add a fuzzer for private key parsing

diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile
index 85179ac4ed576e78ca9e64e1eadcbc60efb3c07d..e164e886952cd889503ad5a0b644fdf4452b7bf8 100644 (file)
--- a/regress/misc/fuzz-harness/Makefile
+++ b/regress/misc/fuzz-harness/Makefile
@@ -7,7 +7,8 @@ CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS)
 LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
 LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS)
 
-TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz sshsigopt_fuzz
+TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz \
+       sshsigopt_fuzz privkey_fuzz
 
 all: $(TARGETS)
 
@@ -29,5 +30,8 @@ sshsig_fuzz: sshsig_fuzz.o
 sshsigopt_fuzz: sshsigopt_fuzz.o
        $(CXX) -o $@ sshsigopt_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS)
 
+privkey_fuzz: privkey_fuzz.o
+       $(CXX) -o $@ privkey_fuzz.o $(LDFLAGS) $(LIBS)
+
 clean:
        -rm -f *.o $(TARGETS)

diff --git a/regress/misc/fuzz-harness/privkey_fuzz.cc b/regress/misc/fuzz-harness/privkey_fuzz.cc
new file mode 100644 (file)
index 0000000..ff0b0f7
--- /dev/null
+++ b/regress/misc/fuzz-harness/privkey_fuzz.cc
@@ -0,0 +1,21 @@
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+
+extern "C" {
+
+#include "sshkey.h"
+#include "sshbuf.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+       struct sshkey *k = NULL;
+       struct sshbuf *b = sshbuf_from(data, size);
+       int r = sshkey_private_deserialize(b, &k);
+       if (r == 0) sshkey_free(k);
+       sshbuf_free(b);
+       return 0;
+}
+
+} // extern
+