Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/krb5/src/tests/fuzzing/fuzz_gss.c
34907 views
1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */

2
/* tests/fuzzing/fuzz_gss.c */

3
/*

4
 * Copyright (C) 2024 by Arjun. All rights reserved.

5
 *

6
 * Redistribution and use in source and binary forms, with or without

7
 * modification, are permitted provided that the following conditions

8
 * are met:

9
 *

10
 * * Redistributions of source code must retain the above copyright

11
 *   notice, this list of conditions and the following disclaimer.

12
 *

13
 * * Redistributions in binary form must reproduce the above copyright

14
 *   notice, this list of conditions and the following disclaimer in

15
 *   the documentation and/or other materials provided with the

16
 *   distribution.

17
 *

18
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

19
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

20
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

21
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

22
 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,

23
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

24
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

25
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

26
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

27
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

28
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

29
 * OF THE POSSIBILITY OF SUCH DAMAGE.

30
 */

31


32
/*

33
 * Fuzzing harness implementation for gss_accept_sec_context.

34
 */

35


36
#include "autoconf.h"

37
#include <krb5.h>

38
#include <gssapi.h>

39
#include <string.h>

40


41
#define kMinInputLength 2

42
#define kMaxInputLength 1024

43


44
extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);

45


46
int

47
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)

48
{

49
    gss_OID doid;

50
    OM_uint32 minor, ret_flags, time_rec;

51
    gss_name_t client = GSS_C_NO_NAME;

52
    gss_ctx_id_t context = GSS_C_NO_CONTEXT;

53
    gss_cred_id_t deleg_cred = GSS_C_NO_CREDENTIAL;

54
    gss_buffer_desc data_in, data_out = GSS_C_EMPTY_BUFFER;

55


56
    if (size < kMinInputLength || size > kMaxInputLength)

57
        return 0;

58


59
    data_in.length = size;

60
    data_in.value = (void *)data;

61


62
    gss_accept_sec_context(&minor, &context, GSS_C_NO_CREDENTIAL,

63
                           &data_in, GSS_C_NO_CHANNEL_BINDINGS, &client,

64
                           &doid, &data_out, &ret_flags, &time_rec,

65
                           &deleg_cred);

66


67
    gss_release_buffer(&minor, &data_out);

68


69
    if (context != GSS_C_NO_CONTEXT)

70
        gss_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);

71


72
    return 0;

73
}

74


75