From 55aab29c1ea2b8103aa0f0ecb20c058ff200fe27 Mon Sep 17 00:00:00 2001 From: Hardik Shah Date: Mon, 13 Feb 2023 08:19:23 +0530 Subject: Add fuzz test for v3name v3name_fuzzer build modifications create 99-test_fuzz_v3name_fuzzer.t test corpus for cve-2023-0286 Reviewed-by: Kurt Roeckx Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/20274) --- fuzz/build.info | 10 ++++++++++ fuzz/corpora/v3name/corpus1 | Bin 0 -> 2 bytes fuzz/v3name.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 54 insertions(+) create mode 100644 fuzz/corpora/v3name/corpus1 create mode 100644 fuzz/v3name.c (limited to 'fuzz') diff --git a/fuzz/build.info b/fuzz/build.info index 91d8143207..bdeb075fdd 100644 --- a/fuzz/build.info +++ b/fuzz/build.info @@ -11,6 +11,7 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}] PROGRAMS{noinst}=asn1 asn1parse bignum bndiv client conf crl server smime x509 PROGRAMS{noinst}=punycode + PROGRAMS{noinst}=v3name IF[{- !$disabled{"cmp"} -}] PROGRAMS{noinst}=cmp @@ -72,6 +73,10 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}] INCLUDE[smime]=../include {- $ex_inc -} DEPEND[smime]=../libcrypto ../libssl {- $ex_lib -} + SOURCE[v3name]=v3name.c driver.c + INCLUDE[v3name]=../include {- $ex_inc -} + DEPEND[v3name]=../libcrypto.a {- $ex_lib -} + SOURCE[server]=server.c driver.c fuzz_rand.c INCLUDE[server]=../include {- $ex_inc -} DEPEND[server]=../libcrypto ../libssl {- $ex_lib -} @@ -84,6 +89,7 @@ ENDIF IF[{- !$disabled{tests} -}] PROGRAMS{noinst}=asn1-test asn1parse-test bignum-test bndiv-test client-test conf-test crl-test server-test smime-test x509-test PROGRAMS{noinst}=punycode-test + PROGRAMS{noinst}=v3name-test IF[{- !$disabled{"cmp"} -}] PROGRAMS{noinst}=cmp-test @@ -146,6 +152,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[smime-test]=../include DEPEND[smime-test]=../libcrypto ../libssl + SOURCE[v3name-test]=v3name.c test-corpus.c + INCLUDE[v3name-test]=../include + DEPEND[v3name-test]=../libcrypto.a + SOURCE[server-test]=server.c test-corpus.c fuzz_rand.c INCLUDE[server-test]=../include DEPEND[server-test]=../libcrypto ../libssl diff --git a/fuzz/corpora/v3name/corpus1 b/fuzz/corpora/v3name/corpus1 new file mode 100644 index 0000000000..1c2c7249db Binary files /dev/null and b/fuzz/corpora/v3name/corpus1 differ diff --git a/fuzz/v3name.c b/fuzz/v3name.c new file mode 100644 index 0000000000..2c7f94e17f --- /dev/null +++ b/fuzz/v3name.c @@ -0,0 +1,44 @@ +/* + * Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include "internal/nelem.h" +#include "fuzzer.h" + +int FuzzerInitialize(int *argc, char ***argv) +{ + return 1; +} + +int FuzzerTestOneInput(const uint8_t* data, size_t size){ + GENERAL_NAME *namesa; + GENERAL_NAME *namesb; + + const unsigned char *derp = data; + /* + * We create two versions of each GENERAL_NAME so that we ensure when + * we compare them they are always different pointers. + */ + namesa = d2i_GENERAL_NAME(NULL, &derp, size); + derp = data; + namesb = d2i_GENERAL_NAME(NULL, &derp, size); + GENERAL_NAME_cmp(namesa, namesb); + if (namesa != NULL) + GENERAL_NAME_free(namesa); + if (namesb != NULL) + GENERAL_NAME_free(namesb); + return 0; +} + +void FuzzerCleanup(void) +{ +} -- cgit v1.2.3