fix uninitialised memory in fuzzer codepath

author: Matt Johnston <matt@ucc.asn.au> 2018-03-06 22:02:19 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2018-03-06 22:02:19 +0800
commit: 18ed413c685b55d8032a2a80a195e284b4e280a8 (patch)
tree: 37aff2b19ce4412cb0b5fc201ccb8c7bdaecfa93
parent: b22998218071612e9124fb5400b7499027aecd53 (diff)
download: dropbear-18ed413c685b55d8032a2a80a195e284b4e280a8.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/packet.c b/packet.c
index 90470ee..cacc06d 100644
--- a/packet.c
+++ b/packet.c
@@ -364,9 +364,11 @@ static int checkmac() {
 
 #if DROPBEAR_FUZZ
 	if (fuzz.fuzzing) {
-		/* fail 1 in 2000 times to test error path.
-		   note that mac_bytes is all zero prior to kex, so don't test ==0 ! */
-		unsigned int value = *((unsigned int*)&mac_bytes);
+	 	/* fail 1 in 2000 times to test error path. */
+		unsigned int value = 0;
+		if (mac_size > sizeof(value)) {
+			memcpy(&value, mac_bytes, sizeof(value));
+		}
 		if (value % 2000 == 99) {
 			return DROPBEAR_FAILURE;
 		}
author	Matt Johnston <matt@ucc.asn.au>	2018-03-06 22:02:19 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2018-03-06 22:02:19 +0800
commit	18ed413c685b55d8032a2a80a195e284b4e280a8 (patch)
tree	37aff2b19ce4412cb0b5fc201ccb8c7bdaecfa93
parent	b22998218071612e9124fb5400b7499027aecd53 (diff)
download	dropbear-18ed413c685b55d8032a2a80a195e284b4e280a8.tar.gz