bugzilla-daemon at mindrot.org
2025-Jan-15 15:27 UTC
[Bug 3776] New: Fuzzing harness agent_fuzz fails to initialize websafe_allowlist
https://bugzilla.mindrot.org/show_bug.cgi?id=3776 Bug ID: 3776 Summary: Fuzzing harness agent_fuzz fails to initialize websafe_allowlist Product: Portable OpenSSH Version: 9.9p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: Regression tests Assignee: unassigned-bugs at mindrot.org Reporter: leon.weiss at rub.de Created attachment 3852 --> https://bugzilla.mindrot.org/attachment.cgi?id=3852&action=edit Patch suggestion The `main` function of ssh_agent makes sure to initialize `websafe_allowlist`, which is used in `process_sign_request2`. The fuzzer for this component does not use the main function, but calls `process_sign_request2` directly, leaving the value uninitialized. Fuzzing inputs reaching this code cause a NULL ptr dereference. This seems to be an issue only present in the fuzzing code, but leads to false positives and untested code beyond this point. I attached a potential patch for this bug, mimicking the default for ssh_agent. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Mar-13 20:20 UTC
[Bug 3776] Fuzzing harness agent_fuzz fails to initialize websafe_allowlist
https://bugzilla.mindrot.org/show_bug.cgi?id=3776 leon.weiss at rub.de changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |leon.weiss at rub.de Severity|normal |major Version|9.9p1 |-current -- You are receiving this mail because: You are watching the assignee of the bug.
Reasonably Related Threads
- [Bug 3774] New: Fuzzing-harness for sntrup761 broken on Ubuntu 24 LTS
- [Bug 3752] New: ssh agent with host constraints fails creating a signature
- Gnome Logouts -- are very slow or they hang -- 2nd post
- OpenSSH 7.6p1 ssh-agent exiting if passed an invalid key blob
- Re: Fuzzing Questions