From 55869f594f052561b11a2db6a7c42690051868de Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 10 Feb 2021 16:36:57 +0000
Subject: [PATCH] Test that X509_issuer_and_serial_hash doesn't crash

Provide a certificate with a bad issuer and check that
X509_issuer_and_serial_hash doesn't crash.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
---
 .../f5ded9e25448f6f47349d012eda2eb4fccbc7c76   | Bin 0 -> 356852 bytes
 fuzz/x509.c                                    |   2 ++
 2 files changed, 2 insertions(+)
 create mode 100644 fuzz/corpora/x509/f5ded9e25448f6f47349d012eda2eb4fccbc7c76

diff --git a/fuzz/corpora/x509/f5ded9e25448f6f47349d012eda2eb4fccbc7c76 b/fuzz/corpora/x509/f5ded9e25448f6f47349d012eda2eb4fccbc7c76
new file mode 100644
index 0000000000000000000000000000000000000000..439c50b0134b125120d220a5220e2748e1d13873
GIT binary patch
literal 356852
zc-rlq36xaTna8W@HLVEE;u6H2AwhAY8WBMdafw4*a7B;HiAWN0kIFHkMrlw{6UT8m
zE*Y1`jG45WF_Y0z<1vC9<G92n#%LU~U=%eP4KAptP}9}jKzCEiTkiJV`@82rSFiP6
z-S7ME|M&gxdsS>HwiF7*VzH$$U(Dr-EzK?Eho=@><~BrKV`$WS4Db3lH>x={?fSS`
zq;uphYs~MEYd`k#!GE-1?rnwqXXSG!e<?R4ADJFoY`AT&ksFlD_4>-{&+GlMLe1}v
z8Z|1~yzBAwilfIj)Sqipt#2N^_F@0E54#1!^cchNF-P@|Iqrc^+j7I{aYy@K+@<pm
zm%2vz@tpFQF{i?q-2N}yYw+_mBmQf$Y1NlQaX#n9j2=H`{Mg+_kKe7F+6{9%le<_k
zxo4+&ibA5F{-n;2m%4v4c}-?^jIVcnJh1)WH##5Y+cUPMrDe{Xd5IE1<LG%hI^(V@
z+D@zd^*yXaTd{tSnO;H4D}%~aBy$L#)iZ>n_#vD;KcW=*(Y(%AUd)~r<25cqv8Q>5
z#(YEmrIQN{eY*dU_7IGf7LC<@J74~#FtXIt4Ahpk<*!hj94$_I#yCd>vKCEJihJyd
z!sC-VhukH^T?vtLlDCh%qSsV+sA$iZ&X*(C=*Ek2xr=$DC2f4Js;(sJ%7TnU9n))M
zdfg_9>IBJ6*i$nm>@U+sizcDBp4yVs^)r9B)`ajw>;J<kt<SPnso2;&`<d3yKIj!h
zoJC@&MeVjVqN@!SrX%vxTH&^@vT)l%Ny60%vg8xLH;urI`Y;l%51*tLj6QT&A7(qe
zANf2vC)G-kvy95uS;$x9EArK9rI>1cLyvL!igpQIz7hiA$=8Xp<*PgG%`Z*q!&%ea
