xref: /freebsd/crypto/openssh/regress/misc/fuzz-harness/authkeys_fuzz.cc (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c) 
1 #include <stddef.h>
2 #include <stdio.h>
3 #include <stdint.h>
4 #include <string.h>
5 #include <stdlib.h>
6 #include <pwd.h>
7 #include <unistd.h>
8 
9 extern "C" {
10 
11 #include "hostfile.h"
12 #include "auth.h"
13 #include "auth-options.h"
14 #include "sshkey.h"
15 
16 // testdata/id_ed25519.pub and testdata/id_ed25519-cert.pub
17 const char *pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPQXmEVMVLmeFRyafKMVWgPDkv8/uRBTwmcEDatZzMD";
18 const char *certtext = "ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIMDQjYH6XRzH3j3MW1DdjCoAfvrHfgjnVGF+sLK0pBfqAAAAIDPQXmEVMVLmeFRyafKMVWgPDkv8/uRBTwmcEDatZzMDAAAAAAAAA+sAAAABAAAAB3VseXNzZXMAAAAXAAAAB3VseXNzZXMAAAAIb2R5c3NldXMAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgM9BeYRUxUuZ4VHJp8oxVaA8OS/z+5EFPCZwQNq1nMwMAAABTAAAAC3NzaC1lZDI1NTE5AAAAQBj0og+s09/HpwdHZbzN0twooKPDWWrxGfnP1Joy6cDnY2BCSQ7zg9vbq11kLF8H/sKOTZWAQrUZ7LlChOu9Ogw= id_ed25519.pub";
19 
20 // stubs
21 void auth_debug_add(const char *fmt,...)
22 {
23 }
24 
25 void
26 auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote)
27 {
28 }
29 
30 int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
31 {
32 	char *tmp, *o, *cp = (char *)malloc(size + 1 + strlen(pubkey) + 1);
33 	struct sshauthopt *opts = NULL;
34 	struct passwd *pw = getpwuid(getuid());
35 	static struct sshkey *key, *cert;
36 
37 	if (key == NULL) {
38 		if ((key = sshkey_new(KEY_UNSPEC)) == NULL ||
39 		    (cert = sshkey_new(KEY_UNSPEC)) == NULL)
40 			abort();
41 		if ((o = tmp = strdup(pubkey)) == NULL ||
42 		    sshkey_read(key, &tmp) != 0)
43 			abort();
44 		free(o);
45 		if ((o = tmp = strdup(certtext)) == NULL ||
46 		    sshkey_read(cert, &tmp) != 0)
47 			abort();
48 		free(o);
49 	}
50 	if (cp == NULL || pw == NULL || key == NULL || cert == NULL)
51 		abort();
52 
53 	// Cleanup whitespace at input EOL.
54 	for (; size > 0 && strchr(" \t\r\n", data[size - 1]) != NULL; size--) ;
55 
56 	// Append a pubkey that will match.
57 	memcpy(cp, data, size);
58 	cp[size] = ' ';
59 	memcpy(cp + size + 1, pubkey, strlen(pubkey) + 1);
60 
61 	// Try key.
62 	if ((tmp = strdup(cp)) == NULL)
63 		abort();
64 	(void) auth_check_authkey_line(pw, key, tmp, "127.0.0.1", "localhost",
65 	    "fuzz", &opts);
66 	free(tmp);
67 	sshauthopt_free(opts);
68 
69 	// Try cert.
70 	if ((tmp = strdup(cp)) == NULL)
71 		abort();
72 	(void) auth_check_authkey_line(pw, cert, tmp, "127.0.0.1", "localhost",
73 	    "fuzz", &opts);
74 	free(tmp);
75 	sshauthopt_free(opts);
76 
77 	free(cp);
78 	return 0;
79 }
80 
81 } // extern "C"
82