diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2022-12-13 22:10:47 +0100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-06-01 10:04:32 +1000 |
commit | bc07d371865095643ec4f7190f26b174830a2f02 (patch) | |
tree | 000a6da7de690df3c02698fec6ef9dc1e1e6fde0 /fuzz/pem.c | |
parent | 3410a72dce57651e08d5d2143409cde0205a8f3b (diff) |
Add PEM fuzzer
This fuzzer can find CVE-2022-4450
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20242)
Diffstat (limited to 'fuzz/pem.c')
-rw-r--r-- | fuzz/pem.c | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/fuzz/pem.c b/fuzz/pem.c new file mode 100644 index 0000000000..4b2cf701e7 --- /dev/null +++ b/fuzz/pem.c @@ -0,0 +1,59 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +#include <openssl/pem.h> +#include <openssl/err.h> +#include "fuzzer.h" + +int FuzzerInitialize(int *argc, char ***argv) +{ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_clear_error(); + CRYPTO_free_ex_index(0, -1); + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + BIO *in; + char *name = NULL, *header = NULL; + unsigned char *data = NULL; + long outlen; + + if (len <= 1) + return 0; + + in = BIO_new(BIO_s_mem()); + OPENSSL_assert((size_t)BIO_write(in, buf + 1, len - 1) == len - 1); + if (PEM_read_bio_ex(in, &name, &header, &data, &outlen, buf[0]) == 1) { + /* Try to read all the data we get to see if allocated properly. */ + BIO_write(in, name, strlen(name)); + BIO_write(in, header, strlen(header)); + BIO_write(in, data, outlen); + } + if (buf[0] & PEM_FLAG_SECURE) { + OPENSSL_secure_free(name); + OPENSSL_secure_free(header); + OPENSSL_secure_free(data); + } else { + OPENSSL_free(name); + OPENSSL_free(header); + OPENSSL_free(data); + } + + BIO_free(in); + ERR_clear_error(); + + return 0; +} + +void FuzzerCleanup(void) +{ +} |