z)rXg&59?3yfx+v;(`!`mCABNX0@pTtk2J3jXQ<YPZzB#m7oaz_>cc<Q&HIDVhe<;~
z4{WVSvM3K>o0;N5JZ;PB-&<VoW!$A&F{n4RH^-X8wyd|GKjqm;g}jr}ZVs(KT7QmQ
z%V($cx0jRBZa^rlKc%N2_cDuAj+qzYi%Vm&6vp%~#-kE1jfuE4MlZ7*$u3&9AtX9S
zZZuMjNiHzKB;RWPccQaQa#P?;A_IIYjB7mdy$^T03;3ejOKR+CPIiBhWk%D2`->>M
zzX*LT8GS9!Ez4M8wL$s6OXzDQO}&l9^+-%0)%#wN;v`5B_e$$3U!0fUz5QRm1yLbi
zDD*82?(<5&Tq!rW*wol}=V4RkkIpyc`}N5c`!{b;T)#1zc0&Is-%#9YNK^B!#a%}i
zn^6g3gLEc}L?UV4EuJ*{+D?l#r1_x}q-hL%f0wvu{7e}5)}4W#yA3Z^vD<JKwNhoR
zOnOr>@wd}0RLc5d5%0|p?+udjj--yPQ5s97Pq(Za9Sd4p?-1bB$5=s~*sp)KODpJK
zU8Ic@ENrooa#K^MH_wdqX94G~!?9mR`<H`Q3ZH6on#Z`5){^|(@i*7Gu98TI>Z^oo
zBH>scTasRGe(|&i=;Y=XbG@to=4Lu76K<T_?aOj_7aB{&Ld95^8Tf5s)*WYi)-zOu
z95gIxSPE-cz6&QQ<s=_Ac<$XZtWGs&5xRa`!)ac$!IdhpXDk@Wv;`}vjkO2(kc6`z
z&-JFYPAlieX(1tzkclb<5)uiiBCM|Cw$~B2y^a+Ehk2k6Uofc;!#2%*^~6Khhqs{*
zeb<M_p$~QH!yAQ&gYVkBH{!3{)`vsThx8A{>ca=Mo$XTep+EZY+sPK}Gpir<o9ILO
zhv-A$;@}~L;y_{lu+gACyo>%}VEXV2oBHt1wFmel{X_Jjx#dlUhEi2WN7k#O+OI?z
z71EU`JNkJg%2*9)q5Mjemn3DWzi;b20)IPJnoU+50<*ai#YLrc7gwUVYZD(~rY}Pq
z(ET>xO4@)4+JM6=eNq4I8ASDbUlKIgVL|b>)}dHRyR&`zc0o>t+qg3=CtuL>n!aI1
zPS#o94?s=|my-)smZ^DC<m5c<axy|ry3P&*#aEQC`YR`W^H{!OU$hzbSjuCW;<O0x
zZeNo_@K_Yj7S|9ag<|hKmgj+DJQih8{BTy`y2Kh39|{!5D^uIUNkB1^jmH8Ma|>*4
zf$db5o+m%4LWJUdfa3ZEc6*#+pjaXlTM(`|#fG6cD<>VQy-e-mA}1XT6a&SsRFp|T
zF;EN?*M{Og$`9v1xf(A46i*5Uij~yW%4zmZZ=kqtplzC|Xg;d3zFut(iYEcZK(Rki
ze07q)tP+YZf|E>f(&OGi@!_sdc0t)>pPjCvEXp2kH`@20fMTE+r&z(^j01{sip@c>
z_7LC}HCe|>oMMlm_*$U2ce(uzPBBo-_Gz4A8*Mh-qgf0TFV~^p?*xjSfZ`==p9YG7
zVzE&Ca>R|cfMQ>vSg&xsFD(>r>!F10UERh2#U?mu5>TvsvOfljWy@{<oZ{``=f~?n
zv2RZCM(K}Zg|k_DGEfW@;}qMhufuwM{zzPjF%u{@2F1tAg5oGG6#FP)af+3O+epKl
z1QZA36fY4{QCx=N*>380%TDosIRM44xe3LKaf+SmG$n!J$v`ns>;e@30jD@DC{8N6
