From 25505898530a333011f4fd5cbc841ad6b26c089c Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 16:40:04 +0200
Subject: Adding upstream version 1:9.2p1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 regress/misc/fuzz-harness/authkeys_fuzz.cc | 81 ++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 regress/misc/fuzz-harness/authkeys_fuzz.cc

(limited to 'regress/misc/fuzz-harness/authkeys_fuzz.cc')

diff --git a/regress/misc/fuzz-harness/authkeys_fuzz.cc b/regress/misc/fuzz-harness/authkeys_fuzz.cc
new file mode 100644
index 0000000..8b3e54e
--- /dev/null
+++ b/regress/misc/fuzz-harness/authkeys_fuzz.cc
@@ -0,0 +1,81 @@
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+#include <pwd.h>
+#include <unistd.h>
+
+extern "C" {
+
+#include "hostfile.h"
+#include "auth.h"
+#include "auth-options.h"
+#include "sshkey.h"
+
+// testdata/id_ed25519.pub and testdata/id_ed25519-cert.pub
+const char *pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPQXmEVMVLmeFRyafKMVWgPDkv8/uRBTwmcEDatZzMD"; 
+const char *certtext = "ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIMDQjYH6XRzH3j3MW1DdjCoAfvrHfgjnVGF+sLK0pBfqAAAAIDPQXmEVMVLmeFRyafKMVWgPDkv8/uRBTwmcEDatZzMDAAAAAAAAA+sAAAABAAAAB3VseXNzZXMAAAAXAAAAB3VseXNzZXMAAAAIb2R5c3NldXMAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgM9BeYRUxUuZ4VHJp8oxVaA8OS/z+5EFPCZwQNq1nMwMAAABTAAAAC3NzaC1lZDI1NTE5AAAAQBj0og+s09/HpwdHZbzN0twooKPDWWrxGfnP1Joy6cDnY2BCSQ7zg9vbq11kLF8H/sKOTZWAQrUZ7LlChOu9Ogw= id_ed25519.pub";
+
+// stubs
+void auth_debug_add(const char *fmt,...)
+{
+}
+
+void
+auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote)
+{
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+	char *tmp, *o, *cp = (char *)malloc(size + 1 + strlen(pubkey) + 1);
+	struct sshauthopt *opts = NULL;
+	struct passwd *pw = getpwuid(getuid());
+	static struct sshkey *key, *cert;
+
+	if (key == NULL) {
+		if ((key = sshkey_new(KEY_UNSPEC)) == NULL ||
+		    (cert = sshkey_new(KEY_UNSPEC)) == NULL)
+			abort();
+		if ((o = tmp = strdup(pubkey)) == NULL ||
+		    sshkey_read(key, &tmp) != 0)
+			abort();
+		free(o);
+		if ((o = tmp = strdup(certtext)) == NULL ||
+		    sshkey_read(cert, &tmp) != 0)
+			abort();
+		free(o);
+	}
+	if (cp == NULL || pw == NULL || key == NULL || cert == NULL)
+		abort();
+
+	// Cleanup whitespace at input EOL.
+	for (; size > 0 && strchr(" \t\r\n", data[size - 1]) != NULL; size--) ;
+
+	// Append a pubkey that will match.
+	memcpy(cp, data, size);
+	cp[size] = ' ';
+	memcpy(cp + size + 1, pubkey, strlen(pubkey) + 1);
+
+	// Try key.
+	if ((tmp = strdup(cp)) == NULL)
+		abort();
+	(void) auth_check_authkey_line(pw, key, tmp, "127.0.0.1", "localhost",
+	    "fuzz", &opts);
+	free(tmp);
+	sshauthopt_free(opts);
+
+	// Try cert.
+	if ((tmp = strdup(cp)) == NULL)
+		abort();
+	(void) auth_check_authkey_line(pw, cert, tmp, "127.0.0.1", "localhost",
+	    "fuzz", &opts);
+	free(tmp);
+	sshauthopt_free(opts);
+
+	free(cp);
+	return 0;
+}
+
+} // extern "C"
-- 
cgit v1.2.3