Coverage Report

Created: 2026-06-10 06:27

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/strongswan/fuzz/fuzz_radius.c
Line
Count
Source
1
/*
2
 * Copyright (C) 2026 Arthur SC Chan
3
 *
4
 * Copyright (C) secunet Security Networks AG
5
 *
6
 * This program is free software; you can redistribute it and/or modify it
7
 * under the terms of the GNU General Public License as published by the
8
 * Free Software Foundation; either version 2 of the License, or (at your
9
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
10
 *
11
 * This program is distributed in the hope that it will be useful, but
12
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
 * for more details.
15
 */
16
17
#include <library.h>
18
#include <utils/debug.h>
19
#include <radius_message.h>
20
21
int LLVMFuzzerInitialize(int *argc, char ***argv)
22
4
{
23
4
  dbg_default_set_level(-1);
24
4
  library_init(NULL, "fuzz_radius");
25
4
  if (!lib->plugins->load(lib->plugins, PLUGINS))
26
0
  {
27
0
    return 1;
28
0
  }
29
4
  return 0;
30
4
}
31
32
int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
33
297
{
34
297
  enumerator_t *enumerator;
35
297
  radius_message_t *msg;
36
297
  hasher_t *hasher;
37
297
  signer_t *signer;
38
297
  chunk_t data, attr_data;
39
297
  int type, count, vendor;
40
41
297
  if (len < 20)
42
8
  {
43
8
    return 0;
44
8
  }
45
46
289
  data = chunk_create((u_char*)buf, len);
47
289
  msg = radius_message_parse(data);
48
49
289
  if (msg)
50
231
  {
51
231
    enumerator = msg->create_enumerator(msg);
52
231
    count = 0;
53
64.4k
    while (count++ < 10000 &&
54
64.4k
         enumerator->enumerate(enumerator, &type, &attr_data));
55
231
    enumerator->destroy(enumerator);
56
57
231
    enumerator = msg->create_vendor_enumerator(msg);
58
231
    count = 0;
59
10.6k
    while (count++ < 10000 &&
60
10.6k
         enumerator->enumerate(enumerator, &vendor, &type, &attr_data));
61
231
    enumerator->destroy(enumerator);
62
63
231
    hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
64
231
    signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128);
65
231
    if (!hasher || !signer)
66
0
    {
67
0
      return 1;
68
0
    }
69
231
    msg->verify(msg, NULL, chunk_empty, hasher, signer);
70
231
    hasher->destroy(hasher);
71
231
    signer->destroy(signer);
72
231
    msg->destroy(msg);
73
231
  }
74
289
  return 0;
75
289
}