fuzz: Set smaller connection timeouts to avoid fuzzing timeouts

The client fuzzer can get stuck in poll call, when there is long connection timeout and there are no usable message from the peer. Setting smaller user timeout allows us spend more time productively fuzzing and exit early when there is no message from peer. Thanks oss-fuzz. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56935 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com>
2025-07-29 13:01:13 +03:00 · 2023-04-19 13:21:56 +02:00
parent 2122fc3dcb
commit a12a8a0153
1 changed files with 3 additions and 0 deletions
--- a/tests/fuzz/ssh_client_fuzzer.c
+++ b/tests/fuzz/ssh_client_fuzzer.c
@ -93,6 +93,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
    ssize_t nwritten;
    bool no = false;
    int rc;
+    long timeout = 1; /* use short timeout to avoid timeouts during fuzzing */

    /* This is the maximum that can be handled by the socket buffer before the
     * other side will read some data. Other option would be feeding the socket
@ -137,6 +138,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
    assert(rc == 0);
    rc = ssh_options_set(session, SSH_OPTIONS_PROCESS_CONFIG, &no);
    assert(rc == 0);
+    rc = ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &timeout);
+    assert(rc == 0);

    ssh_callbacks_init(&cb);
    ssh_set_callbacks(session, &cb);