zfnuQ8M^5^OdGin`X8SZyEM32sM+;6d*A%BZoIyY_PBBpIHWagc+87l7Dl{lAn1kZ}
zKyl?_c$hbwbS~Ev1I0jbtcr45{l9rBP|S_CfMU;ES6xYUj-{j;WgUu#1I0iwP>fUT
z3KWOn6cYn!W1!hc4E&zPNP-1%EUZjpgvs`zG2)(pr!kVgF|sIt#z-5D5si%z=ab5M
zO{FoiW|n5q7zw8_@~ZI0$SN8maiRDvKP4<%=rx7gU7<qpV1bi;e6PuV7AOXaJ>M<x
z9J>W<L-7xRVxZU$C|*Bv2)F^oS2zsCzjYakKX!k&z)~BH2JfKwlg>xSc`RW?Lh+9=
z58Z`goMIoK_<f*Q8WjI4Tj+&Bu|ut^R-hOtW(z$|F<a<8hvGz1R@%+h0_|UX8gXAd
zLH!G}NISy}(r!fmLSp}7rJwx^Onq(vK>vcB?({F{U(mnME<moNe?k8uq+0-dM+g)z
zin|_8sPLWna8m8DmljR}iZS&i$?ctlLh(Jup!oAl`H=^T(~K9qhvKKaf#Mb7q4+*E
zQ2Yo`><tuG85aV@vY~jCMkwA-G8Efe9Cu6v#Rk?x6`b@SoMZutce4b=Lsvi8U*RlY
z4;14RJ7j8w>=Yk^Q!Fb>af)lr);=yc#e=dz@lq=x02Id<4*<nD#fF6ILxQ3BUbasI
z#oD3Rfyr*dDYhcF{|pqT)$b3P)NISxJ`EH*0L9yd48^W*pI(Gh%;n!eF;E<Da7{5#
z3>33{8Ys?EQBDGiaf;(j^DRKJmr$%MsgB7E#dCq;D4gxneSl)17$^pc9fRWMb#T&r
zQ$;Et1{B``6a&RVwomVw9*X+{#W=-2LGkWvpT;Tn6pFXNDF%vxV(+2&wg90RP7(mc
zt~kXXGucTdd$t%Te$9w@GwT!|XBLXL_X>(XPzS{WRUOj-;-Hvoih*KZp;-O)=_7z*
zpcp8&55=i<>#!c5jRlIej@N)<$xiVkoZ{Xiu@skcqpe1^PvaEpcZ!F0Pm7O$VxTx2
zDE=3&DF%x5LGc|xF-~#4@p8s;d#vM7d`-_Nzt?Z4cz%#jd^y_!>_YMUY{#NdZr^Ij
z(Ey57K=BNqIB8k{#XxZyDE?W9PVvz|F-|d1Y#WMibRCLaS{&IvjZ<vhDeiA!rq8lI
z*^hR9ILfn%0u<vE1I3-Q4HU;ts?j*bUP5uz5O@zLPBE8*fnvo_{8<oC9AmTs#o<8l
zK%m%hD5e7f6o&}KX9C5#ptzthE$lkQr`gKVp^hfiVxU+e6svKHKkV@=H#h*r`{NXg
zf@00DsT?SdfZ}kV7^heW6z7<1`xRw<y>j~q$xyt|4X1b{P;7OfW&5-PP&^^RDF%x5
z6j-)T#~sUnVxYLPgdG7CTZH1<fnq<Pxc=D6At>I&PbkJIR<7T_9<hBIC<cl<<Nhx-
zlj{BIaX+ya2u*htipTbZ;x__;;-NsX<@&mp!%p$jwGU{RJSgsK1d4aXDF%uSj5}Lf
zTY+M>PfMHZj`1i^oCS)TEkLnJ%?1<)4aEnz55?SldR-{q+y^L56#_Q{#qPM8Y@b&D
znr4OKbw&Xw28!V%`A~czlU-r5?@?G$P6LYN>UW?RC>E2Yij!)i+Hrq&^`yGiRVY4~
z?b9jhDo|_~;PwQHB|@<R;kq|a3={*!mZ6x*HdIlb7A3dO0E&TPpx9d|J~Vbxt=As+
zXQ@pp>ng1>6yF6D1I5le#XAUq;uS!#HsQJwC<cmwVxX8CZCR1q4*<nI{`ek1F;MJM
