fuzz: limit the retry count in handshake fuzzer

Signed-off-by: Daiki Ueno <ueno@gnu.org>

5 files changed, 18 insertions, 0 deletions

diff --git a/fuzz/gnutls_handshake_client_fuzzer.c b/fuzz/gnutls_handshake_client_fuzzer.c
index 8ae5babdc0..f03b830248 100644
--- a/fuzz/gnutls_handshake_client_fuzzer.c
+++ b/fuzz/gnutls_handshake_client_fuzzer.c
@@ -49,6 +49,7 @@ int LLVMFuzzerTestOneInput(const uint8_t * data, size_t size)
 	gnutls_session_t session;
 	gnutls_certificate_credentials_t xcred;
 	struct mem_st memdata;
+	unsigned int retry;
 
 	res = gnutls_init(&session, GNUTLS_CLIENT);
 	assert(res >= 0);
@@ -69,6 +70,7 @@ int LLVMFuzzerTestOneInput(const uint8_t * data, size_t size)
 	gnutls_transport_set_pull_function(session, error_pull);
 	gnutls_handshake_set_read_function(session, handshake_discard);
 
+	retry = 0;
 	do {
 		res = gnutls_handshake(session);
 		if (res == GNUTLS_E_AGAIN) {
@@ -76,6 +78,12 @@ int LLVMFuzzerTestOneInput(const uint8_t * data, size_t size)
 				res = GNUTLS_E_INTERNAL_ERROR;
 				break;
 			}
+			if (retry > HANDSHAKE_MAX_RETRY_COUNT) {
+				break;
+			}
+			retry++;
+		} else {
+			retry = 0;
 		}
 	} while (res < 0 && gnutls_error_is_fatal(res) == 0);
 
diff --git a/fuzz/gnutls_handshake_client_fuzzer.in/a3e993409526cd26a6a6f7599c7fef26acc93f6a3077eddef2b557161fbc778a b/fuzz/gnutls_handshake_client_fuzzer.in/a3e993409526cd26a6a6f7599c7fef26acc93f6a3077eddef2b557161fbc778a
new file mode 100644
index 0000000000..4e8caebd48
--- /dev/null
+++ b/fuzz/gnutls_handshake_client_fuzzer.in/a3e993409526cd26a6a6f7599c7fef26acc93f6a3077eddef2b557161fbc778a
diff --git a/fuzz/gnutls_handshake_server_fuzzer.c b/fuzz/gnutls_handshake_server_fuzzer.c
index 06b4218dc7..dd58cecf82 100644
--- a/fuzz/gnutls_handshake_server_fuzzer.c
+++ b/fuzz/gnutls_handshake_server_fuzzer.c
@@ -51,6 +51,7 @@ int LLVMFuzzerTestOneInput(const uint8_t * data, size_t size)
 	gnutls_session_t session;
 	gnutls_certificate_credentials_t xcred;
 	struct mem_st memdata;
+	unsigned int retry;
 
 	res = gnutls_init(&session, GNUTLS_SERVER);
 	assert(res >= 0);
@@ -114,6 +115,7 @@ int LLVMFuzzerTestOneInput(const uint8_t * data, size_t size)
 	gnutls_transport_set_pull_function(session, error_pull);
 	gnutls_handshake_set_read_function(session, handshake_discard);
 
+	retry = 0;
 	do {
 		res = gnutls_handshake(session);
 		if (res == GNUTLS_E_AGAIN) {
@@ -121,6 +123,12 @@ int LLVMFuzzerTestOneInput(const uint8_t * data, size_t size)
 				res = GNUTLS_E_INTERNAL_ERROR;
 				break;
 			}
+			if (retry > HANDSHAKE_MAX_RETRY_COUNT) {
+				break;
+			}
+			retry++;
+		} else {
+			retry = 0;
 		}
 	} while (res < 0 && gnutls_error_is_fatal(res) == 0);
 
diff --git a/fuzz/gnutls_handshake_server_fuzzer.in/e42772ece86289ff9a1387235c19361d767d41ebbcdbbac22abac9b4435fda57 b/fuzz/gnutls_handshake_server_fuzzer.in/e42772ece86289ff9a1387235c19361d767d41ebbcdbbac22abac9b4435fda57
new file mode 100644
index 0000000000..bafc6b6521
--- /dev/null
+++ b/fuzz/gnutls_handshake_server_fuzzer.in/e42772ece86289ff9a1387235c19361d767d41ebbcdbbac22abac9b4435fda57
diff --git a/fuzz/handshake.h b/fuzz/handshake.h
index e14a1cee77..34c7b701e6 100644
--- a/fuzz/handshake.h
+++ b/fuzz/handshake.h
@@ -24,6 +24,8 @@
 #ifndef HANDSHAKE_H
 # define HANDSHAKE_H
 
+#define HANDSHAKE_MAX_RETRY_COUNT 10
+
 typedef struct mem_st {
 	const uint8_t *data;
 	size_t size;