[Bug 3776] New: Fuzzing harness agent_fuzz fails to initialize websafe_allowlist

bugzilla-daemon Wed, 15 Jan 2025 07:28:03 -0800

https://bugzilla.mindrot.org/show_bug.cgi?id=3776


            Bug ID: 3776
           Summary: Fuzzing harness agent_fuzz fails to initialize
                    websafe_allowlist
           Product: Portable OpenSSH
           Version: 9.9p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Regression tests
          Assignee: unassigned-b...@mindrot.org
          Reporter: leon.we...@rub.de

Created attachment 3852
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3852&action=edit
Patch suggestion

The `main` function of ssh_agent makes sure to initialize
`websafe_allowlist`, which is used in `process_sign_request2`. The
fuzzer for this component does not use the main function, but calls
`process_sign_request2` directly, leaving the value uninitialized.

Fuzzing inputs reaching this code cause a NULL ptr dereference. 

This seems to be an issue only present in the fuzzing code, but leads
to false positives and untested code beyond this point.

I attached a potential patch for this bug, mimicking the default for
ssh_agent.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3776] New: Fuzzing harness agent_fuzz fails to initialize websafe_allowlist

Reply via email to