zmcA`BsT_sk2q=yV#m@l6wxAfNIBY16BtY>D4U6N;8KC$}I0-0bvVmfY;ti)bASfOM
z6dTOaMwv;q6ezX=#cg_^I0A}+VxZWdaNScB6t69}Q*nynq@+;%R^|NsDp2g^WWT7U
zq6`rP#mj+Wpctpv{nnL7PVqfJv393;eV`a928z4JQXNn{fE#TA#nw6LYC%x^_vB40
zpm^=LB28`io}$TKRqH3mI#E%^+Y@g=Lh&ozKN$fO_Z%A=h2n>SV%bovSET{Pi9$df
z6dwT;1I69P7tTPjJ5KRQKrv9v_G!nV_?Jv}<m2|~yMf}=Q2c!hPVsk*Lh+j-o#H{2
ze;X*anN)iL#fqSKL)lP_Q>+Y%Z;X2?C)tJKg>0Y3DF%w+B=b=GYbF~gc1FDEg5ryu
zbc*j{`!w691w!#>wmMA?L-8gNPH}oDegY^~1#k-^FP-9H^`C73Pz)3U#cqY$WQkDB
zWCO+iL$SPTif;jmfnrCY*jiFK48@TZD8AJo6yK5^il43q#W=;f0L}#{-jEw@0mZe)
zW6nbHP=`3_erGu8Ov9X%1&Wse#XvDo>;V+x6a&SML-7=#m}`n-L-D7Ewoji26mz4k
z_Hh+Z92bgriZ5Yrz$u24EN~J|vBJqd3@8SQfnt@St;e0OejOMTuNO8H&sY=pn`=#~
zvw&jHpm=MpDYgm4KMoFxHNK|4L2(EYHasX^3={*!IK@D5Fi^aK5p{FF(rLyij&(Rw
z**-16DZU*jt`P!P)w!nloDL`+;W8A@#wiAhf#MY9c9hn&`U0RBrx+;i9N$zu*%t%F
z!l8KQaG{v((^{bT*lJL`$gwOP4isC3;;qAUihoik1b)HYrv*UqyFf8eoC%7z7AIkW
zV&PD{v#(HmZnwwBGucj5lrs`M!?)amVwd$hP>fS7rgdc_sgB74#Z%cnofV3YG!O#1
zp?DHdoCb<h?7akv(?ao67KQ7+x}aE|uhX--wdz?9H?RoBAK(<rgyKYFE1+1q+-{Ws
z#kT;(MxnSlB@}NA6#E3l+-S=#6ekLSZ|H;KXK;!ggkqdxRZy%$xHe@ucZpDZPQXs_
z*Dw!(Vw_@+<hFV!9)MGfQ!EOKCjiBYq4-&#*su2~)>B~j0E#_?;>UpEOd~B6zb#tA
zribGDYZt>3oCFjz*=Z+xGoUyT6n|T?eh(Ci7Xig?X6ai#K`~A-P>fSt8{q!vD-_#r
zH24g~Tg2j(aREUwoCFjz*(N6&DCU~tV4dQDKyj=r{U7bG5l{>i8-wCmen9bYy}$4X
zPH}B0p6&w_KavWH-;?7MALyloO$^0v0>wZvlbv<4AGZp{?*hd@G25qogkt@pcT!yk
z6gv#XeQ=6#iUmS3PO;?e(}6*8reX*u0mV$Vmlfr8!BD)P!d3Y)-=O%8Zf9{NP@IqE
z0>u(KO+azVx(XCK1I3ANk^~e3#p?*y9~p(>=M|LOzX8RrbJF<woHP_D_7;lg0>w^>
zH_cA*GMr+I(`*cizo?!T`{EP}f#O@ULh(C5v4c?D5aASu2*oWfLGfk&I>k@ufMT3t
z%tO1J1QZ*b?CZOJ@(Q5XJt%%fu&D(Uvwb>SmOhd884mISiX}V6=K#ex#VW=V5l*pm
zr}#H)pLPL?j{%C+hud<X*x+Q}>`MpaLR%GO2~KgCP&`nHx;X(TwhYAz#={1oxD6;?
