Path: blob/main/crypto/krb5/src/tests/fuzzing/fuzz_util.c
34907 views
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */1/* tests/fuzzing/fuzz_util.c */2/*3* Copyright (C) 2024 by Arjun. All rights reserved.4*5* Redistribution and use in source and binary forms, with or without6* modification, are permitted provided that the following conditions7* are met:8*9* * Redistributions of source code must retain the above copyright10* notice, this list of conditions and the following disclaimer.11*12* * Redistributions in binary form must reproduce the above copyright13* notice, this list of conditions and the following disclaimer in14* the documentation and/or other materials provided with the15* distribution.16*17* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS18* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT19* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS20* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE21* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,22* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES23* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR24* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)25* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,26* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)27* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED28* OF THE POSSIBILITY OF SUCH DAMAGE.29*/3031/*32* Fuzzing harness implementation for k5_base64_decode, k5_hex_decode33* krb5_parse_name and k5_parse_host_string.34*/3536#include "autoconf.h"37#include <k5-int.h>38#include <k5-base64.h>39#include <k5-hex.h>40#include <string.h>41#include <k5-utf8.h>4243#include <hashtab.c>4445#define kMinInputLength 246#define kMaxInputLength 2564748extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);4950static void51fuzz_base64(const char *data_in, size_t size)52{53size_t len;5455free(k5_base64_encode(data_in, size));56free(k5_base64_decode(data_in, &len));57}5859static void60fuzz_hashtab(const char *data_in, size_t size)61{62int st;63struct k5_hashtab *ht;6465k5_hashtab_create(NULL, 4, &ht);66if (ht == NULL)67return;6869k5_hashtab_add(ht, data_in, size, &st);7071k5_hashtab_free(ht);72}7374static void75fuzz_hex(const char *data_in, size_t size)76{77char *hex;78uint8_t *bytes;79size_t len;8081if (k5_hex_encode(data_in, size, 0, &hex) == 0)82free(hex);8384if (k5_hex_encode(data_in, size, 1, &hex) == 0)85free(hex);8687if (k5_hex_decode(data_in, &bytes, &len) == 0)88free(bytes);89}9091static void92fuzz_name(const char *data_in, size_t size)93{94krb5_context context;95krb5_principal fuzzing;9697if (krb5_init_context(&context) != 0)98return;99100krb5_parse_name(context, data_in, &fuzzing);101102krb5_free_principal(context, fuzzing);103krb5_free_context(context);104}105106static void107fuzz_parse_host(const char *data_in, size_t size)108{109char *host_out = NULL;110int port_out = -1;111112if (k5_parse_host_string(data_in, 1, &host_out, &port_out) == 0)113free(host_out);114}115116static void117fuzz_utf8(const char *data_in, size_t size)118{119krb5_ucs4 u = 0;120char *utf8;121uint8_t *utf16;122size_t utf16len;123124krb5int_utf8_to_ucs4(data_in, &u);125126k5_utf8_to_utf16le(data_in, &utf16, &utf16len);127if (utf16 != NULL)128free(utf16);129130k5_utf16le_to_utf8((const uint8_t *)data_in, size, &utf8);131if (utf8 != NULL)132free(utf8);133}134135extern int136LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)137{138krb5_error_code ret;139char *data_in;140141if (size < kMinInputLength || size > kMaxInputLength)142return 0;143144data_in = k5memdup0(data, size, &ret);145if (data_in == NULL)146return 0;147148fuzz_base64(data_in, size);149fuzz_hashtab(data_in, size);150fuzz_hex(data_in, size);151fuzz_name(data_in, size);152fuzz_parse_host(data_in, size);153fuzz_utf8(data_in, size);154155free(data_in);156157return 0;158}159160161