/src/strongswan/fuzz/fuzz_radius.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright (C) 2026 Arthur SC Chan |
3 | | * |
4 | | * Copyright (C) secunet Security Networks AG |
5 | | * |
6 | | * This program is free software; you can redistribute it and/or modify it |
7 | | * under the terms of the GNU General Public License as published by the |
8 | | * Free Software Foundation; either version 2 of the License, or (at your |
9 | | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. |
10 | | * |
11 | | * This program is distributed in the hope that it will be useful, but |
12 | | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY |
13 | | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
14 | | * for more details. |
15 | | */ |
16 | | |
17 | | #include <library.h> |
18 | | #include <utils/debug.h> |
19 | | #include <radius_message.h> |
20 | | |
21 | | int LLVMFuzzerInitialize(int *argc, char ***argv) |
22 | 4 | { |
23 | 4 | dbg_default_set_level(-1); |
24 | 4 | library_init(NULL, "fuzz_radius"); |
25 | 4 | if (!lib->plugins->load(lib->plugins, PLUGINS)) |
26 | 0 | { |
27 | 0 | return 1; |
28 | 0 | } |
29 | 4 | return 0; |
30 | 4 | } |
31 | | |
32 | | int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) |
33 | 297 | { |
34 | 297 | enumerator_t *enumerator; |
35 | 297 | radius_message_t *msg; |
36 | 297 | hasher_t *hasher; |
37 | 297 | signer_t *signer; |
38 | 297 | chunk_t data, attr_data; |
39 | 297 | int type, count, vendor; |
40 | | |
41 | 297 | if (len < 20) |
42 | 8 | { |
43 | 8 | return 0; |
44 | 8 | } |
45 | | |
46 | 289 | data = chunk_create((u_char*)buf, len); |
47 | 289 | msg = radius_message_parse(data); |
48 | | |
49 | 289 | if (msg) |
50 | 231 | { |
51 | 231 | enumerator = msg->create_enumerator(msg); |
52 | 231 | count = 0; |
53 | 64.4k | while (count++ < 10000 && |
54 | 64.4k | enumerator->enumerate(enumerator, &type, &attr_data)); |
55 | 231 | enumerator->destroy(enumerator); |
56 | | |
57 | 231 | enumerator = msg->create_vendor_enumerator(msg); |
58 | 231 | count = 0; |
59 | 10.6k | while (count++ < 10000 && |
60 | 10.6k | enumerator->enumerate(enumerator, &vendor, &type, &attr_data)); |
61 | 231 | enumerator->destroy(enumerator); |
62 | | |
63 | 231 | hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); |
64 | 231 | signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128); |
65 | 231 | if (!hasher || !signer) |
66 | 0 | { |
67 | 0 | return 1; |
68 | 0 | } |
69 | 231 | msg->verify(msg, NULL, chunk_empty, hasher, signer); |
70 | 231 | hasher->destroy(hasher); |
71 | 231 | signer->destroy(signer); |
72 | 231 | msg->destroy(msg); |
73 | 231 | } |
74 | 289 | return 0; |
75 | 289 | } |