fuzzing: Add fuzzer for CRL parsing
authorTobias Brunner <tobias@strongswan.org>
Tue, 20 Feb 2018 16:51:55 +0000 (17:51 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 20 Feb 2018 16:54:08 +0000 (17:54 +0100)
fuzz/.gitignore
fuzz/Makefile.am
fuzz/fuzz_crls.c [new file with mode: 0644]

index 64271a6..cbc050f 100644 (file)
@@ -1 +1,2 @@
-fuzz_certs
\ No newline at end of file
+fuzz_certs
+fuzz_crls
\ No newline at end of file
index bdc3e2e..3962896 100644 (file)
@@ -8,7 +8,7 @@ fuzz_ldflags = ${libfuzzer} \
        -Wl,-Bstatic -lgmp -Wl,-Bdynamic \
        @FUZZING_LDFLAGS@
 
-FUZZ_TARGETS=fuzz_certs
+FUZZ_TARGETS=fuzz_certs fuzz_crls
 
 all-local: $(FUZZ_TARGETS)
 
@@ -17,6 +17,9 @@ CLEANFILES=$(FUZZ_TARGETS)
 fuzz_certs: fuzz_certs.c ${libfuzzer}
        $(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
 
+fuzz_crls: fuzz_crls.c ${libfuzzer}
+       $(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
+
 noinst_LIBRARIES = libFuzzerLocal.a
 libFuzzerLocal_a_SOURCES = libFuzzerLocal.c
 libFuzzerLocal_a_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
diff --git a/fuzz/fuzz_crls.c b/fuzz/fuzz_crls.c
new file mode 100644 (file)
index 0000000..c481edd
--- /dev/null
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <library.h>
+#include <utils/debug.h>
+
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+       certificate_t *cert;
+       chunk_t chunk;
+
+       dbg_default_set_level(-1);
+       library_init(NULL, "fuzz_crls");
+       plugin_loader_add_plugindirs(PLUGINDIR, PLUGINS);
+       if (!lib->plugins->load(lib->plugins, PLUGINS))
+       {
+               return 1;
+       }
+
+       chunk = chunk_create((u_char*)buf, len);
+       cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
+                                                         BUILD_BLOB, chunk, BUILD_END);
+       DESTROY_IF(cert);
+
+       lib->plugins->unload(lib->plugins);
+       library_deinit();
+       return 0;
+}