From: Damien Miller <djm@mindrot.org>
Date: Sun, 29 May 2022 23:29:09 +0000 (+1000)
Subject: fix some bugs in the fuzzer
X-Git-Tag: V_9_1_P1~144
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dc7bc52372f2744fa39191577be5306ee57aacd4;p=thirdparty%2Fopenssh-portable.git

fix some bugs in the fuzzer
---

diff --git a/regress/misc/fuzz-harness/authkeys_fuzz.cc b/regress/misc/fuzz-harness/authkeys_fuzz.cc
index 6fe001fac..8b3e54e54 100644
--- a/regress/misc/fuzz-harness/authkeys_fuzz.cc
+++ b/regress/misc/fuzz-harness/authkeys_fuzz.cc
@@ -49,9 +49,14 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 	}
 	if (cp == NULL || pw == NULL || key == NULL || cert == NULL)
 		abort();
+
+	// Cleanup whitespace at input EOL.
+	for (; size > 0 && strchr(" \t\r\n", data[size - 1]) != NULL; size--) ;
+
+	// Append a pubkey that will match.
 	memcpy(cp, data, size);
 	cp[size] = ' ';
-	memcpy(cp + size + 1, key, strlen(pubkey) + 1);
+	memcpy(cp + size + 1, pubkey, strlen(pubkey) + 1);
 
 	// Try key.
 	if ((tmp = strdup(cp)) == NULL)