Home Explore Help
Sign In
BlitzNG
/
net.mod
mirror of https://github.com/bmx-ng/net.mod.git
2
0
Fork 0
Files Issues 0 Wiki
Branch: task/move-platform-c
Branches Tags
net.mod
/
libssh2.mod
/
libssh2
/
tests
/
ossfuzz
/
ssh2_client_fuzzer.cc

ssh2_client_fuzzer.cc 2.2 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 
  1. #include <assert.h>
    2. 

  2. #include <errno.h>
    3. 

  3. #include <stdbool.h>
    4. 

  4. #include <stdio.h>
    5. 

  5. #include <stdlib.h>
    6. 

  6. #include <string.h>
    7. 

  7. #include <sys/socket.h>
    8. 

  8. #include <unistd.h>
    9. 

  9. #include <libssh2.h>
    10. 

  10. #include "testinput.h"
    11. 

  11. 

  12. #define FUZZ_ASSERT(COND)                                                     \
    13. 

  13.         if(!(COND))                                                           \
    14. 

  14.         {                                                                     \
    15. 

  15.           fprintf(stderr, "Assertion failed: " #COND "\n%s",                  \
    16. 

  16.                   strerror(errno));                                           \
    17. 

  17.           assert((COND));                                                     \
    18. 

  18.         }
    19. 

  19. 

  20. extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
    21. 

  21. {
    22. 

  22.   int socket_fds[2] = {-1, -1};
    23. 

  23.   ssize_t written;
    24. 

  24.   int rc;
    25. 

  25.   LIBSSH2_SESSION *session = NULL;
    26. 

  26.   int handshake_completed = 0;
    27. 

  27. 

  28.   rc = libssh2_init(0);
    29. 

  29. 

  30.   if(rc != 0) {
    31. 

  31.     fprintf(stderr, "libssh2 initialization failed (%d)\n", rc);
    32. 

  32.     goto EXIT_LABEL;
    33. 

  33.   }
    34. 

  34. 

  35.   // Create a socket pair so data can be sent in.
    36. 

  36.   rc = socketpair(AF_UNIX, SOCK_STREAM, 0, socket_fds);
    37. 

  37.   FUZZ_ASSERT(rc == 0);
    38. 

  38. 

  39.   written = send(socket_fds[1], data, size, 0);
    40. 

  40. 

  41.   if (written != size)
    42. 

  42.   {
    43. 

  43.     // Handle whatever error case we're in.
    44. 

  44.     fprintf(stderr, "send() of %zu bytes returned %zu (%d)\n",
    45. 

  45.             size,
    46. 

  46.             written,
    47. 

  47.             errno);
    48. 

  48.     goto EXIT_LABEL;
    49. 

  49.   }
    50. 

  50. 

  51.   rc = shutdown(socket_fds[1], SHUT_WR);
    52. 

  52.   if (rc != 0)
    53. 

  53.   {
    54. 

  54.     fprintf(stderr, "socket shutdown failed (%d)\n", rc);
    55. 

  55.     goto EXIT_LABEL;
    56. 

  56.   }
    57. 

  57. 

  58.   // Create a session and start the handshake using the fuzz data passed in.
    59. 

  59.   session = libssh2_session_init();
    60. 

  60.   if(session) {
    61. 

  61.     libssh2_session_set_blocking(session, 1);
    62. 

  62.   }
    63. 

  63. 

  64.   if(libssh2_session_handshake(session, socket_fds[0])) {
    65. 

  65.     goto EXIT_LABEL;
    66. 

  66.   }
    67. 

  67. 

  68.   // If we get here the handshake actually completed.
    69. 

  69.   handshake_completed = 1;
    70. 

  70. 

  71. EXIT_LABEL:
    72. 

  72. 

  73.   if (session != NULL)
    74. 

  74.   {
    75. 

  75.     if (handshake_completed)
    76. 

  76.     {
    77. 

  77.       libssh2_session_disconnect(session,
    78. 

  78.                                  "Normal Shutdown, Thank you for playing");
    79. 

  79.     }
    80. 

  80. 

  81.     libssh2_session_free(session);
    82. 

  82.   }
    83. 

  83. 

  84.   libssh2_exit();
    85. 

  85. 

  86.   close(socket_fds[0]);
    87. 

  87.   close(socket_fds[1]);
    88. 

  88. 

  89.   return 0;
    90. 

  90. }
    91.