Adding upstream version 1:7.9p1.upstream/1%7.9p1 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-06 01:26:58 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-06 01:26:58 +0000
commit: 999ae6be3243c7b4a815247199447b53c39a3d65 (patch)
tree: 1f35b42b5e5f462d35ba452e4dcfa188ce0543fd /regress/misc/fuzz-harness
parent: Initial commit. (diff)
download: openssh-999ae6be3243c7b4a815247199447b53c39a3d65.tar.xz
openssh-999ae6be3243c7b4a815247199447b53c39a3d65.zip
5 files changed, 127 insertions, 0 deletions
diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile
new file mode 100644
index 0000000..a2aa444
--- /dev/null
+++ b/regress/misc/fuzz-harness/Makefile
@@ -0,0 +1,25 @@
+# NB. libssh and libopenbsd-compat should be built with the same sanitizer opts.
+CXX=clang++-3.9
+FUZZ_FLAGS=-fsanitize=address,undefined -fsanitize-coverage=edge
+FUZZ_LIBS=-lFuzzer
+
+CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS)
+LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
+LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS)
+
+all: pubkey_fuzz sig_fuzz authopt_fuzz
+
+.cc.o:
+	$(CXX) $(CXXFLAGS) -c $< -o $@
+
+pubkey_fuzz: pubkey_fuzz.o
+	$(CXX) -o $@ pubkey_fuzz.o $(LDFLAGS) $(LIBS)
+
+sig_fuzz: sig_fuzz.o
+	$(CXX) -o $@ sig_fuzz.o $(LDFLAGS) $(LIBS)
+
+authopt_fuzz: authopt_fuzz.o
+	$(CXX) -o $@ authopt_fuzz.o ../../../auth-options.o $(LDFLAGS) $(LIBS)
+
+clean:
+	-rm -f *.o pubkey_fuzz sig_fuzz authopt_fuzz
diff --git a/regress/misc/fuzz-harness/README b/regress/misc/fuzz-harness/README
new file mode 100644
index 0000000..ae6fbe7
--- /dev/null
+++ b/regress/misc/fuzz-harness/README
@@ -0,0 +1 @@
+This directory contains fuzzing harnesses for use with clang's libfuzzer.
diff --git a/regress/misc/fuzz-harness/authopt_fuzz.cc b/regress/misc/fuzz-harness/authopt_fuzz.cc
new file mode 100644
index 0000000..a76d5a3
--- /dev/null
+++ b/regress/misc/fuzz-harness/authopt_fuzz.cc
@@ -0,0 +1,33 @@
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+
+extern "C" {
+
+#include "auth-options.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+	char *cp = (char *)malloc(size + 1);
+	struct sshauthopt *opts = NULL, *merge = NULL, *add = sshauthopt_new();
+
+	if (cp == NULL || add == NULL)
+		goto out;
+	memcpy(cp, data, size);
+	cp[size] = '\0';
+	if ((opts = sshauthopt_parse(cp, NULL)) == NULL)
+		goto out;
+	if ((merge = sshauthopt_merge(opts, add, NULL)) == NULL)
+		goto out;
+
+ out:
+	free(cp);
+	sshauthopt_free(add);
+	sshauthopt_free(opts);
+	sshauthopt_free(merge);
+	return 0;
+}
+
+} // extern "C"
diff --git a/regress/misc/fuzz-harness/pubkey_fuzz.cc b/regress/misc/fuzz-harness/pubkey_fuzz.cc
new file mode 100644
index 0000000..8bbc110
--- /dev/null
+++ b/regress/misc/fuzz-harness/pubkey_fuzz.cc
@@ -0,0 +1,18 @@
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+
+extern "C" {
+
+#include "sshkey.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+	struct sshkey *k = NULL;
+	int r = sshkey_from_blob(data, size, &k);
+	if (r == 0) sshkey_free(k);
+	return 0;
+}
+
+} // extern
+
diff --git a/regress/misc/fuzz-harness/sig_fuzz.cc b/regress/misc/fuzz-harness/sig_fuzz.cc
new file mode 100644
index 0000000..dd1fda0
--- /dev/null
+++ b/regress/misc/fuzz-harness/sig_fuzz.cc
@@ -0,0 +1,50 @@
+// cc_fuzz_target test for public key parsing.
+
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+extern "C" {
+
+#include "includes.h"
+#include "sshkey.h"
+#include "ssherr.h"
+
+static struct sshkey *generate_or_die(int type, unsigned bits) {
+  int r;
+  struct sshkey *ret;
+  if ((r = sshkey_generate(type, bits, &ret)) != 0) {
+    fprintf(stderr, "generate(%d, %u): %s", type, bits, ssh_err(r));
+    abort();
+  }
+  return ret;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
+{
+#ifdef WITH_OPENSSL
+  static struct sshkey *rsa = generate_or_die(KEY_RSA, 2048);
+  static struct sshkey *dsa = generate_or_die(KEY_DSA, 1024);
+  static struct sshkey *ecdsa256 = generate_or_die(KEY_ECDSA, 256);
+  static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384);
+  static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521);
+#endif
+  static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0);
+  static const char *data = "If everyone started announcing his nose had "
+      "run away, I don’t know how it would all end";
+  static const size_t dlen = strlen(data);
+
+#ifdef WITH_OPENSSL
+  sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0);
+  sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0);
+  sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0);
+  sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0);
+  sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0);
+#endif
+  sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0);
+  return 0;
+}
+
+} // extern
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-06 01:26:58 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-06 01:26:58 +0000
commit	999ae6be3243c7b4a815247199447b53c39a3d65 (patch)
tree	1f35b42b5e5f462d35ba452e4dcfa188ce0543fd /regress/misc/fuzz-harness
parent	Initial commit. (diff)
download	openssh-999ae6be3243c7b4a815247199447b53c39a3d65.tar.xz openssh-999ae6be3243c7b4a815247199447b53c39a3d65.zip