Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests

author Tomas Mraz <tomas@openssl.org>

Fri, 27 Aug 2021 09:37:10 +0000 (11:37 +0200)

committer Pauli <pauli@openssl.org>

Wed, 1 Sep 2021 01:45:24 +0000 (11:45 +1000)
author Tomas Mraz <tomas@openssl.org>
Fri, 27 Aug 2021 09:37:10 +0000 (11:37 +0200)
committer Pauli <pauli@openssl.org>
Wed, 1 Sep 2021 01:45:24 +0000 (11:45 +1000)
diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c

index 85a631a27aa703358b630b70e744eddf95a45ea4..f86623fdfac1ce07b0fd9e33fac4d928d424ba7e 100644 (file)
--- a/crypto/asn1/a_print.c
+++ b/crypto/asn1/a_print.c
@@ -18,12 +18,13 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len)
      int ia5 = 0;
      int t61 = 0;
  
-    if (len <= 0)
-        len = -1;
      if (s == NULL)
          return V_ASN1_PRINTABLESTRING;
  
-    while ((*s) && (len-- != 0)) {
+    if (len < 0)
+        len = strlen((const char *)s);
+
+    while (len-- > 0) {
          c = *(s++);
          if (!ossl_isasn1print(c))
              ia5 = 1;
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c

index 3d99d1383d429b965c8505ad523a6af0e7cabc75..b9b7ad8e9e023b71e1d17f05c1469ff6faf8cdff 100644 (file)
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -294,7 +294,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
          c = str->data;
  #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
          /* No NUL terminator in fuzzing builds */
-        str->data = OPENSSL_realloc(c, len);
+        str->data = OPENSSL_realloc(c, len != 0 ? len : 1);
  #else
          str->data = OPENSSL_realloc(c, len + 1);
  #endif
@@ -307,7 +307,11 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
      str->length = len;
      if (data != NULL) {
          memcpy(str->data, data, len);
-#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+        /* Set the unused byte to something non NUL and printable. */
+        if (len == 0)
+            str->data[len] = '~';
+#else
          /*
           * Add a NUL terminator. This should not be necessary - but we add it as
           * a safety precaution
@@ -375,7 +379,8 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
  
      i = (a->length - b->length);
      if (i == 0) {
-        i = memcmp(a->data, b->data, a->length);
+        if (a->length != 0)
+            i = memcmp(a->data, b->data, a->length);
          if (i == 0)
              return a->type - b->type;
          else
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c

index 799fee771ba517cadb0e292a078ec50b2105e6fd..dd4a2e3203da70d0f9cfb42cbbd243c2fe6c473d 100644 (file)
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -225,7 +225,7 @@ static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src)
  static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen,
                                ASN1_OCTET_STRING *src, size_t maxlen)
  {
-    if (src == NULL) {
+    if (src == NULL || src->length == 0) {
          *pdstlen = 0;
          return 1;
      }
author	Tomas Mraz <tomas@openssl.org>
	Fri, 27 Aug 2021 09:37:10 +0000 (11:37 +0200)
committer	Pauli <pauli@openssl.org>
	Wed, 1 Sep 2021 01:45:24 +0000 (11:45 +1000)
crypto/asn1/a_print.c		patch \| blob \| blame \| history
crypto/asn1/asn1_lib.c		patch \| blob \| blame \| history
ssl/ssl_asn1.c		patch \| blob \| blame \| history