FreeRDP
Loading...
Searching...
No Matches
TestFuzzCredSSP_Asn1.c
1
6#include <stddef.h>
7#include <stdint.h>
8
9#include <winpr/asn1.h>
10#include <winpr/crt.h>
11#include <winpr/wlog.h>
12
13static void fuzz_walk_sequence(WinPrAsn1Decoder* outer, int depth);
14
15static void fuzz_consume_one(WinPrAsn1Decoder* decoder, int depth)
16{
17 WinPrAsn1Decoder inner = WinPrAsn1Decoder_init();
18 WinPrAsn1_tag tag = 0;
19 size_t len = 0;
20
21 if (depth > 6)
22 return;
23
24 if (WinPrAsn1DecReadTagLenValue(decoder, &tag, &len, &inner) == 0)
25 return;
26
27 switch (tag & ER_TAG_MASK)
28 {
29 case ER_TAG_BOOLEAN:
30 {
31 WinPrAsn1_BOOL value = 0;
32 (void)WinPrAsn1DecReadBoolean(&inner, &value);
33 break;
34 }
35 case ER_TAG_INTEGER:
36 {
37 WinPrAsn1_INTEGER value = 0;
38 (void)WinPrAsn1DecReadInteger(&inner, &value);
39 break;
40 }
41 case ER_TAG_OCTET_STRING:
42 {
43 WinPrAsn1_OctetString value = WINPR_C_ARRAY_INIT;
44 if (WinPrAsn1DecReadOctetString(&inner, &value, TRUE))
45 WinPrAsn1FreeOctetString(&value);
46 break;
47 }
48 case ER_TAG_OBJECT_IDENTIFIER:
49 {
50 WinPrAsn1_OID value = WINPR_C_ARRAY_INIT;
51 if (WinPrAsn1DecReadOID(&inner, &value, TRUE))
52 WinPrAsn1FreeOID(&value);
53 break;
54 }
55 case ER_TAG_ENUMERATED:
56 {
57 WinPrAsn1_ENUMERATED value = 0;
58 (void)WinPrAsn1DecReadEnumerated(&inner, &value);
59 break;
60 }
61 case ER_TAG_UTCTIME:
62 {
63 WinPrAsn1_UTCTIME value = WINPR_C_ARRAY_INIT;
64 (void)WinPrAsn1DecReadUtcTime(&inner, &value);
65 break;
66 }
67 case ER_TAG_IA5STRING:
68 {
69 WinPrAsn1_IA5STRING value = nullptr;
70 (void)WinPrAsn1DecReadIA5String(&inner, &value);
71 free(value);
72 break;
73 }
74 case ER_TAG_NULL:
75 (void)WinPrAsn1DecReadNull(&inner);
76 break;
77 default:
78 break;
79 }
80
81 if ((tag == ER_TAG_SEQUENCE) || (tag == ER_TAG_SET))
82 fuzz_walk_sequence(&inner, depth + 1);
83 else if ((tag & 0xC0) == 0x80)
84 fuzz_walk_sequence(&inner, depth + 1);
85}
86
87static void fuzz_walk_sequence(WinPrAsn1Decoder* outer, int depth)
88{
89 if (depth > 6)
90 return;
91
92 for (size_t index = 0; index < 64; index++)
93 {
94 WinPrAsn1_tag tag = 0;
95
96 if (!WinPrAsn1DecPeekTag(outer, &tag))
97 return;
98
99 fuzz_consume_one(outer, depth);
100 }
101}
102
103int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
104{
105 static BOOL loggingInitialized = FALSE;
106
107 if (!loggingInitialized)
108 {
109 (void)WLog_SetLogLevel(WLog_GetRoot(), WLOG_TRACE);
110 loggingInitialized = TRUE;
111 }
112
113 if ((size == 0) || (size > (1u << 20)))
114 return 0;
115
116 {
117 WinPrAsn1Decoder decoder = WinPrAsn1Decoder_init();
118 WinPrAsn1Decoder_InitMem(&decoder, WINPR_ASN1_DER, data, size);
119 fuzz_walk_sequence(&decoder, 0);
120 }
121
122 {
123 WinPrAsn1Decoder decoder = WinPrAsn1Decoder_init();
124 WinPrAsn1Decoder_InitMem(&decoder, WINPR_ASN1_BER, data, size);
125 fuzz_walk_sequence(&decoder, 0);
126 }
127
128 {
129 WinPrAsn1Decoder decoder = WinPrAsn1Decoder_init();
130 WinPrAsn1Decoder sequence = WinPrAsn1Decoder_init();
131
132 WinPrAsn1Decoder_InitMem(&decoder, WINPR_ASN1_DER, data, size);
133 if (WinPrAsn1DecReadSequence(&decoder, &sequence))
134 fuzz_walk_sequence(&sequence, 1);
135 }
136
137 return 0;
138}
WinPrAsn1_MemoryChunk
Definition asn1.h:92
WinPrAsn1_UTCTIME
Definition asn1.h:101