bugzilla-daemon at mindrot.org
2025-Jan-15 15:27 UTC
[Bug 3776] New: Fuzzing harness agent_fuzz fails to initialize websafe_allowlist
https://bugzilla.mindrot.org/show_bug.cgi?id=3776
Bug ID: 3776
Summary: Fuzzing harness agent_fuzz fails to initialize
websafe_allowlist
Product: Portable OpenSSH
Version: 9.9p1
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Regression tests
Assignee: unassigned-bugs at mindrot.org
Reporter: leon.weiss at rub.de
Created attachment 3852
--> https://bugzilla.mindrot.org/attachment.cgi?id=3852&action=edit
Patch suggestion
The `main` function of ssh_agent makes sure to initialize
`websafe_allowlist`, which is used in `process_sign_request2`. The
fuzzer for this component does not use the main function, but calls
`process_sign_request2` directly, leaving the value uninitialized.
Fuzzing inputs reaching this code cause a NULL ptr dereference.
This seems to be an issue only present in the fuzzing code, but leads
to false positives and untested code beyond this point.
I attached a potential patch for this bug, mimicking the default for
ssh_agent.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Mar-13 20:20 UTC
[Bug 3776] Fuzzing harness agent_fuzz fails to initialize websafe_allowlist
https://bugzilla.mindrot.org/show_bug.cgi?id=3776
leon.weiss at rub.de changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |leon.weiss at rub.de
Severity|normal |major
Version|9.9p1 |-current
--
You are receiving this mail because:
You are watching the assignee of the bug.
Reasonably Related Threads
- [Bug 3774] New: Fuzzing-harness for sntrup761 broken on Ubuntu 24 LTS
- [Bug 3752] New: ssh agent with host constraints fails creating a signature
- Gnome Logouts -- are very slow or they hang -- 2nd post
- OpenSSH 7.6p1 ssh-agent exiting if passed an invalid key blob
- Re: Fuzzing Questions