From 9f2b42382cf6088c35cfb14fbe4b4533bc005625 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 9 Nov 2023 09:35:51 +0100
Subject: [PATCH] fuzz: Use ssh_writen to avoid short reads

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Eshan Kelkar <eshankelkar@galorithm.com>
---
 tests/fuzz/ssh_pubkey_fuzzer.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/tests/fuzz/ssh_pubkey_fuzzer.c b/tests/fuzz/ssh_pubkey_fuzzer.c
index 01b08449..70c94948 100644
--- a/tests/fuzz/ssh_pubkey_fuzzer.c
+++ b/tests/fuzz/ssh_pubkey_fuzzer.c
@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+#include "config.h"
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -20,18 +21,19 @@
 
 #define LIBSSH_STATIC 1
 #include "libssh/libssh.h"
+#include "libssh/misc.h"
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     ssh_key pkey = NULL;
-    const char *template = "/tmp/libssh_pubkey_XXXXXX";
-    char *filename = strdup(template);
+    char *filename = NULL;
     int fd;
     int rc;
     ssize_t sz;
 
     ssh_init();
 
+    filename = strdup("/tmp/libssh_pubkey_XXXXXX");
     if (filename == NULL) {
         return -1;
     }
@@ -41,9 +43,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         close(fd);
         return -1;
     }
-    sz = write(fd, data, size);
+    sz = ssh_writen(fd, data, size);
     close(fd);
-    if ((size_t)sz != size) {
+    if (sz == SSH_ERROR) {
         unlink(filename);
         free(filename);
         return -1;