1
/*-
2
 * Copyright (c) 2024 Kyle Evans <[email protected]>
3
 *
4
 * SPDX-License-Identifier: BSD-2-Clause
5
 */
6

7
#include <sys/param.h>
8
#include <sys/socket.h>
9

10
#include <assert.h>
11
#include <signal.h>
12
#include <stdbool.h>
13
#include <stdio.h>
14
#include <stdlib.h>
15
#include <unistd.h>
16

17
#include <libder.h>
18

19
#include "fuzzers.h"
20

21
int
22
LLVMFuzzerTestOneInput(const uint8_t *data, size_t sz)
23
{
24
	struct libder_ctx *ctx;
25
	struct libder_object *obj;
26
	size_t readsz;
27
	int ret;
28
	bool strict;
29

30
	if (sz < 2)
31
		return (-1);
32

33
	/*
34
	 * I worked this in originally by just using the high bit of the first
35
	 * byte, but then I realized that encoding it that way would make it
36
	 * impossible to get strict validation of universal and application
37
	 * tags.  The former is a bit more important than the latter.
38
	 */
39
	strict = !!data[0];
40
	data++;
41
	sz--;
42

43
	ctx = libder_open();
44
	libder_set_strict(ctx, strict);
45
	ret = -1;
46
	readsz = sz;
47
	obj = libder_read(ctx, data, &readsz);
48
	if (obj == NULL || readsz != sz)
49
		goto out;
50

51
	if (obj != NULL) {
52
		uint8_t *buf = NULL;
53
		size_t bufsz = 0;
54

55
		/*
56
		 * If we successfully read it, then it shouldn't
57
		 * overflow.  We're letting libder allocate the buffer,
58
		 * so we shouldn't be able to hit the 'too small' bit.
59
		 *
60
		 * I can't imagine what other errors might happen, so
61
		 * we'll just assert on it.
62
		 */
63
		buf = libder_write(ctx, obj, buf, &bufsz);
64
		if (buf == NULL)
65
			goto out;
66

67
		assert(bufsz != 0);
68

69
		free(buf);
70
	}
71

72
	ret = 0;
73

74
out:
75
	libder_obj_free(obj);
76
	libder_close(ctx);
77

78
	return (ret);
79
}
80

81