The followings are the branches where fuzzer fails to bypass.
| Unique non-covered Complexity | Unique Reachable Complexities | Unique Reachable Functions | All non-covered Complexity | All Reachable Complexity | Function Name | Function Callsite | Blocked Branch |
|---|---|---|---|---|---|---|---|
| 419 | 419 |
1 :
['pkcs11_key_free'] |
419 | 881 | sshkey_free_contents | call site: 00109 | /src/openssh/sshkey.c:782 |
| 209 | 209 |
1 :
['ssh_digest_buffer'] |
209 | 607 | webauthn_check_prepare_hash | call site: 00000 | /src/openssh/ssh-ecdsa-sk.c:217 |
| 158 | 158 |
5 :
['do_log', 'getpid', 'strrchr', 'strlcpy', 'match_pattern_list'] |
158 | 158 | sshlogv | call site: 00016 | /src/openssh/log.c:462 |
| 82 | 243 |
4 :
['malloc', 'xmss_sign_open', 'sshkey_xmss_params', 'sshlog'] |
82 | 452 | ssh_xmss_verify | call site: 00000 | /src/openssh/ssh-xmss.c:314 |
| 13 | 13 |
1 :
['ssh_rsa_hash_id_from_keyname'] |
23 | 674 | ssh_rsa_verify | call site: 00000 | /src/openssh/ssh-rsa.c:528 |
| 2 | 2 |
1 :
['EVP_PKEY_get1_RSA'] |
30 | 1010 | ssh_rsa_deserialize_private | call site: 00000 | /src/openssh/ssh-rsa.c:243 |
| 2 | 2 |
1 :
['BN_clear_free'] |
2 | 2 | sshbuf_get_bignum2 | call site: 00000 | /src/openssh/sshbuf-getput-crypto.c:48 |
| 2 | 2 |
1 :
['munmap'] |
2 | 2 | sshkey_prekey_free | call site: 00187 | /src/openssh/sshkey.c:770 |
| 0 | 717 |
1 :
['sshbuf_put_u8'] |
0 | 722 | sshbuf_dtob64 | call site: 00000 | /src/openssh/sshbuf-misc.c:147 |
| 0 | 440 |
1 :
['sshkey_free'] |
0 | 440 | sshkey_new | call site: 00097 | /src/openssh/sshkey.c:723 |
| 0 | 440 |
1 :
['cert_free'] |
0 | 440 | cert_new | call site: 00099 | /src/openssh/sshkey.c:688 |
| 0 | 199 |
1 :
['sshbuf_free'] |
0 | 199 | sshbuf_froms | call site: 00070 | /src/openssh/sshbuf-getput-basic.c:561 |
LLVMFuzzerTestOneInput
[function]
[call site]
00000
sshbuf_from
[function]
[call site]
00001
calloc
[call site]
00002
sshkey_private_deserialize
[function]
[call site]
00003
sshbuf_get_cstring
[function]
[call site]
00004
sshbuf_peek_string_direct
[function]
[call site]
00005
sshbuf_ptr
[function]
[call site]
00006
sshbuf_check_sanity
[function]
[call site]
00007
ssh_signal
[function]
[call site]
00008
memset
[call site]
00009
sigfillset
[call site]
00010
sigaction
[call site]
00011
strsignal
[call site]
00012
__errno_location
[call site]
00013
strerror
[call site]
00014
sshlog
[function]
[call site]
00015
sshlogv
[function]
[call site]
00016
strrchr
[call site]
00017
getpid
[call site]
00018
snprintf
[call site]
00019
match_pattern_list
[function]
[call site]
00020
strlen
[call site]
00021
__ctype_b_loc
[call site]
00022
tolower
[call site]
00023
match_pattern
[function]
[call site]
00024
match_pattern
[function]
[call site]
00025
match_pattern
[function]
[call site]
00026
snprintf
[call site]
00027
snprintf
[call site]
00028
strlcpy
[function]
[call site]
00029
do_log
[function]
[call site]
00030
__errno_location
[call site]
00031
snprintf
[call site]
00032
vsnprintf
[call site]
00033
vsnprintf
[call site]
00034
snprintf
[call site]
00035
strlcpy
[function]
[call site]
00036
strnvis
[function]
[call site]
00037
__ctype_b_loc
[call site]
00038
vis
[function]
[call site]
00039
__ctype_b_loc
[call site]
00040
__ctype_b_loc
[call site]
00041
vis
[function]
[call site]
00042
snprintf
[call site]
00043
strlen
[call site]
00044
write
[call site]
00045
openlog
[call site]
00046
syslog
[call site]
00047
closelog
[call site]
00048
__errno_location
[call site]
00049
raise
[call site]
00050
sshbuf_len
[function]
[call site]
00051
sshbuf_check_sanity
[function]
[call site]
00052
sshbuf_len
[function]
[call site]
00053
memchr
[call site]
00054
sshbuf_get_string_direct
[function]
[call site]
00055
sshbuf_peek_string_direct
[function]
[call site]
00056
sshbuf_consume
[function]
[call site]
00057
sshbuf_check_sanity
[function]
[call site]
00058
sshbuf_len
[function]
[call site]
00059
sshkey_type_from_name
[function]
[call site]
00060
type_from_name
[function]
[call site]
00061
strcmp
[call site]
00062
strcasecmp
[call site]
00063
