bugzilla-daemon at mindrot.org
2025-Jan-15  15:27 UTC
[Bug 3776] New: Fuzzing harness agent_fuzz fails to initialize websafe_allowlist
https://bugzilla.mindrot.org/show_bug.cgi?id=3776
            Bug ID: 3776
           Summary: Fuzzing harness agent_fuzz fails to initialize
                    websafe_allowlist
           Product: Portable OpenSSH
           Version: 9.9p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Regression tests
          Assignee: unassigned-bugs at mindrot.org
          Reporter: leon.weiss at rub.de
Created attachment 3852
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3852&action=edit
Patch suggestion
The `main` function of ssh_agent makes sure to initialize
`websafe_allowlist`, which is used in `process_sign_request2`. The
fuzzer for this component does not use the main function, but calls
`process_sign_request2` directly, leaving the value uninitialized.
Fuzzing inputs reaching this code cause a NULL ptr dereference. 
This seems to be an issue only present in the fuzzing code, but leads
to false positives and untested code beyond this point.
I attached a potential patch for this bug, mimicking the default for
ssh_agent.
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Mar-13  20:20 UTC
[Bug 3776] Fuzzing harness agent_fuzz fails to initialize websafe_allowlist
https://bugzilla.mindrot.org/show_bug.cgi?id=3776
leon.weiss at rub.de changed:
           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |leon.weiss at rub.de
           Severity|normal                      |major
            Version|9.9p1                       |-current
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
Maybe Matching Threads
- [Bug 3774] New: Fuzzing-harness for sntrup761 broken on Ubuntu 24 LTS
- [Bug 3752] New: ssh agent with host constraints fails creating a signature
- Gnome Logouts -- are very slow or they hang -- 2nd post
- OpenSSH 7.6p1 ssh-agent exiting if passed an invalid key blob
- Re: Fuzzing Questions