The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
Macros | Functions | Variables
fuzzer_der.c File Reference

Fuzz the DER (ASN.1) decoder against an explicit list of root attributes. More...

#include <freeradius-devel/fuzzer/common.h>
+ Include dependency graph for fuzzer_der.c:

Go to the source code of this file.

Macros

#define NUM_DER_ROOTS   (sizeof(der_root_names) / sizeof(der_root_names[0]))
 

Functions

int LLVMFuzzerInitialize (int *argc, char ***argv)
 
int LLVMFuzzerTestOneInput (const uint8_t *buf, size_t len)
 

Variables

static char const * der_root_names []
 
static fr_dict_attr_t const * der_roots [NUM_DER_ROOTS]
 
fr_test_point_proto_decode_t der_tp_decode_proto
 

Detailed Description

Fuzz the DER (ASN.1) decoder against an explicit list of root attributes.

The DER decoder is unusual among FreeRADIUS protocol decoders in that it cannot meaningfully run with the dictionary root as its starting attribute - fr_der_decode_proto() explicitly rejects that. Each useful DER decode begins at a top-level ASN.1 structure such as Certificate (RFC 5280) or CertificationRequest (RFC 2986). This harness keeps an explicit list of those roots and selects one per input so a single binary exercises all DER entry points instead of being pinned to one via the FR_FUZZER_ROOT_ATTR environment variable.

Input layout: byte[0] - selects which root attribute to decode against, modulo the size of the root table byte[1..] - DER-encoded payload passed to fr_der_decode_proto()

Definition in file fuzzer_der.c.

Macro Definition Documentation

◆ NUM_DER_ROOTS

#define NUM_DER_ROOTS   (sizeof(der_root_names) / sizeof(der_root_names[0]))

Definition at line 50 of file fuzzer_der.c.

Function Documentation

◆ LLVMFuzzerInitialize()

int LLVMFuzzerInitialize ( int *  argc,
char ***  argv 
)

Definition at line 59 of file fuzzer_der.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ LLVMFuzzerTestOneInput()

int LLVMFuzzerTestOneInput ( const uint8_t buf,
size_t  len 
)

Definition at line 96 of file fuzzer_der.c.

+ Here is the call graph for this function:

Variable Documentation

◆ der_root_names

char const* der_root_names[]
static
Initial value:
= {
"Certificate",
"CertificateRequest",
}

Definition at line 45 of file fuzzer_der.c.

◆ der_roots

fr_dict_attr_t const* der_roots[NUM_DER_ROOTS]
static

Definition at line 52 of file fuzzer_der.c.

◆ der_tp_decode_proto

fr_test_point_proto_decode_t der_tp_decode_proto
extern
Initial value:
= {
.test_ctx = decode_test_ctx,
.func = fr_der_decode_proto,
}
decode_test_ctx
static int decode_test_ctx(void **out, UNUSED TALLOC_CTX *ctx, UNUSED fr_dict_t const *dict, UNUSED fr_dict_attr_t const *root_da)
Definition fuzzer.c:27
fr_der_decode_proto
static ssize_t fr_der_decode_proto(TALLOC_CTX *ctx, fr_pair_list_t *out, uint8_t const *data, size_t data_len, void *proto_ctx)
Definition decode.c:2751

Definition at line 2816 of file decode.c.

Generated by   doxygen 1.9.8