Coverage Report

Created: 2026-06-30 06:45

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/open62541_15/tests/fuzz/fuzz_certificate_parse.cc
Line
Count
Source
1
/* This Source Code Form is subject to the terms of the Mozilla Public
2
 * License, v. 2.0. If a copy of the MPL was not distributed with this
3
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5
#include <open62541/config.h>
6
7
#ifdef UA_ENABLE_ENCRYPTION
8
9
#include "custom_memory_manager.h"
10
11
#include <open62541/plugin/certificategroup.h>
12
#include <open62541/types.h>
13
14
/*
15
 * Fuzz X.509 certificate parsing utilities.
16
 * Tests parsing of DER-encoded certificates with various utility functions.
17
 * This targets the certificate validation code that processes untrusted
18
 * certificates from the network (OPN path).
19
 *
20
 * Byte 0: operation selector
21
 * Last 4 bytes: memory limit
22
 * Remaining: certificate data (DER format)
23
 */
24
extern "C" int
25
404
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
26
404
    if(size <= 5)
27
8
        return 0;
28
29
396
    if(!UA_memoryManager_setLimitFromLast4Bytes(data, size))
30
0
        return 0;
31
396
    size -= 4;
32
33
396
    uint8_t op = data[0];
34
396
    data++;
35
396
    size--;
36
37
396
    UA_ByteString cert;
38
396
    cert.data = (UA_Byte*)(void*)data;
39
396
    cert.length = size;
40
41
396
    switch(op % 6) {
42
279
    case 0: {
43
        /* Parse subject name from certificate */
44
279
        UA_String subjectName = UA_STRING_NULL;
45
279
        UA_CertificateUtils_getSubjectName(&cert, &subjectName);
46
279
        UA_String_clear(&subjectName);
47
279
        break;
48
0
    }
49
21
    case 1: {
50
        /* Parse expiration date */
51
21
        UA_DateTime expiryDate = 0;
52
21
        UA_CertificateUtils_getExpirationDate(&cert, &expiryDate);
53
21
        break;
54
0
    }
55
4
    case 2: {
56
        /* Parse thumbprint */
57
4
        UA_String thumbprint = UA_STRING_NULL;
58
4
        UA_CertificateUtils_getThumbprint(&cert, &thumbprint);
59
4
        UA_String_clear(&thumbprint);
60
4
        break;
61
0
    }
62
47
    case 3: {
63
        /* Parse key size */
64
47
        size_t keySize = 0;
65
47
        UA_CertificateUtils_getKeySize(&cert, &keySize);
66
47
        break;
67
0
    }
68
23
    case 4: {
69
        /* Check if certificate is a CA certificate */
70
23
        UA_CertificateUtils_checkCA(&cert);
71
23
        break;
72
0
    }
73
22
    case 5: {
74
        /* Verify application URI */
75
22
        UA_String uri = UA_STRING((char*)"urn:test:app");
76
22
        UA_CertificateUtils_verifyApplicationUri(&cert, &uri);
77
22
        break;
78
0
    }
79
396
    }
80
81
396
    return 0;
82
396
}
83
84
#else /* UA_ENABLE_ENCRYPTION */
85
86
#include <stdint.h>
87
#include <stddef.h>
88
89
extern "C" int
90
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
91
    (void)data;
92
    (void)size;
93
    return 0;
94
}
95
96
#endif
97