From 5c69f9423e0787880d45e6408c35a3d79233791e Mon Sep 17 00:00:00 2001
From: Toby Murray <toby.murray@unimelb.edu.au>
Date: Mon, 9 Sep 2019 16:32:37 +1000
Subject: [PATCH] don't check master pw when fuzzing etc. but vulns might still
 reveal it

---
 src/passbook.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/passbook.c b/src/passbook.c
index 9f58f15..3958918 100644
--- a/src/passbook.c
+++ b/src/passbook.c
@@ -474,15 +474,16 @@ static int execute(void){
     if (numToks != 2){
       return -1;
     }
+    // when fuzzing (or gathering coverage stats, etc.) don't check master pw
+#ifndef PASSBOOK_FUZZ
     const char * pass = getpass("Enter master password: ");
     if (pass == NULL || strcmp(pass,toks[1]) != 0){
       fprintf(stderr,"Master password incorrect!\n");
-#ifdef PASSBOOK_FUZZ  // actually don't exit but keep going when fuzzing
-      return -1;
-#else
       exit(1); // exit immediately
-#endif
     }
+#else
+    return -1; 
+#endif    
 
   } else if (strcmp(toks[0],INSTRUCTION_LIST) == 0){
     if (numToks != 1){
-- 
GitLab