The followings are the branches where fuzzer fails to bypass.
| Unique non-covered Complexity | Unique Reachable Complexities | Unique Reachable Functions | All non-covered Complexity | All Reachable Complexity | Function Name | Function Callsite | Blocked Branch |
|---|---|---|---|---|---|---|---|
| 95 | 95 |
8 :
['strnvis', 'strlcpy', '__errno_location', 'syslog', 'openlog', 'strlen', 'write', 'closelog'] |
95 | 95 | do_log | call site: 00029 | /src/openssh/log.c:351 |
| 82 | 240 |
4 :
['xmss_sign_open', 'malloc', 'sshlog', 'sshkey_xmss_params'] |
82 | 451 | ssh_xmss_verify | call site: 00000 | /src/openssh/ssh-xmss.c:312 |
| 13 | 13 |
1 :
['rsa_hash_id_from_keyname'] |
21 | 697 | ssh_rsa_verify | call site: 00000 | /src/openssh/ssh-rsa.c:508 |
| 7 | 7 |
1 :
['strlcpy'] |
7 | 118 | sshlogv | call site: 00025 | /src/openssh/log.c:484 |
| 2 | 2 |
1 :
['BN_clear_free'] |
2 | 2 | sshbuf_get_bignum2 | call site: 00000 | /src/openssh/sshbuf-getput-crypto.c:48 |
| 0 | 705 |
1 :
['sshbuf_put_u8'] |
0 | 710 | sshbuf_dtob64 | call site: 00000 | /src/openssh/sshbuf-misc.c:111 |
| 0 | 220 |
1 :
['cert_free'] |
0 | 220 | cert_new | call site: 00093 | /src/openssh/sshkey.c:587 |
| 0 | 218 |
1 :
['sshkey_free'] |
0 | 218 | sshkey_new | call site: 00091 | /src/openssh/sshkey.c:622 |
| 0 | 205 |
1 :
['ssh_digest_buffer'] |
0 | 607 | webauthn_check_prepare_hash | call site: 00000 | /src/openssh/ssh-ecdsa-sk.c:217 |
| 0 | 201 |
1 :
['sshbuf_free'] |
0 | 201 | sshbuf_froms | call site: 00066 | /src/openssh/sshbuf-getput-basic.c:561 |
| 0 | 201 |
1 :
['sshbuf_free'] |
0 | 201 | sshbuf_fromb | call site: 00080 | /src/openssh/sshbuf.c:151 |
| 0 | 5 |
1 :
['freezero'] |
0 | 206 | ssh_xmss_verify | call site: 00000 | /src/openssh/ssh-xmss.c:342 |
LLVMFuzzerTestOneInput
[function]
[call site]
00000
sshbuf_from
[function]
[call site]
00001
calloc
[call site]
00002
sshkey_private_deserialize
[function]
[call site]
00003
sshbuf_get_cstring
[function]
[call site]
00004
sshbuf_peek_string_direct
[function]
[call site]
00005
sshbuf_ptr
[function]
[call site]
00006
sshbuf_check_sanity
[function]
[call site]
00007
ssh_signal
[function]
[call site]
00008
memset
[call site]
00009
sigfillset
[call site]
00010
sigaction
[call site]
00011
strsignal
[call site]
00012
sshlog
[function]
[call site]
00013
sshlogv
[function]
[call site]
00014
strrchr
[call site]
00015
getpid
[call site]
00016
snprintf
[call site]
00017
match_pattern_list
[function]
[call site]
00018
strlen
[call site]
00019
__ctype_b_loc
[call site]
00020
tolower
[call site]
00021
match_pattern
[function]
[call site]
00022
match_pattern
[function]
[call site]
00023
match_pattern
[function]
[call site]
00024
snprintf
[call site]
00025
snprintf
[call site]
00026
strlcpy
[function]
[call site]
00027
do_log
[function]
[call site]
00028
__errno_location
[call site]
00029
snprintf
[call site]
00030
vsnprintf
[call site]
00031
vsnprintf
[call site]
00032
snprintf
[call site]
00033
strlcpy
[function]
[call site]
00034
strnvis
[function]
[call site]
00035
__ctype_b_loc
[call site]
00036
vis
[function]
[call site]
00037
__ctype_b_loc
[call site]
00038
__ctype_b_loc
[call site]
00039
vis
[function]
[call site]
00040
snprintf
[call site]
00041
strlen
[call site]
00042
openlog
[call site]
00043
syslog
[call site]
00044
closelog
[call site]
00045
__errno_location
[call site]
00046
raise
[call site]
00047
sshbuf_len
