pki_import_pubkey_buffer [function] [call site] 00345
5 ssh_key_new [function] [call site] 00346
5 ssh_key_free [function] [call site] 00347
5 ssh_buffer_free [function] [call site] 00348
4 pki_import_pubkey_buffer [function] [call site] 00349
4 ssh_buffer_free [function] [call site] 00350
3 ssh_key_type_to_char [function] [call site] 00351
3 _ssh_log [function] [call site] 00352
3 strtok_r [call site] 00353
3 strstr [call site] 00354
3 strdup [call site] 00355
3 ssh_knownhosts_entry_free [function] [call site] 00356
4 ssh_key_free [function] [call site] 00357
2 ssh_list_get_iterator [function] [call site] 00358
2 ssh_known_hosts_entries_compare [function] [call site] 00359
3 strcmp [call site] 00360
3 ssh_key_cmp [function] [call site] 00361
4 ssh_key_type_plain [function] [call site] 00362
4 _ssh_log [function] [call site] 00363
4 ssh_key_is_private [function] [call site] 00364
4 ssh_key_is_private [function] [call site] 00365
4 ssh_string_cmp [function] [call site] 00366
5 ssh_string_len [function] [call site] 00367
5 ssh_string_len [function] [call site] 00368
5 memcmp [call site] 00369
4 ssh_string_cmp [function] [call site] 00370
4 ssh_string_cmp [function] [call site] 00371
4 ssh_string_cmp [function] [call site] 00372
4 ssh_buffer_get_len [function] [call site] 00373
4 ssh_buffer_get [function] [call site] 00374
4 ssh_buffer_get [function] [call site] 00375
4 ssh_buffer_get_len [function] [call site] 00376
4 memcmp [call site] 00377
4 pki_key_compare [function] [call site] 00378
5 ssh_key_type_plain [function] [call site] 00379
5 EVP_PKEY_get0_EC_KEY [call site] 00380
5 EVP_PKEY_get0_EC_KEY [call site] 00381
5 EC_KEY_get0_public_key [call site] 00382
5 EC_KEY_get0_public_key [call site] 00383
5 EC_KEY_get0_group [call site] 00384
5 EC_KEY_get0_group [call site] 00385
5 EC_GROUP_cmp [call site] 00386
5 EC_POINT_cmp [call site] 00387
5 EC_KEY_get0_private_key [call site] 00388
5 BN_cmp [call site] 00389
5 FIPS_mode [call site] 00390
5 memcmp [call site] 00391
5 EVP_PKEY_cmp [call site] 00392
2 ssh_knownhosts_entry_free [function] [call site] 00393
2 ssh_list_append [function] [call site] 00394
3 ssh_iterator_new [function] [call site] 00395
2 ssh_knownhosts_entry_free [function] [call site] 00396
2 known_hosts_read_line [function] [call site] 00397
2 fclose [call site] 00398
2 fclose [call site] 00399
1 ssh_list_get_iterator [function] [call site] 00400
1 ssh_knownhosts_entry_free [function] [call site] 00401
1 ssh_list_remove [function] [call site] 00402
1 ssh_list_get_iterator [function] [call site] 00403
1 ssh_list_free [function] [call site] 00404
1 ssh_finalize [function] [call site] 00405
2 _ssh_finalize [function] [call site] 00406
3 ssh_mutex_lock [function] [call site] 00407
4 exit [call site] 00408
4 pthread_mutex_lock [call site] 00409
4 exit [call site] 00410
3 ssh_mutex_unlock [function] [call site] 00411
4 exit [call site] 00412
4 pthread_mutex_unlock [call site] 00413
4 exit [call site] 00414
3 ssh_mutex_unlock [function] [call site] 00415
3 ssh_dh_finalize [function] [call site] 00416
4 BN_clear_free [call site] 00417
4 BN_clear_free [call site] 00418
4 BN_clear_free [call site] 00419
4 BN_clear_free [call site] 00420
4 BN_clear_free [call site] 00421
3 ssh_crypto_finalize [function] [call site] 00422
3 ssh_socket_cleanup [function] [call site] 00423
4 ssh_poll_cleanup [function] [call site] 00424
3 ssh_threads_finalize [function] [call site] 00425
4 crypto_thread_finalize [function] [call site] 00426
3 ssh_mutex_unlock [function] [call site] 00427
1 unlink [call site] 00428
1 nalloc_end [function] [call site] 00429