sshkey_type_is_cert
[function]
[call site]
00064
sshkey_impl_from_type
[function]
[call site]
00065
sshkey_froms
[function]
[call site]
00066
sshbuf_froms
[function]
[call site]
00067
sshbuf_peek_string_direct
[function]
[call site]
00068
sshbuf_from
[function]
[call site]
00069
sshbuf_consume
[function]
[call site]
00070
sshbuf_set_parent
[function]
[call site]
00071
sshbuf_check_sanity
[function]
[call site]
00072
sshbuf_check_sanity
[function]
[call site]
00073
sshbuf_free
[function]
[call site]
00074
sshbuf_check_sanity
[function]
[call site]
00075
sshbuf_free
[function]
[call site]
00076
freezero
[function]
[call site]
00077
explicit_bzero
[call site]
00078
freezero
[function]
[call site]
00079
sshkey_from_blob_internal
[function]
[call site]
00080
sshbuf_fromb
[function]
[call site]
00081
sshbuf_check_sanity
[function]
[call site]
00082
sshbuf_ptr
[function]
[call site]
00083
sshbuf_len
[function]
[call site]
00084
sshbuf_from
[function]
[call site]
00085
sshbuf_set_parent
[function]
[call site]
00086
sshbuf_free
[function]
[call site]
00087
sshbuf_get_cstring
[function]
[call site]
00088
sshkey_type_from_name
[function]
[call site]
00089
sshkey_type_is_cert
[function]
[call site]
00090
sshkey_impl_from_type
[function]
[call site]
00091
sshkey_new
[function]
[call site]
00092
sshkey_impl_from_type
[function]
[call site]
00093
calloc
[call site]
00094
sshkey_is_cert
[function]
[call site]
00095
sshkey_type_is_cert
[function]
[call site]
00096
cert_new
[function]
[call site]
00097
calloc
[call site]
00098
sshbuf_new
[function]
[call site]
00099
calloc
[call site]
00100
calloc
[call site]
00101
sshbuf_new
[function]
[call site]
00102
sshbuf_new
[function]
[call site]
00103
cert_free
[function]
[call site]
00104
sshbuf_free
[function]
[call site]
00105
sshbuf_free
[function]
[call site]
00106
sshbuf_free
[function]
[call site]
00107
sshkey_free
[function]
[call site]
00108
sshkey_free_contents
[function]
[call site]
00109
pkcs11_key_free
[function]
[call site]
00110
sshkey_type
[function]
[call site]
00111
sshkey_impl_from_key
[function]
[call site]
00112
sshkey_impl_from_type_nid
[function]
[call site]
00113
sshlog
[function]
[call site]
00114
helper_by_key
[function]
[call site]
00115
sshbuf_new
[function]
[call site]
00116
sshfatal
[function]
[call site]
00117
sshlogv
[function]
[call site]
00118
cleanup_exit
[function]
[call site]
00119
_exit
[call site]
00120
sshkey_putb
[function]
[call site]
00121
to_blob_buf
[function]
[call site]
00122
sshkey_type_plain
[function]
[call site]
00123
sshkey_type_is_cert
[function]
[call site]
00124
sshbuf_len
[function]
[call site]
00125
sshbuf_putb
[function]
[call site]
00126
sshbuf_ptr
[function]
[call site]
00127
sshbuf_len
[function]
[call site]
00128
sshbuf_put
[function]
[call site]
00129
sshbuf_reserve
[function]
[call site]
00130
sshbuf_allocate
[function]
[call site]
00131
sshbuf_check_reserve
[function]
[call site]
00132
sshbuf_check_sanity
[function]
[call site]
00133
sshbuf_maybe_pack
[function]
[call site]
00134
recallocarray
[function]
[call site]
00135
calloc
[call site]
00136
__errno_location
[call site]
00137
__errno_location
[call site]
00138
getpagesize
[call site]
00139
memset
[call site]
00140
memset
[call site]
00141
explicit_bzero
[call site]
00142
sshbuf_check_reserve
[function]
[call site]
00143
sshkey_impl_from_type
[function]
[call site]
00144
sshkey_ssh_name_from_type_nid
[function]
[call site]
00145
sshkey_impl_from_type_nid
[function]
[call site]
00146
sshbuf_put_cstring
[function]
[call site]
00147
strlen
[call site]
00148
sshbuf_put_string
[function]
[call site]
00149
sshbuf_reserve
[function]
[call site]
00150
ssh_err
[function]
[call site]
00151
__errno_location
[call site]
00152
strerror
[call site]
00153
sshfatal
[function]
[call site]
00154
sshbuf_equals
[function]
[call site]
00155
sshbuf_ptr
[function]
[call site]
00156
sshbuf_len
[function]
[call site]
00157
sshbuf_len
[function]
[call site]
00158
sshbuf_ptr
[function]
[call site]
00159
sshbuf_len
[function]
[call site]
00160
memcmp
[call site]
00161
