/src/libtasn1/fuzz/libtasn1_array2tree_fuzzer.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright(c) 2019 Free Software Foundation, Inc. |
3 | | * |
4 | | * This file is part of libtasn1. |
5 | | * |
6 | | * Libtasn1 is free software: you can redistribute it and/or modify |
7 | | * it under the terms of the GNU Lesser General Public License as published by |
8 | | * the Free Software Foundation, either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * Libtasn1 is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU Lesser General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU Lesser General Public License |
17 | | * along with libtasn1. If not, see <https://www.gnu.org/licenses/>. |
18 | | * |
19 | | * This fuzzer is testing asn1_array2tree()'s robustness with arbitrary |
20 | | * input data. |
21 | | */ |
22 | | |
23 | | #include <config.h> |
24 | | |
25 | | #include <assert.h> /* assert */ |
26 | | #include <stdlib.h> /* malloc, free */ |
27 | | #include <string.h> /* memcpy */ |
28 | | |
29 | | #include "libtasn1.h" |
30 | | #include "fuzzer.h" |
31 | | |
32 | | const asn1_static_node pkix_asn1_tab[] = { |
33 | | {"PKIX1Implicit88", 536875024, NULL}, |
34 | | {NULL, 0, NULL} |
35 | | }; |
36 | | |
37 | 8.35k | #define NAMESIZE 20 |
38 | 8.35k | #define VALUESIZE 20 |
39 | | struct fuzz_elem |
40 | | { |
41 | | unsigned int type; |
42 | | char name[NAMESIZE]; |
43 | | char value[VALUESIZE]; |
44 | | }; |
45 | | |
46 | | #define MAXELEM 100 |
47 | 1.17k | #define MAXDATASIZE (100 * sizeof(struct fuzz_elem)) |
48 | | |
49 | | int |
50 | | LLVMFuzzerTestOneInput (const uint8_t *data, size_t size) |
51 | 1.17k | { |
52 | 1.17k | struct fuzz_elem *elem; |
53 | 1.17k | int nelem = size / sizeof (struct fuzz_elem); |
54 | 1.17k | asn1_static_node tab[MAXELEM + 1]; /* avoid VLA here */ |
55 | 1.17k | int it; |
56 | 1.17k | int result; |
57 | 1.17k | asn1_node node = NULL; |
58 | 1.17k | char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; |
59 | | |
60 | 1.17k | if (size > MAXDATASIZE) /* same as max_len = <MAXDATASIZE> in .options file */ |
61 | 8 | return 0; |
62 | | |
63 | 1.16k | elem = (struct fuzz_elem *) malloc (size); |
64 | 1.16k | assert (elem != NULL); |
65 | 1.16k | memcpy (elem, data, size); |
66 | | |
67 | 9.52k | for (it = 0; it < nelem; it++) |
68 | 8.35k | { |
69 | 8.35k | tab[it].type = elem[it].type; |
70 | 8.35k | elem[it].name[NAMESIZE - 1] = 0; |
71 | 8.35k | if (strcmp (elem[it].name, "NULL")) |
72 | 8.23k | tab[it].name = elem[it].name; |
73 | 125 | else |
74 | 125 | tab[it].name = NULL; |
75 | 8.35k | elem[it].value[VALUESIZE - 1] = 0; |
76 | 8.35k | if (strcmp (elem[it].value, "NULL")) |
77 | 7.53k | tab[it].value = elem[it].value; |
78 | 820 | else |
79 | 820 | tab[it].value = NULL; |
80 | 8.35k | } |
81 | | |
82 | | /* end-of-array indicator */ |
83 | 1.16k | tab[nelem].type = 0; |
84 | 1.16k | tab[nelem].name = NULL; |
85 | 1.16k | tab[nelem].value = NULL; |
86 | | |
87 | 1.16k | result = asn1_array2tree (tab, &node, errorDescription); |
88 | | |
89 | 1.16k | if (result == ASN1_SUCCESS) |
90 | 508 | asn1_delete_structure (&node); |
91 | | |
92 | 1.16k | free (elem); |
93 | | |
94 | 1.16k | return 0; |
95 | 1.16k | } |