[gnutls-devel] libtasn1 | fuzz: add fuzzers for asn1_get_length_b/der (!65)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri May 8 21:10:24 CEST 2020




Tim Rühsen commented on a discussion on fuzz/asn1_get_length_ber_fuzzer.c: https://gitlab.com/gnutls/libtasn1/-/merge_requests/65#note_339274974

> + * You should have received a copy of the GNU Lesser General Public License
> + * along with libtasn1.  If not, see <https://www.gnu.org/licenses/>.
> + *
> + * This fuzzer is testing asn1_get_length_ber()'s robustness with arbitrary
> + * input data.
> + */
> +
> +#include <config.h>
> +
> +#include "libtasn1.h"
> +#include "fuzzer.h"
> +
> +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
> +{
> +	int ret_len;
> +

No limit will possibly blow up the size of corpora.

And maybe parsing a 200 bytes field may have the same code path as parsing 20 kb. As long as there are no fixed length buffers in the code, I see no benefit in arbitrary input sizes.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/65#note_339274974
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200508/cea5bdc9/attachment-0001.html>


More information about the Gnutls-devel mailing list