diff options
author | Damien Miller <djm@mindrot.org> | 2021-01-30 16:32:29 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2021-01-30 16:32:29 +1100 |
commit | a5dfc5bae8c16e2a7caf564758d812c7672480b5 (patch) | |
tree | 953d6e3b24b428174a4a73789561dc90f0f5eddc | |
parent | 0ef24ad60204022f7e33b6e9d171172c50514132 (diff) |
allow a fuzz case to contain more than one request
loop until input buffer empty, no message consumed or 256 messages
processed
-rw-r--r-- | regress/misc/fuzz-harness/agent_fuzz_helper.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/regress/misc/fuzz-harness/agent_fuzz_helper.c b/regress/misc/fuzz-harness/agent_fuzz_helper.c index 1ea15763..1d419820 100644 --- a/regress/misc/fuzz-harness/agent_fuzz_helper.c +++ b/regress/misc/fuzz-harness/agent_fuzz_helper.c @@ -147,10 +147,12 @@ reset_sockettab(int devnull) assert(sockets[0].fd == fd); } +#define MAX_MESSAGES 256 void test_one(const uint8_t* s, size_t slen) { static int devnull = -1; + size_t i, olen, nlen; if (devnull == -1) { log_init(__progname, SYSLOG_LEVEL_DEBUG3, @@ -163,7 +165,13 @@ test_one(const uint8_t* s, size_t slen) reset_idtab(); reset_sockettab(devnull); (void)sshbuf_put(sockets[0].input, s, slen); - process_message(0); + for (i = 0; i < MAX_MESSAGES; i++) { + olen = sshbuf_len(sockets[0].input); + process_message(0); + nlen = sshbuf_len(sockets[0].input); + if (nlen == 0 || nlen == olen) + break; + } cleanup_idtab(); cleanup_sockettab(); } |