Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests

author Tomas Mraz <tomas@openssl.org>

Thu, 26 Aug 2021 13:08:15 +0000 (15:08 +0200)

committer Tomas Mraz <tomas@openssl.org>

Tue, 31 Aug 2021 10:20:12 +0000 (12:20 +0200)
author Tomas Mraz <tomas@openssl.org>
Thu, 26 Aug 2021 13:08:15 +0000 (15:08 +0200)
committer Tomas Mraz <tomas@openssl.org>
Tue, 31 Aug 2021 10:20:12 +0000 (12:20 +0200)
diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c

index 328e0abcc510680ecac3875404548ad3d86d5020..e04f9b1f2e5cbfaac99ffb92935e31c3528bcf12 100644 (file)
--- a/crypto/asn1/a_print.c
+++ b/crypto/asn1/a_print.c
@@ -18,12 +18,13 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len)
      int ia5 = 0;
      int t61 = 0;
  
-    if (len <= 0)
-        len = -1;
      if (s == NULL)
          return V_ASN1_PRINTABLESTRING;
  
-    while ((*s) && (len-- != 0)) {
+    if (len < 0)
+        len = strlen((const char *)s);
+
+    while (len-- > 0) {
          c = *(s++);
          if (!ossl_isasn1print(c))
              ia5 = 1;
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c

index 02c34a4438f89b7982a95fe66954eb6a13f2627e..5359cbc11720403ece0d1176f0b53d20b070afc2 100644 (file)
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -303,7 +303,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
          c = str->data;
  #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
          /* No NUL terminator in fuzzing builds */
-        str->data = OPENSSL_realloc(c, len);
+        str->data = OPENSSL_realloc(c, len != 0 ? len : 1);
  #else
          str->data = OPENSSL_realloc(c, len + 1);
  #endif
@@ -316,7 +316,11 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
      str->length = len;
      if (data != NULL) {
          memcpy(str->data, data, len);
-#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+        /* Set the unused byte to something non NUL and printable. */
+        if (len == 0)
+            str->data[len] = '~';
+#else
          /*
           * Add a NUL terminator. This should not be necessary - but we add it as
           * a safety precaution
@@ -384,7 +388,8 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
  
      i = (a->length - b->length);
      if (i == 0) {
-        i = memcmp(a->data, b->data, a->length);
+        if (a->length != 0)
+            i = memcmp(a->data, b->data, a->length);
          if (i == 0)
              return a->type - b->type;
          else
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c

index 2cbd95fa1b5655bc91c403072065423d859c408a..3503fdc210601549d1d01a51f209cbc7b53aebf8 100644 (file)
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -229,7 +229,7 @@ static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src)
  static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen,
                                ASN1_OCTET_STRING *src, size_t maxlen)
  {
-    if (src == NULL) {
+    if (src == NULL || src->length == 0) {
          *pdstlen = 0;
          return 1;
      }
author	Tomas Mraz <tomas@openssl.org>
	Thu, 26 Aug 2021 13:08:15 +0000 (15:08 +0200)
committer	Tomas Mraz <tomas@openssl.org>
	Tue, 31 Aug 2021 10:20:12 +0000 (12:20 +0200)
crypto/asn1/a_print.c		patch \| blob \| blame \| history
crypto/asn1/asn1_lib.c		patch \| blob \| blame \| history
ssl/ssl_asn1.c		patch \| blob \| blame \| history