VirtualBox

source: vbox/trunk/src/libs/openssl-3.3.2/fuzz/quic-srtm.c@ 108403

最後變更 在這個檔案從108403是 108206,由 vboxsync 提交於 5 週 前

openssl-3.3.2: Exported all files to OSE and removed .scm-settings ​bugref:10757
  • 屬性 svn:eol-style 設為 native
  • 屬性 svn:keywords 設為 Author Date Id Revision
檔案大小: 3.2 KB
 
1/*
2 * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 * https://www.openssl.org/source/license.html
8 * or in the file LICENSE in the source distribution.
9 */
10
11#include <openssl/ssl.h>
12#include <openssl/err.h>
13#include <openssl/bio.h>
14#include "fuzzer.h"
15#include "internal/quic_srtm.h"
16
17int FuzzerInitialize(int *argc, char ***argv)
18{
19 FuzzerSetRand();
20 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL);
21 OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
22 ERR_clear_error();
23 return 1;
24}
25
26/*
27 * Fuzzer input "protocol":
28 * Big endian
29 * Zero or more of:
30 * ADD - u8(0x00) u64(opaque) u64(seq_num) u128(token)
31 * REMOVE - u8(0x01) u64(opaque) u64(seq_num)
32 * CULL - u8(0x02) u64(opaque)
33 * LOOKUP - u8(0x03) u128(token) u64(idx)
34 */
35enum {
36 CMD_ADD,
37 CMD_REMOVE,
38 CMD_CULL,
39 CMD_LOOKUP
40};
41
42int FuzzerTestOneInput(const uint8_t *buf, size_t len)
43{
44 int rc = 0;
45 QUIC_SRTM *srtm = NULL;
46 PACKET pkt;
47 unsigned int cmd;
48 uint64_t arg_opaque, arg_seq_num, arg_idx;
49 QUIC_STATELESS_RESET_TOKEN arg_token;
50
51 if ((srtm = ossl_quic_srtm_new(NULL, NULL)) == NULL) {
52 rc = -1;
53 goto err;
54 }
55
56 if (!PACKET_buf_init(&pkt, buf, len))
57 goto err;
58
59 while (PACKET_remaining(&pkt) > 0) {
60 if (!PACKET_get_1(&pkt, &cmd))
61 goto err;
62
63 switch (cmd) {
64 case CMD_ADD:
65 if (!PACKET_get_net_8(&pkt, &arg_opaque)
66 || !PACKET_get_net_8(&pkt, &arg_seq_num)
67 || !PACKET_copy_bytes(&pkt, arg_token.token,
68 sizeof(arg_token.token)))
69 continue; /* just stop */
70
71 ossl_quic_srtm_add(srtm, (void *)(uintptr_t)arg_opaque,
72 arg_seq_num, &arg_token);
73 ossl_quic_srtm_check(srtm);
74 break;
75
76 case CMD_REMOVE:
77 if (!PACKET_get_net_8(&pkt, &arg_opaque)
78 || !PACKET_get_net_8(&pkt, &arg_seq_num))
79 continue; /* just stop */
80
81 ossl_quic_srtm_remove(srtm, (void *)(uintptr_t)arg_opaque,
82 arg_seq_num);
83 ossl_quic_srtm_check(srtm);
84 break;
85
86 case CMD_CULL:
87 if (!PACKET_get_net_8(&pkt, &arg_opaque))
88 continue; /* just stop */
89
90 ossl_quic_srtm_cull(srtm, (void *)(uintptr_t)arg_opaque);
91 ossl_quic_srtm_check(srtm);
92 break;
93
94 case CMD_LOOKUP:
95 if (!PACKET_copy_bytes(&pkt, arg_token.token,
96 sizeof(arg_token.token))
97 || !PACKET_get_net_8(&pkt, &arg_idx))
98 continue; /* just stop */
99
100 ossl_quic_srtm_lookup(srtm, &arg_token, (size_t)arg_idx,
101 NULL, NULL);
102 ossl_quic_srtm_check(srtm);
103 break;
104
105 default:
106 /* Other bytes are treated as no-ops */
107 continue;
108 }
109 }
110
111err:
112 ossl_quic_srtm_free(srtm);
113 return rc;
114}
115
116void FuzzerCleanup(void)
117{
118 FuzzerClearRand();
119}
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette