[openssh-commits] [openssh] 02/02: allow a fuzz case to contain more than one request

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit a5dfc5bae8c16e2a7caf564758d812c7672480b5
Author: Damien Miller <djm at mindrot.org>
Date:   Sat Jan 30 16:32:29 2021 +1100

    allow a fuzz case to contain more than one request
    
    loop until input buffer empty, no message consumed or 256 messages
    processed
---
 regress/misc/fuzz-harness/agent_fuzz_helper.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/regress/misc/fuzz-harness/agent_fuzz_helper.c b/regress/misc/fuzz-harness/agent_fuzz_helper.c
index 1ea15763..1d419820 100644
--- a/regress/misc/fuzz-harness/agent_fuzz_helper.c
+++ b/regress/misc/fuzz-harness/agent_fuzz_helper.c
@@ -147,10 +147,12 @@ reset_sockettab(int devnull)
 	assert(sockets[0].fd == fd);
 }
 
+#define MAX_MESSAGES 256
 void
 test_one(const uint8_t* s, size_t slen)
 {
 	static int devnull = -1;
+	size_t i, olen, nlen;
 
 	if (devnull == -1) {
 		log_init(__progname, SYSLOG_LEVEL_DEBUG3,
@@ -163,7 +165,13 @@ test_one(const uint8_t* s, size_t slen)
 	reset_idtab();
 	reset_sockettab(devnull);
 	(void)sshbuf_put(sockets[0].input, s, slen);
-	process_message(0);
+	for (i = 0; i < MAX_MESSAGES; i++) {
+		olen = sshbuf_len(sockets[0].input);
+		process_message(0);
+		nlen = sshbuf_len(sockets[0].input);
+		if (nlen == 0 || nlen == olen)
+			break;
+	}
 	cleanup_idtab();
 	cleanup_sockettab();
 }

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.