z>lA+k6a&Rh031+k1B&xpQ>=V(oK<^q990L3bu@`5h7QHX%)@%BXi?{f*`}d*9Fwhn
zvZcyxpctnZC^nm=@9BGudL`8xjwY2DD0Z!`T7cq1fMOv~d?Zk;8j7dio(77q1&U2?
zpWa+gF${u}njM1Tbw|n<<T@tX5)>Z}6uSY%KLCn>Vy-D>`?P~lyoqcm?sAIH2Z~*X
zVw__2P>fS71B%rZ!<*qGAE1~Hi2cb1igAi<L-8`@(|iL^90nBs6Hts(%=T%SQ2ZEB
z3>1eTVRwqS(H2lF9*RE)ih<&Fm)OmKVsD+|B|tGwF;EN?1I31*IMZoeuMLWK1d4rz
z;-A}D9D!mZ;r2tI*vMqRp5ok^3_<Y@f}nURPBBo-_GzG4Xj1(|FckMwaxgbJ2F3d+
zh2o!j1I32~0L8HePBBpI$l?eT;}o-fTE=AiF1LYVpcp6yigAjq)>WM1j3eLUvjM?7
z#eINcpjg2;L=qIQgp+{c&RAly6HoRapjZnO|G}t!e;z1SIL$`@#XvDo3>33{+7=YI
zR6OF15}wu@@ekcuD4r(|iWlP);}m-h#s47%ikWP^9T1=xr&s|L-{65$+?3$?7E6QT
zlZ|ERQ9v<JEE$TY$cEy@s;8Rm({-QcZL_bb6)0x=G*FCFoD7P;4-^B%Kr!2=*Nji9
zoWx4SQ~Y_v_G!nn6n=$YRfK@t8mdKOeAxLR(6g^M-U@*F0dKwF{Vw1Qi@6Klfs2ES
z(TC_mclF^m6`$cN#ubuCeVF%gt0el+^n$$rV+MU#E!?(4AEpxrf0HN<%H^eR1NyM~
z7>+&+v4f`U?ECt5Db0=OLxuWqj;#KnYJ^@UW|gFiLKns8DtS*xt7LE&oW92@siKSW
zdFEAe@Ih>E^`wi^hRcS_hCW0e(nUcZhI~VkZPABZ{#0Ykui^(fs1FZHuMfY+F04TH
z;fYqnK||fu?Q1UU!*|e!F6hHI(T7IP{_ueHA^k)2A^k&k>C-<nC=Sl86jpucA9@)A
zW9T0S(LcO3&JPW9Nl29x>%-g8hv-8E`mh0gh(2^p9GoACJZ#5papNVYv054FxRFe;
z7-x|>MRIRuAJ$$+*4`lwt-XWX>CIf7X6-GNKHaizbS!9Xy+c4J7tpr6DB0uW@;tVW
ze1>RTSx`IQwF(=XZyYpNmh}A8?}SnMGM4HMU&BWP1pme(2$tc*850Q}-d1)u-hh<b
z$~vB<TqWTXd`(RUUyId;0B=AVdwl8zazvGoW4U{8Kx(LA*@{`{%HrsXS$H;Pp;fc+
zybv3lC^6dL>^I|jRa)kF-bhHUM+iegexON08WRVry1l$~>d=QKLtq&C5Pc|IAHIV=
zL?5CLb&qL@!mT0L>k;nrx_N{?3`ie-;Bx=)d}sCHTj;}z<NxR%);X;))%4+D^r4UX
z@E7zCb?U==UDSt~#K9iP#KD<9=);Ya=tCRvI!+nS$S8`&a>J3W<r~M!jaEa-kFDkU
z)57Vk<#%g;jnpUA&b{LPWuXm;|D_?3zODwdwR}KmTXPy?9g-qxitkffxF!?QBDsEP
zX0G2ROy4I-xQ$KENsm;$ce@bZ$Csu*Tg&Auv46MZ4zhKKtwVw6SBE6zT&y82>%^;U
z9pdUlB&2z3=r9fXa2)#3eh8os6X?SU=tCR&@KG*3L?5d1-|j~rq7P$?2N4Gn`iEPi
