diff options
author | Matt Johnston <matt@ucc.asn.au> | 2018-03-08 23:23:19 +0800 |
---|---|---|
committer | Matt Johnston <matt@ucc.asn.au> | 2018-03-08 23:23:19 +0800 |
commit | 516d68745c5ec10e4d8cc2e0d32ce316663ffc43 (patch) | |
tree | 1c0e8e6dcebbd1e186ea3b82a61bdc745e4983ca | |
parent | 509029f4c41e90d0ef1cc1644a99b47d42cddfe7 (diff) | |
download | dropbear-516d68745c5ec10e4d8cc2e0d32ce316663ffc43.tar.gz |
kexhashbuf was much to small in kex fuzzers
-rw-r--r-- | fuzzer-kexdh.c | 3 | ||||
-rw-r--r-- | fuzzer-kexecdh.c | 3 |
2 files changed, 2 insertions, 4 deletions
diff --git a/fuzzer-kexdh.c b/fuzzer-kexdh.c index 7d3491c..f7abea2 100644 --- a/fuzzer-kexdh.c +++ b/fuzzer-kexdh.c @@ -54,8 +54,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { dropbear_exit("Bad kex value"); } - ses.kexhashbuf = buf_new(4); - buf_putint(ses.kexhashbuf, 12345); + ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS); kexdh_comb_key(dh_param, &dh_e, svr_opts.hostkey); /* kexhashbuf is freed in kexdh_comb_key */ diff --git a/fuzzer-kexecdh.c b/fuzzer-kexecdh.c index e97682c..693aecb 100644 --- a/fuzzer-kexecdh.c +++ b/fuzzer-kexecdh.c @@ -60,8 +60,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { buffer * ecdh_qs = buf_getstringbuf(fuzz.input); - ses.kexhashbuf = buf_new(4); - buf_putint(ses.kexhashbuf, 12345); + ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS); kexecdh_comb_key(ecdh_param, ecdh_qs, svr_opts.hostkey); /* kexhashbuf is freed in kexdh_comb_key */ |