Fuzzer harness for sshsig

author Damien Miller <djm@mindrot.org>

Thu, 5 Sep 2019 01:09:28 +0000 (11:09 +1000)

committer Damien Miller <djm@mindrot.org>

Thu, 5 Sep 2019 04:26:39 +0000 (14:26 +1000)
author Damien Miller <djm@mindrot.org>
Thu, 5 Sep 2019 01:09:28 +0000 (11:09 +1000)
committer Damien Miller <djm@mindrot.org>
Thu, 5 Sep 2019 04:26:39 +0000 (14:26 +1000)
diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile

index a2aa4441f97e44840d95871d1cd39e013f69b98f..6ab7d7217bba54fea003cdd7e4e458d2c9908c2d 100644 (file)
--- a/regress/misc/fuzz-harness/Makefile
+++ b/regress/misc/fuzz-harness/Makefile
@@ -7,7 +7,7 @@ CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS)
  LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
  LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS)
  
-all: pubkey_fuzz sig_fuzz authopt_fuzz
+all: pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz
  
  .cc.o:
         $(CXX) $(CXXFLAGS) -c $< -o $@
@@ -21,5 +21,8 @@ sig_fuzz: sig_fuzz.o
  authopt_fuzz: authopt_fuzz.o
         $(CXX) -o $@ authopt_fuzz.o ../../../auth-options.o $(LDFLAGS) $(LIBS)
  
+sshsig_fuzz: sshsig_fuzz.o
+       $(CXX) -o $@ sshsig_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS)
+
  clean:
         -rm -f *.o pubkey_fuzz sig_fuzz authopt_fuzz
diff --git a/regress/misc/fuzz-harness/sshsig_fuzz.cc b/regress/misc/fuzz-harness/sshsig_fuzz.cc

new file mode 100644 (file)

index 0000000..fe09ccb
--- /dev/null
+++ b/regress/misc/fuzz-harness/sshsig_fuzz.cc
@@ -0,0 +1,35 @@
+// cc_fuzz_target test for sshsig verification.
+
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+extern "C" {
+
+#include "includes.h"
+#include "sshkey.h"
+#include "ssherr.h"
+#include "sshbuf.h"
+#include "sshsig.h"
+#include "log.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
+{
+  static const char *data = "If everyone started announcing his nose had "
+      "run away, I don’t know how it would all end";
+  struct sshbuf *signature = sshbuf_from(sig, slen);
+  struct sshbuf *message = sshbuf_from(data, strlen(data));
+  struct sshkey *k = NULL;
+  extern char *__progname;
+
+  log_init(__progname, SYSLOG_LEVEL_QUIET, SYSLOG_FACILITY_USER, 1);
+  sshsig_verifyb(signature, message, "castle", &k);
+  sshkey_free(k);
+  sshbuf_free(signature);
+  sshbuf_free(message);
+  return 0;
+}
+
+} // extern
author	Damien Miller <djm@mindrot.org>
	Thu, 5 Sep 2019 01:09:28 +0000 (11:09 +1000)
committer	Damien Miller <djm@mindrot.org>
	Thu, 5 Sep 2019 04:26:39 +0000 (14:26 +1000)
regress/misc/fuzz-harness/Makefile		patch \| blob \| blame \| history
regress/misc/fuzz-harness/sshsig_fuzz.cc	[new file with mode: 0644]	patch \| blob