[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Kurt Roeckx
kurt at openssl.org
Thu Nov 3 04:18:23 UTC 2016
The branch OpenSSL_1_1_0-stable has been updated
via 3a3f9ed140b0e1feeed1b9655091c270df05332f (commit)
via a1aa0386081c4be6e020f1b84a55056ae9f6ad04 (commit)
from 2e6b83f608b7a4b315146895ac911e8c06d40db1 (commit)
- Log -----------------------------------------------------------------
commit 3a3f9ed140b0e1feeed1b9655091c270df05332f
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Wed Nov 2 20:45:46 2016 +0100
conf fuzzer: also check for an empty file
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
GH: #1828
(cherry picked from commit ea6199ea91ac59ae53686335e436d554cdacd2dc)
commit a1aa0386081c4be6e020f1b84a55056ae9f6ad04
Author: Mike Aizatsky <aizatsky at google.com>
Date: Wed Oct 26 13:56:39 2016 -0700
[fuzzers] do not fail fuzzers with empty input
Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
Reviewed-by: Rich Salz <rsalz at openssl.org>
GH: #1788
(cherry picked from commit ba7407002d899b614d4728da9004594f947ff3da)
-----------------------------------------------------------------------
Summary of changes:
fuzz/cms.c | 6 +++++-
fuzz/conf.c | 9 +++++++--
fuzz/server.c | 12 +++++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/fuzz/cms.c b/fuzz/cms.c
index f97173a..94390e7 100644
--- a/fuzz/cms.c
+++ b/fuzz/cms.c
@@ -22,8 +22,12 @@ int FuzzerInitialize(int *argc, char ***argv) {
int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
CMS_ContentInfo *i;
- BIO *in = BIO_new(BIO_s_mem());
+ BIO *in;
+ if (!len) {
+ return 0;
+ }
+ in = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
i = d2i_CMS_bio(in, NULL);
CMS_ContentInfo_free(i);
diff --git a/fuzz/conf.c b/fuzz/conf.c
index a76068d..30b13c8 100644
--- a/fuzz/conf.c
+++ b/fuzz/conf.c
@@ -20,10 +20,15 @@ int FuzzerInitialize(int *argc, char ***argv) {
}
int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
- CONF *conf = NCONF_new(NULL);
- BIO *in = BIO_new(BIO_s_mem());
+ CONF *conf;
+ BIO *in;
long eline;
+ if (len == 0)
+ return 0;
+
+ conf = NCONF_new(NULL);
+ in = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
NCONF_load_bio(conf, in, &eline);
NCONF_free(conf);
diff --git a/fuzz/server.c b/fuzz/server.c
index 0076306..35449d8 100644
--- a/fuzz/server.c
+++ b/fuzz/server.c
@@ -217,6 +217,12 @@ int FuzzerInitialize(int *argc, char ***argv) {
}
int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+ SSL *server;
+ BIO *in;
+ BIO *out;
+ if (!len) {
+ return 0;
+ }
/* TODO: make this work for OpenSSL. There's a PREDICT define that may do
* the job.
* TODO: use the ossltest engine (optionally?) to disable crypto checks.
@@ -224,9 +230,9 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
*/
/* This only fuzzes the initial flow from the client so far. */
- SSL *server = SSL_new(ctx);
- BIO *in = BIO_new(BIO_s_mem());
- BIO *out = BIO_new(BIO_s_mem());
+ server = SSL_new(ctx);
+ in = BIO_new(BIO_s_mem());
+ out = BIO_new(BIO_s_mem());
SSL_set_bio(server, in, out);
SSL_set_accept_state(server);
OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
More information about the openssl-commits
mailing list