1 files changed, 120 insertions, 0 deletions

diff --git a/src/tests/fuzzing/fuzz_util.c b/src/tests/fuzzing/fuzz_util.c
new file mode 100644
index 0000000..8779b4c
--- /dev/null
+++ b/src/tests/fuzzing/fuzz_util.c
@@ -0,0 +1,120 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/fuzzing/fuzz_util.c */
+/*
+ * Copyright (C) 2024 by Arjun. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in
+ *   the documentation and/or other materials provided with the
+ *   distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Fuzzing harness implementation for k5_base64_decode, k5_hex_decode
+ * krb5_parse_name and k5_parse_host_string.
+ */
+
+#include "autoconf.h"
+#include <k5-int.h>
+#include <k5-base64.h>
+#include <k5-hex.h>
+#include <string.h>
+
+#define kMinInputLength 2
+#define kMaxInputLength 256
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+static void
+fuzz_base64(const char *data_in, size_t size)
+{
+    size_t len;
+
+    free(k5_base64_encode(data_in, size));
+    free(k5_base64_decode(data_in, &len));
+}
+
+static void
+fuzz_hex(const char *data_in, size_t size)
+{
+    char *hex;
+    uint8_t *bytes;
+    size_t len;
+
+    if (k5_hex_encode(data_in, size, 0, &hex) == 0)
+        free(hex);
+
+    if (k5_hex_encode(data_in, size, 1, &hex) == 0)
+        free(hex);
+
+    if (k5_hex_decode(data_in, &bytes, &len) == 0)
+        free(bytes);
+}
+
+static void
+fuzz_name(const char *data_in, size_t size)
+{
+    krb5_context context;
+    krb5_principal fuzzing;
+
+    if (krb5_init_context(&context) != 0)
+        return;
+
+    krb5_parse_name(context, data_in, &fuzzing);
+
+    krb5_free_principal(context, fuzzing);
+    krb5_free_context(context);
+}
+
+static void
+fuzz_parse_host(const char *data_in, size_t size)
+{
+    char *host_out = NULL;
+    int port_out = -1;
+
+    if (k5_parse_host_string(data_in, 1, &host_out, &port_out) == 0)
+        free(host_out);
+}
+
+extern int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    krb5_error_code ret;
+    char *data_in;
+
+    if (size < kMinInputLength || size > kMaxInputLength)
+        return 0;
+
+    data_in = k5memdup0(data, size, &ret);
+    if (data_in == NULL)
+        return 0;
+
+    fuzz_base64(data_in, size);
+    fuzz_hex(data_in, size);
+    fuzz_name(data_in, size);
+    fuzz_parse_host(data_in, size);
+
+    free(data_in);
+
+    return 0;
+}