allow a fuzz case to contain more than one request

loop until input buffer empty, no message consumed or 256 messages
processed

diff --git a/regress/misc/fuzz-harness/agent_fuzz_helper.c b/regress/misc/fuzz-harness/agent_fuzz_helper.c
index 1ea1576379f7d09ca43ea9c99a84608d661da362..1d419820cc5d3b0789506bdef3c3f2850c89aab9 100644 (file)
--- a/regress/misc/fuzz-harness/agent_fuzz_helper.c
+++ b/regress/misc/fuzz-harness/agent_fuzz_helper.c
@@ -147,10 +147,12 @@ reset_sockettab(int devnull)
        assert(sockets[0].fd == fd);
 }
 
+#define MAX_MESSAGES 256
 void
 test_one(const uint8_t* s, size_t slen)
 {
        static int devnull = -1;
+       size_t i, olen, nlen;
 
        if (devnull == -1) {
                log_init(__progname, SYSLOG_LEVEL_DEBUG3,
@@ -163,7 +165,13 @@ test_one(const uint8_t* s, size_t slen)
        reset_idtab();
        reset_sockettab(devnull);
        (void)sshbuf_put(sockets[0].input, s, slen);
-       process_message(0);
+       for (i = 0; i < MAX_MESSAGES; i++) {
+               olen = sshbuf_len(sockets[0].input);
+               process_message(0);
+               nlen = sshbuf_len(sockets[0].input);
+               if (nlen == 0 || nlen == olen)
+                       break;
+       }
        cleanup_idtab();
        cleanup_sockettab();
 }