z58cs+Gu_pPC(7y{&TyjYw^<ZYZDIBgo!3v&`)kE{`Q6+9^;-}X@`Xa*(%?R?^vjiU
zgNsd#eRm!<W&Y@VQ@&rHT(N)i2F3LoqiHAfkMa%0t%fu;?^@h-bg>!zRXIqHaVALr
zYP%QsXCn*!<DT4EKGRm%CsWn*DXWiGrJnO+E38wEs}UHR@dq38gmukMLG{r!s}ycW
zitC!GD{!<(4Nta=ieju6=iwWnaJ8C6i9TPwM6Wz95}l=Z95H7Lk0VhC@J1-XLGfsy
zn5`rlB<w(-n5`s0u@94dmF0>u$u%fm4=65=2dqQ!lQAamb@5Q#JuSB2-9ZH<)kL5e
zD3$}oOMv1E11JWH9a$U=L-7G{l7CP<5-2t@+1|<RC#s3JQ*eq?<_Au3vT;+2v;c}F
zBo$B$6sHQb;jTHw6M<r&*nKG83@EN!3^!E5NyoxTIK@@QOrThz+&)N=cms;9Lh+xx
zfZ{Z1QHJ6tfnuN-DE1MGr$5H_X`t8;6t74I#j8>X*MWwh*dGa-9f}WdiIXynrIo{N
z)w<z!IZ!NpvIBzRe-<ORf#PiW@dE=;JiO!o{k2as?|=yu1I6J&@#z+!m}`n<L-ANa
zP|Wse|DgC%37mu@2>c|ezIWmXnwsVdT!EkEzz^`VW^4oe1mFm^kKapxpD{w<XE}}_
z@U!kr+gcpk3^;<AM7B67*f+_F^T#hsGyR*;;B&0O*Eve1(%SI*i}e<8x#qTye4<}k
zXf0B7ycol}f71DK<QhpEhtlR6ajwbHdZS}jmFRf4PIPq8TA^4hi>+e2*lMTUj)yzW
zD+hhY!!cbC#uV3lrKRheN0mCp!ct51arx>8m-PNZ%Y@Ef|FX1tw6z`8*4DOa?GxmS
z#s0Z`?$uWZH9q%T`%%_Al2WWAS$Cv8k`Z=}r1F!FG=BPqCL;Y4Tq5mM-93`PPG5V>
zO>5XoQp^PqZXy%QMuq#L=aKx53P**Lzp92CZec`PxYCVf)b}|)gT+gKNqLIJtHMF(
zd)5Qdif*Rc9wBK(3TwP4m_V<Mn1e)#x#Xw6QxGwi&(Zy$zpE+Q<~vhYHmAa|swzCy
z6;wFM{oUWv-=)8+FP;7*YL4f|Ka$H?yg)*~`@7JvE2qDcq0`^n*J?A529&Cl8|1%~
zG5UNRPcVgQi8zUMs;6ny1@!BK$+;69&$;a{-t5YM+c)31=2Sl>=3>TNU&E`HBg^r{
zEL;@s)kks_Vu{ly<q{sr>5jyln&)r-r8&err*AUl@27X2@E|(Bv1ze9n#=!k#Wmy1
wVujH>zGH0KaY1~pe1&{t;pt-eHgCDkzt{eSKII?WHrMqb7xm9|f4YwG|56#EPyhe`

literal 0
Hc-jL100001

diff --git a/fuzz/x509.c b/fuzz/x509.c
index 858ad61bbfa..bf2dfb826d3 100644
--- a/fuzz/x509.c
+++ b/fuzz/x509.c
@@ -37,6 +37,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
         X509_print(bio, x509);
         BIO_free(bio);
 
+        X509_issuer_and_serial_hash(x509);
+
         i2d_X509(x509, &der);
         OPENSSL_free(der);
 
-- 
2.47.2