xref: /freebsd/crypto/krb5/src/tests/fuzzing/fuzz_krad.c (revision f1c4c3daccbaf3820f0e2224de53df12fc952fcc) 
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* tests/fuzzing/fuzz_krad.c */
3 /*
4  * Copyright (C) 2024 by Arjun. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * * Redistributions of source code must retain the above copyright
11  *   notice, this list of conditions and the following disclaimer.
12  *
13  * * Redistributions in binary form must reproduce the above copyright
14  *   notice, this list of conditions and the following disclaimer in
15  *   the documentation and/or other materials provided with the
16  *   distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
21  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22  * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
25  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
27  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
29  * OF THE POSSIBILITY OF SUCH DAMAGE.
30  */
31 
32 /*
33  * Fuzzing harness implementation for krad_packet_decode_response,
34  * krad_packet_decode_request.
35  */
36 
37 #include "autoconf.h"
38 #include <k5-int.h>
39 #include <krad.h>
40 
41 #define kMinInputLength 2
42 #define kMaxInputLength 1024
43 
44 static krad_packet *packets[3];
45 
46 static const krad_packet *
iterator(void * data,krb5_boolean cancel)47 iterator(void *data, krb5_boolean cancel)
48 {
49     krad_packet *tmp;
50     int *i = data;
51 
52     if (cancel || packets[*i] == NULL)
53         return NULL;
54 
55     tmp = packets[*i];
56     *i += 1;
57     return tmp;
58 }
59 
60 extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
61 
62 int
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)63 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
64 {
65     int i;
66     krb5_context ctx;
67     krb5_data data_in;
68     const char *secret = "f";
69     const krad_packet *req_1 = NULL, *req_2 = NULL;
70     krad_packet *rsp_1 = NULL, *rsp_2 = NULL;
71 
72     if (size < kMinInputLength || size > kMaxInputLength)
73         return 0;
74 
75     if (krb5_init_context(&ctx) != 0)
76         return 0;
77 
78     data_in = make_data((void *)data, size);
79 
80     i = 0;
81     krad_packet_decode_response(ctx, secret, &data_in, iterator, &i,
82                                 &req_1, &rsp_1);
83 
84     i = 0;
85     krad_packet_decode_request(ctx, secret, &data_in, iterator, &i,
86                                &req_2, &rsp_2);
87 
88     krad_packet_free(rsp_1);
89     krad_packet_free(rsp_2);
90     krb5_free_context(ctx);
91 
92     return 0;
93 }
94