diff options
author | Matt Johnston <matt@ucc.asn.au> | 2018-03-06 22:02:19 +0800 |
---|---|---|
committer | Matt Johnston <matt@ucc.asn.au> | 2018-03-06 22:02:19 +0800 |
commit | 18ed413c685b55d8032a2a80a195e284b4e280a8 (patch) | |
tree | 37aff2b19ce4412cb0b5fc201ccb8c7bdaecfa93 | |
parent | b22998218071612e9124fb5400b7499027aecd53 (diff) | |
download | dropbear-18ed413c685b55d8032a2a80a195e284b4e280a8.tar.gz |
fix uninitialised memory in fuzzer codepath
-rw-r--r-- | packet.c | 8 |
1 files changed, 5 insertions, 3 deletions
@@ -364,9 +364,11 @@ static int checkmac() { #if DROPBEAR_FUZZ if (fuzz.fuzzing) { - /* fail 1 in 2000 times to test error path. - note that mac_bytes is all zero prior to kex, so don't test ==0 ! */ - unsigned int value = *((unsigned int*)&mac_bytes); + /* fail 1 in 2000 times to test error path. */ + unsigned int value = 0; + if (mac_size > sizeof(value)) { + memcpy(&value, mac_bytes, sizeof(value)); + } if (value % 2000 == 99) { return DROPBEAR_FAILURE; } |