diff options
Diffstat (limited to 'src/tests/fuzzing/fuzz_krad.c')
-rw-r--r-- | src/tests/fuzzing/fuzz_krad.c | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/src/tests/fuzzing/fuzz_krad.c b/src/tests/fuzzing/fuzz_krad.c new file mode 100644 index 0000000..dbafbf1 --- /dev/null +++ b/src/tests/fuzzing/fuzz_krad.c @@ -0,0 +1,93 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* tests/fuzzing/fuzz_krad.c */ +/* + * Copyright (C) 2024 by Arjun. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Fuzzing harness implementation for krad_packet_decode_response, + * krad_packet_decode_request. + */ + +#include "autoconf.h" +#include <k5-int.h> +#include <krad.h> + +#define kMinInputLength 2 +#define kMaxInputLength 1024 + +static krad_packet *packets[3]; + +static const krad_packet * +iterator(void *data, krb5_boolean cancel) +{ + krad_packet *tmp; + int *i = data; + + if (cancel || packets[*i] == NULL) + return NULL; + + tmp = packets[*i]; + *i += 1; + return tmp; +} + +extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + int i; + krb5_context ctx; + krb5_data data_in; + const char *secret = "f"; + const krad_packet *req_1 = NULL, *req_2 = NULL; + krad_packet *rsp_1 = NULL, *rsp_2 = NULL; + + if (size < kMinInputLength || size > kMaxInputLength) + return 0; + + if (krb5_init_context(&ctx) != 0) + return 0; + + data_in = make_data((void *)data, size); + + i = 0; + krad_packet_decode_response(ctx, secret, &data_in, iterator, &i, + &req_1, &rsp_1); + + i = 0; + krad_packet_decode_request(ctx, secret, &data_in, iterator, &i, + &req_2, &rsp_2); + + krad_packet_free(rsp_1); + krad_packet_free(rsp_2); + krb5_free_context(ctx); + + return 0; +} |