/src/strongswan/fuzz/fuzz_radius.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright (C) 2026 Arthur SC Chan |
3 | | * |
4 | | * Copyright (C) secunet Security Networks AG |
5 | | * |
6 | | * This program is free software; you can redistribute it and/or modify it |
7 | | * under the terms of the GNU General Public License as published by the |
8 | | * Free Software Foundation; either version 2 of the License, or (at your |
9 | | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. |
10 | | * |
11 | | * This program is distributed in the hope that it will be useful, but |
12 | | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY |
13 | | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
14 | | * for more details. |
15 | | */ |
16 | | |
17 | | #include <library.h> |
18 | | #include <utils/debug.h> |
19 | | #include <radius_message.h> |
20 | | |
21 | | int LLVMFuzzerInitialize(int *argc, char ***argv) |
22 | 2 | { |
23 | 2 | dbg_default_set_level(-1); |
24 | 2 | library_init(NULL, "fuzz_radius"); |
25 | 2 | if (!lib->plugins->load(lib->plugins, PLUGINS)) |
26 | 0 | { |
27 | 0 | return 1; |
28 | 0 | } |
29 | 2 | return 0; |
30 | 2 | } |
31 | | |
32 | | int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) |
33 | 316 | { |
34 | 316 | enumerator_t *enumerator; |
35 | 316 | radius_message_t *msg; |
36 | 316 | hasher_t *hasher; |
37 | 316 | signer_t *signer; |
38 | 316 | chunk_t data, attr_data; |
39 | 316 | int type, count, vendor; |
40 | | |
41 | 316 | if (len < 20) |
42 | 8 | { |
43 | 8 | return 0; |
44 | 8 | } |
45 | | |
46 | 308 | data = chunk_create((u_char*)buf, len); |
47 | 308 | msg = radius_message_parse(data); |
48 | | |
49 | 308 | if (msg) |
50 | 243 | { |
51 | 243 | enumerator = msg->create_enumerator(msg); |
52 | 243 | count = 0; |
53 | 87.6k | while (count++ < 10000 && |
54 | 87.6k | enumerator->enumerate(enumerator, &type, &attr_data)); |
55 | 243 | enumerator->destroy(enumerator); |
56 | | |
57 | 243 | enumerator = msg->create_vendor_enumerator(msg); |
58 | 243 | count = 0; |
59 | 28.2k | while (count++ < 10000 && |
60 | 28.2k | enumerator->enumerate(enumerator, &vendor, &type, &attr_data)); |
61 | 243 | enumerator->destroy(enumerator); |
62 | | |
63 | 243 | hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); |
64 | 243 | signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128); |
65 | 243 | if (!hasher || !signer) |
66 | 0 | { |
67 | 0 | return 1; |
68 | 0 | } |
69 | 243 | msg->verify(msg, NULL, chunk_empty, hasher, signer); |
70 | 243 | hasher->destroy(hasher); |
71 | 243 | signer->destroy(signer); |
72 | 243 | msg->destroy(msg); |
73 | 243 | } |
74 | 308 | return 0; |
75 | 308 | } |