Track B (milestone 5 / §16 hardening): - tests/hostile_network.rs: in-process UDP relay/shim between a test client and a real dosh-server that can drop, reorder, and duplicate datagrams, and rebind its upstream socket mid-session. Asserts: session survives loss/reorder, duplicated/replayed Input is applied at most once, stale packets after resume are ignored (not fatal), and a client source-address change preserves the session. - tests/parser_robustness.rs: deterministic randomized tests throwing garbage at every reachable public parser (packet decode, from_body for all protocol/native structs, authorized_keys, known_hosts, host-key line, ssh-ed25519 blob, bootstrap, attach ticket); asserts none panic. - fuzz/: standalone cargo-fuzz crate (own [workspace], non-default member) with libfuzzer-sys harnesses for packet decode, from_body, authorized_keys, known_hosts, handshake structs+verifiers, and attach tickets. README documents the run command. - .github/workflows/ci.yml: add fuzz-smoke job (nightly + cargo-fuzz, short -max_total_time per target, tolerant if tooling unavailable); existing fmt/test/build/bench steps unchanged. cargo fmt --check and cargo test are green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
19 lines
648 B
Rust
19 lines
648 B
Rust
#![no_main]
|
|
//! Fuzz the authorized_keys parser, including its option lexer and the
|
|
//! ssh-ed25519 public-key blob parser it depends on. None may panic.
|
|
|
|
use libfuzzer_sys::fuzz_target;
|
|
|
|
use dosh::native::{parse_authorized_keys, parse_ssh_ed25519_public_blob};
|
|
|
|
fuzz_target!(|data: &[u8]| {
|
|
// The blob parser operates directly on raw bytes.
|
|
let _ = parse_ssh_ed25519_public_blob(data);
|
|
|
|
// The line parser operates on text; only feed valid UTF-8 (lossless),
|
|
// matching how the file is read in production via read_to_string.
|
|
if let Ok(text) = std::str::from_utf8(data) {
|
|
let _ = parse_authorized_keys(text);
|
|
}
|
|
});
|