diff options
author | Hardik Shah <hardik05@gmail.com> | 2023-02-13 08:19:23 +0530 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-03-01 20:25:15 +1100 |
commit | 55aab29c1ea2b8103aa0f0ecb20c058ff200fe27 (patch) | |
tree | 462c175e8721fc0d64a6b8832ac561e41d7df3f1 /fuzz | |
parent | 1735531c8ba7542e5fb2fe2f0becddb595955ace (diff) |
Add fuzz test for v3name
v3name_fuzzer build modifications
create 99-test_fuzz_v3name_fuzzer.t
test corpus for cve-2023-0286
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20274)
Diffstat (limited to 'fuzz')
-rw-r--r-- | fuzz/build.info | 10 | ||||
-rw-r--r-- | fuzz/corpora/v3name/corpus1 | bin | 0 -> 2 bytes | |||
-rw-r--r-- | fuzz/v3name.c | 44 |
3 files changed, 54 insertions, 0 deletions
diff --git a/fuzz/build.info b/fuzz/build.info index 91d8143207..bdeb075fdd 100644 --- a/fuzz/build.info +++ b/fuzz/build.info @@ -11,6 +11,7 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}] PROGRAMS{noinst}=asn1 asn1parse bignum bndiv client conf crl server smime x509 PROGRAMS{noinst}=punycode + PROGRAMS{noinst}=v3name IF[{- !$disabled{"cmp"} -}] PROGRAMS{noinst}=cmp @@ -72,6 +73,10 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}] INCLUDE[smime]=../include {- $ex_inc -} DEPEND[smime]=../libcrypto ../libssl {- $ex_lib -} + SOURCE[v3name]=v3name.c driver.c + INCLUDE[v3name]=../include {- $ex_inc -} + DEPEND[v3name]=../libcrypto.a {- $ex_lib -} + SOURCE[server]=server.c driver.c fuzz_rand.c INCLUDE[server]=../include {- $ex_inc -} DEPEND[server]=../libcrypto ../libssl {- $ex_lib -} @@ -84,6 +89,7 @@ ENDIF IF[{- !$disabled{tests} -}] PROGRAMS{noinst}=asn1-test asn1parse-test bignum-test bndiv-test client-test conf-test crl-test server-test smime-test x509-test PROGRAMS{noinst}=punycode-test + PROGRAMS{noinst}=v3name-test IF[{- !$disabled{"cmp"} -}] PROGRAMS{noinst}=cmp-test @@ -146,6 +152,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[smime-test]=../include DEPEND[smime-test]=../libcrypto ../libssl + SOURCE[v3name-test]=v3name.c test-corpus.c + INCLUDE[v3name-test]=../include + DEPEND[v3name-test]=../libcrypto.a + SOURCE[server-test]=server.c test-corpus.c fuzz_rand.c INCLUDE[server-test]=../include DEPEND[server-test]=../libcrypto ../libssl diff --git a/fuzz/corpora/v3name/corpus1 b/fuzz/corpora/v3name/corpus1 Binary files differnew file mode 100644 index 0000000000..1c2c7249db --- /dev/null +++ b/fuzz/corpora/v3name/corpus1 diff --git a/fuzz/v3name.c b/fuzz/v3name.c new file mode 100644 index 0000000000..2c7f94e17f --- /dev/null +++ b/fuzz/v3name.c @@ -0,0 +1,44 @@ +/* + * Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <string.h> +#include <openssl/e_os2.h> +#include <openssl/x509.h> +#include <openssl/x509v3.h> +#include "internal/nelem.h" +#include "fuzzer.h" + +int FuzzerInitialize(int *argc, char ***argv) +{ + return 1; +} + +int FuzzerTestOneInput(const uint8_t* data, size_t size){ + GENERAL_NAME *namesa; + GENERAL_NAME *namesb; + + const unsigned char *derp = data; + /* + * We create two versions of each GENERAL_NAME so that we ensure when + * we compare them they are always different pointers. + */ + namesa = d2i_GENERAL_NAME(NULL, &derp, size); + derp = data; + namesb = d2i_GENERAL_NAME(NULL, &derp, size); + GENERAL_NAME_cmp(namesa, namesb); + if (namesa != NULL) + GENERAL_NAME_free(namesa); + if (namesb != NULL) + GENERAL_NAME_free(namesb); + return 0; +} + +void FuzzerCleanup(void) +{ +} |