sshbuf_free
[function]
[call site]
00162
sshbuf_free
[function]
[call site]
00163
sshkey_type
[function]
[call site]
00164
sshfatal
[function]
[call site]
00165
sshbuf_new
[function]
[call site]
00166
sshfatal
[function]
[call site]
00167
sshkey_putb
[function]
[call site]
00168
ssh_err
[function]
[call site]
00169
sshfatal
[function]
[call site]
00170
sshbuf_equals
[function]
[call site]
00171
sshfatal
[function]
[call site]
00172
xrecallocarray
[function]
[call site]
00173
recallocarray
[function]
[call site]
00174
sshfatal
[function]
[call site]
00175
helper_terminate
[function]
[call site]
00176
sshfatal
[function]
[call site]
00177
sshlog
[function]
[call site]
00178
close
[call site]
00179
sshfatal
[function]
[call site]
00180
xrecallocarray
[function]
[call site]
00181
sshkey_impl_from_type
[function]
[call site]
00182
sshkey_is_cert
[function]
[call site]
00183
cert_free
[function]
[call site]
00184
freezero
[function]
[call site]
00185
freezero
[function]
[call site]
00186
sshkey_prekey_free
[function]
[call site]
00187
munmap
[call site]
00188
freezero
[function]
[call site]
00189
sshkey_free
[function]
[call site]
00190
sshkey_type_is_cert
[function]
[call site]
00191
sshbuf_get_string_direct
[function]
[call site]
00192
sshkey_is_cert
[function]
[call site]
00193
cert_parse
[function]
[call site]
00194
sshbuf_putb
[function]
[call site]
00195
sshbuf_get_u64
[function]
[call site]
00196
sshbuf_ptr
[function]
[call site]
00197
sshbuf_consume
[function]
[call site]
00198
sshbuf_get_u32
[function]
[call site]
00199
sshbuf_ptr
[function]
[call site]
00200
sshbuf_consume
[function]
[call site]
00201
sshbuf_get_cstring
[function]
[call site]
00202
sshbuf_froms
[function]
[call site]
00203
sshbuf_get_u64
[function]
[call site]
00204
sshbuf_get_u64
[function]
[call site]
00205
sshbuf_froms
[function]
[call site]
00206
sshbuf_froms
[function]
[call site]
00207
sshbuf_get_string_direct
[function]
[call site]
00208
sshbuf_froms
[function]
[call site]
00209
sshbuf_len
[function]
[call site]
00210
sshbuf_get_string
[function]
[call site]
00211
sshbuf_get_string_direct
[function]
[call site]
00212
sshbuf_len
[function]
[call site]
00213
sshbuf_get_cstring
[function]
[call site]
00214
recallocarray
[function]
[call site]
00215
sshbuf_putb
[function]
[call site]
00216
sshbuf_putb
[function]
[call site]
00217
sshbuf_len
[function]
[call site]
00218
sshbuf_get_string_direct
[function]
[call site]
00219
sshbuf_get_string_direct
[function]
[call site]
00220
sshbuf_reset
[function]
[call site]
00221
sshbuf_check_sanity
[function]
[call site]
00222
recallocarray
[function]
[call site]
00223
explicit_bzero
[call site]
00224
sshbuf_len
[function]
[call site]
00225
sshbuf_get_string_direct
[function]
[call site]
00226
sshbuf_get_string_direct
[function]
[call site]
00227
sshbuf_reset
[function]
[call site]
00228
sshkey_from_blob_internal
[function]
[call site]
00229
sshbuf_len
[function]
[call site]
00230
sshbuf_free
[function]
[call site]
00231
sshkey_free
[function]
[call site]
00232
sshkey_type_is_valid_ca
[function]
[call site]
00233
sshkey_impl_from_type
[function]
[call site]
00234
sshbuf_ptr
[function]
[call site]
00235
sshkey_verify
[function]
[call site]
00236
sshkey_impl_from_key
[function]
[call site]
00237
sshkey_get_sigtype
[function]
[call site]
00238
sshbuf_from
[function]
[call site]
00239
sshbuf_get_cstring
[function]
[call site]
00240
sshbuf_free
[function]
[call site]
00241
sshbuf_free
[function]
[call site]
00242
sshbuf_free
[function]
[call site]
00243
sshbuf_free
[function]
[call site]
00244
sshbuf_free
[function]
[call site]
00245
sshbuf_free
[function]
[call site]
00246
sshkey_ecdsa_nid_from_name
[function]
[call site]
00247
key_type_is_ecdsa_variant
[function]
[call site]
00248
strcmp
[call site]
00249
sshkey_new
[function]
[call site]
00250
sshkey_impl_from_type
[function]
[call site]
00251
strcmp
[call site]
00252
memcmp
[call site]
00253
sshkey_free
[function]
[call site]
00254
sshkey_free
[function]
[call site]
00255
sshbuf_free
[function]
[call site]
00256