[function]
[call site]
00048
sshbuf_check_sanity
[function]
[call site]
00049
sshbuf_len
[function]
[call site]
00050
memchr
[call site]
00051
sshbuf_get_string_direct
[function]
[call site]
00052
sshbuf_peek_string_direct
[function]
[call site]
00053
sshbuf_consume
[function]
[call site]
00054
sshbuf_check_sanity
[function]
[call site]
00055
sshbuf_len
[function]
[call site]
00056
sshkey_type_from_name
[function]
[call site]
00057
strcmp
[call site]
00058
strcasecmp
[call site]
00059
sshkey_type_is_cert
[function]
[call site]
00060
sshkey_impl_from_type
[function]
[call site]
00061
sshkey_froms
[function]
[call site]
00062
sshbuf_froms
[function]
[call site]
00063
sshbuf_peek_string_direct
[function]
[call site]
00064
sshbuf_from
[function]
[call site]
00065
sshbuf_consume
[function]
[call site]
00066
sshbuf_set_parent
[function]
[call site]
00067
sshbuf_check_sanity
[function]
[call site]
00068
sshbuf_check_sanity
[function]
[call site]
00069
sshbuf_free
[function]
[call site]
00070
sshbuf_check_sanity
[function]
[call site]
00071
sshbuf_free
[function]
[call site]
00072
explicit_bzero
[call site]
00073
freezero
[function]
[call site]
00074
explicit_bzero
[call site]
00075
sshkey_from_blob_internal
[function]
[call site]
00076
sshbuf_fromb
[function]
[call site]
00077
sshbuf_check_sanity
[function]
[call site]
00078
sshbuf_ptr
[function]
[call site]
00079
sshbuf_set_parent
[function]
[call site]
00080
sshbuf_free
[function]
[call site]
00081
sshbuf_get_cstring
[function]
[call site]
00082
sshkey_type_from_name
[function]
[call site]
00083
sshkey_type_is_cert
[function]
[call site]
00084
sshkey_impl_from_type
[function]
[call site]
00085
sshkey_new
[function]
[call site]
00086
sshkey_impl_from_type
[function]
[call site]
00087
calloc
[call site]
00088
sshkey_is_cert
[function]
[call site]
00089
sshkey_type_is_cert
[function]
[call site]
00090
cert_new
[function]
[call site]
00091
calloc
[call site]
00092
sshbuf_new
[function]
[call site]
00093
calloc
[call site]
00094
calloc
[call site]
00095
sshbuf_new
[function]
[call site]
00096
sshbuf_new
[function]
[call site]
00097
cert_free
[function]
[call site]
00098
sshbuf_free
[function]
[call site]
00099
sshbuf_free
[function]
[call site]
00100
sshbuf_free
[function]
[call site]
00101
sshkey_free
[function]
[call site]
00102
sshkey_free_contents
[function]
[call site]
00103
sshkey_impl_from_type
[function]
[call site]
00104
sshkey_is_cert
[function]
[call site]
00105
cert_free
[function]
[call site]
00106
freezero
[function]
[call site]
00107
freezero
[function]
[call site]
00108
freezero
[function]
[call site]
00109
freezero
[function]
[call site]
00110
sshkey_free
[function]
[call site]
00111
sshkey_type_is_cert
[function]
[call site]
00112
sshbuf_get_string_direct
[function]
[call site]
00113
sshkey_is_cert
[function]
[call site]
00114
sshbuf_len
[function]
[call site]
00115
sshbuf_free
[function]
[call site]
00116
sshkey_free
[function]
[call site]
00117
sshbuf_free
[function]
[call site]
00118
sshkey_ecdsa_nid_from_name
[function]
[call site]
00119
key_type_is_ecdsa_variant
[function]
[call site]
00120
strcmp
[call site]
00121
sshkey_new
[function]
[call site]
00122
sshkey_impl_from_type
[function]
[call site]
00123
strcmp
[call site]
00124
memcmp
[call site]
00125
sshkey_free
[function]
[call site]
00126
sshkey_free
[function]
[call site]
00127
sshbuf_free
[function]
[call site]
00128