fuzzer for sshsig allowed_signers option parsing

2 files changed, 36 insertions, 2 deletions

diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile
index 6ab7d721..744c1f8b 100644
--- a/regress/misc/fuzz-harness/Makefile
+++ b/regress/misc/fuzz-harness/Makefile
@@ -7,7 +7,9 @@ CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS)
 LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
 LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS)
 
-all: pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz
+TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz sshsigopt_fuzz
+
+all: $(TARGETS)
 
 .cc.o:
 	$(CXX) $(CXXFLAGS) -c $< -o $@
@@ -24,5 +26,8 @@ authopt_fuzz: authopt_fuzz.o
 sshsig_fuzz: sshsig_fuzz.o
 	$(CXX) -o $@ sshsig_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS)
 
+sshsigopt_fuzz: sshsigopt_fuzz.o
+	$(CXX) -o $@ sshsigopt_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS)
+
 clean:
-	-rm -f *.o pubkey_fuzz sig_fuzz authopt_fuzz
+	-rm -f *.o $(TARGETS)
diff --git a/regress/misc/fuzz-harness/sshsigopt_fuzz.cc b/regress/misc/fuzz-harness/sshsigopt_fuzz.cc
new file mode 100644
index 00000000..7424fcbe
--- /dev/null
+++ b/regress/misc/fuzz-harness/sshsigopt_fuzz.cc
@@ -0,0 +1,29 @@
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+
+extern "C" {
+
+#include "sshsig.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+	char *cp = (char *)malloc(size + 1);
+	struct sshsigopt *opts = NULL;
+
+	if (cp == NULL)
+		goto out;
+	memcpy(cp, data, size);
+	cp[size] = '\0';
+	if ((opts = sshsigopt_parse(cp, "libfuzzer", 0, NULL)) == NULL)
+		goto out;
+
+ out:
+	free(cp);
+	sshsigopt_free(opts);
+	return 0;
+}
+
+} // extern "C"