diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-15 13:20:51 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-06-15 13:21:12 +0200 |
| commit | 4787f43fe7b88ee3f3aae9e430bd59c633284e36 (patch) | |
| tree | d4bdf09e3017012ba9a5dde40d6d6796b132fcc1 | |
| parent | 9ca06dded834e1f47e0d7fed3698a883404eb156 (diff) | |
| download | gnutls-tmp-ocsp-status-fix.tar.gz | |
tests: added reproducer for OCSP response found test casestmp-ocsp-status-fix
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | devel/fuzz/gnutls_ocsp_resp_parser_fuzzer.cc | 6 | ||||
| -rw-r--r-- | tests/Makefile.am | 4 | ||||
| -rw-r--r-- | tests/ocsp-resp-interesting/1492.der | bin | 0 -> 1220 bytes | |||
| -rw-r--r-- | tests/ocsp-resp.c | 109 |
4 files changed, 115 insertions, 4 deletions
diff --git a/devel/fuzz/gnutls_ocsp_resp_parser_fuzzer.cc b/devel/fuzz/gnutls_ocsp_resp_parser_fuzzer.cc index 5e8657c2cc..1e7b8a0857 100644 --- a/devel/fuzz/gnutls_ocsp_resp_parser_fuzzer.cc +++ b/devel/fuzz/gnutls_ocsp_resp_parser_fuzzer.cc @@ -22,8 +22,10 @@ #include <gnutls/gnutls.h> #include <gnutls/ocsp.h> - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { +#ifdef __cplusplus +extern "C" +#endif +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { gnutls_datum_t raw; gnutls_datum_t out; gnutls_ocsp_resp_t resp; diff --git a/tests/Makefile.am b/tests/Makefile.am index 47baf7e4c1..2f1142c471 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -50,7 +50,7 @@ EXTRA_DIST = suppressions.valgrind eagain-common.h cert-common.h test-chains.h \ ocsp-tests/certs/server_bad.template ocsp-tests/certs/ocsp-staple-unrelated.der ocsp-tests/suppressions.valgrind \ data/listings-DTLS1.0 data/listings-SSL3.0 data/listings-TLS1.0 data/listings-TLS1.1 \ data/listings-SSL3.0-TLS1.1 p11-kit-trust-data/Example_Root_CA.p11-kit \ - p11-kit-trust-data/Example_Root_CA.pem + p11-kit-trust-data/Example_Root_CA.pem ocsp-resp-interesting/1492.der AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS) @@ -90,7 +90,7 @@ ctests = mini-record-2 simple gc set_pkcs12_cred cert certuniqueid \ hostname-check cve-2008-4989 pkcs12_s2k chainverify record-sizes-range \ crq_key_id x509sign-verify sign-verify cve-2009-1415 cve-2009-1416 \ crq_apis init_roundtrip pkcs12_s2k_pem dn2 mini-eagain tls-rehandshake-cert-3 \ - nul-in-x509-names x509_altname pkcs12_encode mini-x509 \ + nul-in-x509-names x509_altname pkcs12_encode mini-x509 ocsp-resp \ tls-rehandshake-cert rng-fork mini-eagain-dtls resume-dtls \ x509cert x509cert-tl infoaccess mini-dtls-hello-verify \ trustdb-tofu dtls-rehandshake-anon mini-alpn mini-dtls-large \ diff --git a/tests/ocsp-resp-interesting/1492.der b/tests/ocsp-resp-interesting/1492.der Binary files differnew file mode 100644 index 0000000000..c4e2b5d57f --- /dev/null +++ b/tests/ocsp-resp-interesting/1492.der diff --git a/tests/ocsp-resp.c b/tests/ocsp-resp.c new file mode 100644 index 0000000000..a5d3a06471 --- /dev/null +++ b/tests/ocsp-resp.c @@ -0,0 +1,109 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/> + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include <gnutls/gnutls.h> +#include <gnutls/ocsp.h> +#include <stdlib.h> +#include <stdint.h> +#include <limits.h> +#include <dirent.h> + +#include "utils.h" + +/* This program will load certificates from CERT_DIR and try to print + * them. If CERT_DIR/certname.err is available, it should contain the + * error code that gnutls_x509_crt_import() should return. + */ + +#define CERT_DIR "ocsp-resp-interesting" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +static int getnext(DIR **dirp, gnutls_datum_t *der) +{ + struct dirent *d; + char path[256]; + char cert_dir[256]; + const char *src; + int ret; + + src = getenv("srcdir"); + if (src == NULL) + src = "."; + + snprintf(cert_dir, sizeof(cert_dir), "%s/%s", src, CERT_DIR); + + if (*dirp == NULL) { + *dirp = opendir(cert_dir); + if (*dirp == NULL) + return -1; + } + + do { + d = readdir(*dirp); + if (d != NULL +#ifdef _DIRENT_HAVE_D_TYPE + && d->d_type == DT_REG +#endif + ) { + if (strstr(d->d_name, ".der") == 0) + continue; + snprintf(path, sizeof(path), "%s/%s", cert_dir, d->d_name); + + success("Loading %s\n", path); + ret = gnutls_load_file(path, der); + if (ret < 0) { + return -1; + } + + return 0; + } + } while(d != NULL); + + closedir(*dirp); + return -1; /* finished */ +} + +#include "../devel/fuzz/gnutls_ocsp_resp_parser_fuzzer.cc" + +void doit(void) +{ + int ret; + gnutls_datum_t raw; + DIR *dirp = NULL; + + ret = global_init(); + if (ret < 0) + fail("init %d\n", ret); + + while (getnext(&dirp, &raw)==0) { + LLVMFuzzerTestOneInput(raw.data, raw.size); + gnutls_free(raw.data); + raw.data = NULL; + raw.size = 0; + } + + gnutls_global_deinit(); +} |