Fuzz introspector: wget_ntlm_fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
774 774 5 :

['load_system_priority_file', 'update_system_wide_priority_string', 'gnutls_strerror', 'construct_system_wide_priority_string', '_gnutls_buffer_clear']

874 874 _gnutls_update_system_priorities call site: 00000 /src/gnutls/lib/priority.c:2286
724 2053 19 :

['capabilities_to_zhaoxin_edx', 'check_avx_movbe', 'check_phe_partial', 'capabilities_to_intel_cpuid', 'check_padlock', 'check_sha', 'check_phe', '_gnutls_priority_update_non_aesni', 'gnutls_crypto_single_cipher_register', 'read_cpuid_vals', 'gnutls_crypto_single_mac_register', 'gnutls_crypto_single_digest_register', 'check_pclmul', 'check_fast_pclmul', '_gnutls_log', 'check_optimized_aes', 'check_ssse3', 'padlock_capability', 'check_phe_sha512']

724 2053 register_x86_padlock_crypto call site: 00000 /src/gnutls/lib/accelerated/x86/x86-common.c:383
47 47 1 :

['capabilities_to_intel_cpuid']

439 1303 register_x86_intel_crypto call site: 00000 /src/gnutls/lib/accelerated/x86/x86-common.c:817
18 18 1 :

['_gnutls_asn2err']

40 40 _gnutls_global_init call site: 00000 /src/gnutls/lib/global.c:306
16 16 1 :

['_asn1_delete_list_and_nodes']

16 16 asn1_array2tree call site: 00000 /src/gnutls/lib/minitasn1/structure.c:275
12 12 2 :

['_gnutls_log', 'atoi']

22 1565 lib_init call site: 00000 /src/gnutls/lib/global.c:520
10 10 1 :

['_gnutls_log']

10 10 register_x86_intel_crypto call site: 00000 /src/gnutls/lib/accelerated/x86/x86-common.c:1027
10 10 1 :

['_gnutls_log']

10 10 _algo_register call site: 00000 /src/gnutls/lib/crypto-backend.c:67
10 10 1 :

['_gnutls_log']

10 10 _algo_register call site: 00000 /src/gnutls/lib/crypto-backend.c:87
6 6 3 :

['gnutls_global_set_log_level', 'atoi', 'gnutls_global_set_log_function']

166 2006 _gnutls_global_init call site: 00000 /src/gnutls/lib/global.c:262
6 6 1 :

['memcmp']

6 6 check_x86_cpu_vendor call site: 00000 /src/gnutls/lib/accelerated/x86/x86-common.c:792
4 4 2 :

['close', 'open']

44 44 _rnd_system_entropy_init call site: 00000 /src/gnutls/lib/nettle/sysrng-linux.c:167

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 calloc [call site] 00001
1 ntlm_input [function] [call site] 00002
2 strncmp [call site] 00003
2 c_isspace [function] [call site] 00004
2 debug_logprintf [function] [call site] 00005
3 log_vprintf_internal [function] [call site] 00006
4 get_log_fp [function] [call site] 00007
4 get_warc_log_fp [function] [call site] 00008
4 vfprintf [call site] 00009
4 vsnprintf [call site] 00010
4 xrealloc [function] [call site] 00011
5 rpl_realloc [function] [call site] 00012
6 realloc [call site] 00013
5 xalloc_die [function] [call site] 00014
6 dgettext [call site] 00015
6 error [call site] 00016
6 abort [call site] 00017
4 saved_append [function] [call site] 00019
5 strchr [call site] 00020
5 strlen [call site] 00021
5 saved_append_1 [function] [call site] 00022
6 free_log_line [function] [call site] 00023
7 rpl_free [function] [call site] 00024
8 __errno_location [call site] 00025
8 __errno_location [call site] 00026
6 strdupdelim [function] [call site] 00027
6 strlen [call site] 00035
6 strlen [call site] 00037
4 fputs [call site] 00039
4 fputs [call site] 00040
4 logflush [function] [call site] 00042
5 get_log_fp [function] [call site] 00043
5 get_warc_log_fp [function] [call site] 00044
5 rpl_fflush [function] [call site] 00045
6 __freading [call site] 00046
6 fflush [call site] 00047
6 clear_ungetc_buffer_preserving_position [function] [call site] 00048
7 rpl_fseeko [function] [call site] 00049
8 fileno [call site] 00050
8 lseek [call site] 00051
8 fseeko [call site] 00052
6 fflush [call site] 00053
5 rpl_fflush [function] [call site] 00054
2 wget_base64_decode [function] [call site] 00055
2 debug_logprintf [function] [call site] 00061
2 debug_logprintf [function] [call site] 00062
2 debug_logprintf [function] [call site] 00063
2 debug_logprintf [function] [call site] 00064
1 ntlm_output [function] [call site] 00065
2 strlen [call site] 00066
2 strlen [call site] 00067
2 debug_logprintf [function] [call site] 00068
2 snprintf [call site] 00069
2 wget_base64_encode [function] [call site] 00071
2 debug_logprintf [function] [call site] 00072
2 strchr [call site] 00073
2 strchr [call site] 00074
2 strlen [call site] 00075
2 mkhash [function] [call site] 00076
3 strlen [call site] 00077
3 c_toupper [function] [call site] 00078
3 setup_des_key [function] [call site] 00079
4 nettle_des_set_key [function] [call site] 00080
5 des_weak_p [function] [call site] 00081
3 nettle_des_encrypt [function] [call site] 00082
4 __assert_fail [call site] 00083
4 DesSmallFipsEncrypt [function] [call site] 00084
3 setup_des_key [function] [call site] 00085
3 nettle_des_encrypt [function] [call site] 00086
3 calc_resp [function] [call site] 00087
4 setup_des_key [function] [call site] 00088
4 nettle_des_encrypt [function] [call site] 00089
4 setup_des_key [function] [call site] 00090
4 nettle_des_encrypt [function] [call site] 00091
4 setup_des_key [function] [call site] 00092
4 nettle_des_encrypt [function] [call site] 00093
3 strlen [call site] 00094
3 nettle_md4_init [function] [call site] 00095
3 nettle_md4_update [function] [call site] 00096
4 md4_compress [function] [call site] 00097
5 md4_transform [function] [call site] 00098
3 nettle_md4_digest [function] [call site] 00099
4 __assert_fail [call site] 00100
4 __assert_fail [call site] 00101
4 md4_compress [function] [call site] 00102
4 md4_transform [function] [call site] 00103
4 _nettle_write_le32 [function] [call site] 00104
4 nettle_md4_init [function] [call site] 00105
3 calc_resp [function] [call site] 00106
2 snprintf [call site] 00107
2 wget_base64_encode [function] [call site] 00109