From acee7d68e1037d18f34d03bcd70af6b1b6e48299 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 11 Oct 2023 10:43:58 +0100 Subject: [PATCH] Updates to the quic client fuzzer Handle retryable errors from SSL_read(). Also ensure the underlying BIO handles the destination address capability. Reviewed-by: Tomas Mraz Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/22368) --- fuzz/quic-client.c | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/fuzz/quic-client.c b/fuzz/quic-client.c index c172372af31..548ed7ec32f 100644 --- a/fuzz/quic-client.c +++ b/fuzz/quic-client.c @@ -16,6 +16,7 @@ #include #include #include +#include #include "fuzzer.h" #include "internal/sockets.h" @@ -98,9 +99,14 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) BIO_free(in); goto end; } - if (SSL_set_alpn_protos(client, (const unsigned char *)"\x08quicfuzz", 9) != 0) + if (!BIO_dgram_set_caps(out, BIO_DGRAM_CAP_HANDLES_DST_ADDR)) { + BIO_free(in); + BIO_free(out); goto end; + } SSL_set_bio(client, in, out); + if (SSL_set_alpn_protos(client, (const unsigned char *)"\x08ossltest", 9) != 0) + goto end; if (SSL_set1_initial_peer_addr(client, peer_addr) != 1) goto end; SSL_set_connect_state(client); @@ -118,10 +124,23 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) buf += size + 2; if (SSL_do_handshake(client) == 1) { - /* Keep reading application data until error or EOF. */ + /* + * Keep reading application data until there are no more datagrams + * to inject or a fatal error occurs + */ uint8_t tmp[1024]; - if (SSL_read(client, tmp, sizeof(tmp)) <= 0) - break; + int ret; + + ret = SSL_read(client, tmp, sizeof(tmp)); + if (ret <= 0) { + switch (SSL_get_error(client, ret)) { + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: + break; + default: + goto end; + } + } } } end: -- 2.47.2