aboutsummaryrefslogtreecommitdiff
path: root/tests/fuzz
diff options
context:
space:
mode:
authorAlex Gaynor <alex.gaynor@gmail.com>2018-02-04 10:54:53 +0100
committerAndreas Schneider <asn@cryptomilk.org>2018-02-04 11:51:58 +0100
commitd84b0926f0ff285466d0a9d9ca631f1dfbd3a75e (patch)
treeaf9d785de7dfb7617dcaad9cc751e74489c371e5 /tests/fuzz
parentf19158cadf99cf9965fa9f6a8afaf19f91269e2a (diff)
downloadlibssh-d84b0926f0ff285466d0a9d9ca631f1dfbd3a75e.tar.gz
libssh-d84b0926f0ff285466d0a9d9ca631f1dfbd3a75e.tar.xz
libssh-d84b0926f0ff285466d0a9d9ca631f1dfbd3a75e.zip
tests: Added a fuzzer for the server
Fixes T67 Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
Diffstat (limited to 'tests/fuzz')
-rw-r--r--tests/fuzz/ssh_server_fuzzer.cpp101
1 files changed, 101 insertions, 0 deletions
diff --git a/tests/fuzz/ssh_server_fuzzer.cpp b/tests/fuzz/ssh_server_fuzzer.cpp
new file mode 100644
index 00000000..d6321ddf
--- /dev/null
+++ b/tests/fuzz/ssh_server_fuzzer.cpp
@@ -0,0 +1,101 @@
+/*
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+
+#include <assert.h>
+#include <fcntl.h>
+#include <stdint.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <unistd.h>
+
+#define LIBSSH_STATIC 1
+#include <libssh/libssh.h>
+#include <libssh/server.h>
+
+static const char kRSAPrivateKeyPEM[] =
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIIEowIBAAKCAQEArAOREUWlBXJAKZ5hABYyxnRayDZP1bJeLbPVK+npxemrhHyZ\n"
+ "gjdbY3ADot+JRyWjvll2w2GI+3blt0j+x/ZWwjMKu/QYcycYp5HL01goxOxuusZb\n"
+ "i+KiHRGB6z0EMdXM7U82U7lA/j//HyZppyDjUDniWabXQJge8ksGXGTiFeAJ/687\n"
+ "uV+JJcjGPxAGFQxzyjitf/FrL9S0WGKZbyqeGDzyeBZ1NLIuaiOORyLGSW4duHLD\n"
+ "N78EmsJnwqg2gJQmRSaD4BNZMjtbfiFcSL9Uw4XQFTsWugUDEY1AU4c5g11nhzHz\n"
+ "Bi9qMOt5DzrZQpD4j0gA2LOHpHhoOdg1ZuHrGQIDAQABAoIBAFJTaqy/jllq8vZ4\n"
+ "TKiD900wBvrns5HtSlHJTe80hqQoT+Sa1cWSxPR0eekL32Hjy9igbMzZ83uWzh7I\n"
+ "mtgNODy9vRdznfgO8CfTCaBfAzQsjFpr8QikMT6EUI/LpiRL1UaGsNOlSEvnSS0Z\n"
+ "b1uDzAdrjL+nsEHEDJud+K9jwSkCRifVMy7fLfaum+YKpdeEz7K2Mgm5pJ/Vg+9s\n"
+ "vI2V1q7HAOI4eUVTgJNHXy5ediRJlajQHf/lNUzHKqn7iH+JRl01gt62X8roG62b\n"
+ "TbFylbheqMm9awuSF2ucOcx+guuwhkPir8BEMb08j3hiK+TfwPdY0F6QH4OhiKK7\n"
+ "MTqTVgECgYEA0vmmu5GOBtwRmq6gVNCHhdLDQWaxAZqQRmRbzxVhFpbv0GjbQEF7\n"
+ "tttq3fjDrzDf6CE9RtZWw2BUSXVq+IXB/bXb1kgWU2xWywm+OFDk9OXQs8ui+MY7\n"
+ "FiP3yuq3YJob2g5CCsVQWl2CHvWGmTLhE1ODll39t7Y1uwdcDobJN+ECgYEA0LlR\n"
+ "hfMjydWmwqooU9TDjXNBmwufyYlNFTH351amYgFUDpNf35SMCP4hDosUw/zCTDpc\n"
+ "+1w04BJJfkH1SNvXSOilpdaYRTYuryDvGmWC66K2KX1nLErhlhs17CwzV997nYgD\n"
+ "H3OOU4HfqIKmdGbjvWlkmY+mLHyG10bbpOTbujkCgYAc68xHejSWDCT9p2KjPdLW\n"
+ "LYZGuOUa6y1L+QX85Vlh118Ymsczj8Z90qZbt3Zb1b9b+vKDe255agMj7syzNOLa\n"
+ "/MseHNOyq+9Z9gP1hGFekQKDIy88GzCOYG/fiT2KKJYY1kuHXnUdbiQgSlghODBS\n"
+ "jehD/K6DOJ80/FVKSH/dAQKBgQDJ+apTzpZhJ2f5k6L2jDq3VEK2ACedZEm9Kt9T\n"
+ "c1wKFnL6r83kkuB3i0L9ycRMavixvwBfFDjuY4POs5Dh8ip/mPFCa0hqISZHvbzi\n"
+ "dDyePJO9zmXaTJPDJ42kfpkofVAnfohXFQEy+cguTk848J+MmMIKfyE0h0QMabr9\n"
+ "86BUsQKBgEVgoi4RXwmtGovtMew01ORPV9MOX3v+VnsCgD4/56URKOAngiS70xEP\n"
+ "ONwNbTCWuuv43HGzJoVFiAMGnQP1BAJ7gkHkjSegOGKkiw12EPUWhFcMg+GkgPhc\n"
+ "pOqNt/VMBPjJ/ysHJqmLfQK9A35JV6Cmdphe+OIl28bcKhAOz8Dw\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ int socket_fds[2];
+ int res = socketpair(AF_UNIX, SOCK_STREAM, 0, socket_fds);
+ assert(res >= 0);
+ ssize_t send_res = send(socket_fds[1], data, size, 0);
+ assert(send_res == size);
+ res = shutdown(socket_fds[1], SHUT_WR);
+ assert(res == 0);
+
+ int fd = open("/tmp/libssh_fuzzer_private_key", O_WRONLY | O_CREAT, S_IRWXU);
+ assert(fd >= 0);
+ ssize_t write_res = write(fd, kRSAPrivateKeyPEM, strlen(kRSAPrivateKeyPEM));
+ assert(write_res == strlen(kRSAPrivateKeyPEM));
+ close(fd);
+
+ ssh_bind sshbind = ssh_bind_new();
+ ssh_session session = ssh_new();
+
+ ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, "/tmp/libssh_fuzzer_private_key");
+
+ res = ssh_bind_accept_fd(sshbind, session, socket_fds[0]);
+ assert(res == SSH_OK);
+
+ if (ssh_handle_key_exchange(session) == SSH_OK) {
+ while (true) {
+ ssh_message message = ssh_message_get(session);
+ if (!message) {
+ break;
+ }
+ ssh_message_free(message);
+ }
+ }
+
+ close(socket_fds[0]);
+ close(socket_fds[1]);
+
+ ssh_disconnect(session);
+ ssh_free(session);
+ ssh_bind_free(sshbind);
+
+ return 0;
+}