/src/tests/create/kdb5_mkdums
+/src/tests/fuzzing/fuzz_aes
+/src/tests/fuzzing/fuzz_asn
+/src/tests/fuzzing/fuzz_attrset
/src/tests/fuzzing/fuzz_chpw
+/src/tests/fuzzing/fuzz_crypto
+/src/tests/fuzzing/fuzz_des
/src/tests/fuzzing/fuzz_gss
/src/tests/fuzzing/fuzz_json
+/src/tests/fuzzing/fuzz_kdc
/src/tests/fuzzing/fuzz_krad
+/src/tests/fuzzing/fuzz_krb
/src/tests/fuzzing/fuzz_krb5_ticket
/src/tests/fuzzing/fuzz_marshal_cred
/src/tests/fuzzing/fuzz_marshal_princ
/src/tests/fuzzing/fuzz_ndr
+/src/tests/fuzzing/fuzz_oid
/src/tests/fuzzing/fuzz_pac
/src/tests/fuzzing/fuzz_profile
/src/tests/fuzzing/fuzz_util
mydir=tests$(S)fuzzing
BUILDTOP=$(REL)..$(S)..
-LOCALINCLUDES = -I$(srcdir)/../../lib/krb5/ccache -I$(srcdir)/../../kdc \
- -I$(srcdir)/../../util/profile -I$(srcdir)/../../util/support
-
-OBJS = \
+LOCALINCLUDES= \
+ -I$(srcdir)/../../lib/crypto/krb -I$(srcdir)/../../lib/krad \
+ -I$(srcdir)/../../lib/crypto/builtin/des -I$(srcdir)/../../kdc \
+ -I$(srcdir)/../../lib/krb5/ccache -I$(srcdir)/../../util/profile \
+ -I$(srcdir)/../../util/support
+
+OBJS= \
+ fuzz_aes.o \
+ fuzz_asn.o \
+ fuzz_attrset.o \
fuzz_chpw.o \
+ fuzz_crypto.o \
+ fuzz_des.o \
fuzz_gss.o \
fuzz_json.o \
+ fuzz_kdc.o \
fuzz_krad.o \
+ fuzz_krb.o \
fuzz_krb5_ticket.o \
fuzz_marshal_cred.o \
fuzz_marshal_princ.o \
fuzz_ndr.o \
+ fuzz_oid.o \
fuzz_pac.o \
fuzz_profile.o \
fuzz_util.o
-SRCS = \
+SRCS= \
+ $(srcdir)/fuzz_aes.c \
+ $(srcdir)/fuzz_asn.c \
+ $(srcdir)/fuzz_attrset.c \
$(srcdir)/fuzz_chpw.c \
+ $(srcdir)/fuzz_crypto.c \
+ $(srcdir)/fuzz_des.c \
$(srcdir)/fuzz_gss.c \
$(srcdir)/fuzz_json.c \
+ $(srcdir)/fuzz_kdc.c \
$(srcdir)/fuzz_krad.c \
+ $(srcdir)/fuzz_krb.c \
$(srcdir)/fuzz_krb5_ticket.c \
$(srcdir)/fuzz_marshal_cred.c \
$(srcdir)/fuzz_marshal_princ.c \
$(srcdir)/fuzz_ndr.c \
+ $(srcdir)/fuzz_oid.c \
$(srcdir)/fuzz_pac.c \
$(srcdir)/fuzz_profile.c \
$(srcdir)/fuzz_util.c
FUZZ_TARGETS= \
+ fuzz_aes \
+ fuzz_asn \
+ fuzz_attrset \
fuzz_chpw \
+ fuzz_crypto \
+ fuzz_des \
fuzz_gss \
fuzz_json \
+ fuzz_kdc \
fuzz_krad \
+ fuzz_krb \
fuzz_krb5_ticket \
fuzz_marshal_cred \
fuzz_marshal_princ \
fuzz_ndr \
+ fuzz_oid \
fuzz_pac \
fuzz_profile \
fuzz_util
# OSS-Fuzz requires fuzz targets to be linked with the C++ linker,
# even if they are written in C.
+fuzz_aes: fuzz_aes.o $(KRB5_BASE_DEPLIBS)
+ $(CXX_LINK) -o $@ fuzz_aes.o $(KRB5_BASE_LIBS) $(FUZZ_LDFLAGS)
+
+fuzz_asn: fuzz_asn.o $(KRB5_BASE_DEPLIBS)
+ $(CXX_LINK) -o $@ fuzz_asn.o $(KRB5_BASE_LIBS) $(FUZZ_LDFLAGS)
+
+fuzz_attrset: fuzz_attrset.o $(KRB5_BASE_DEPLIBS)
+ $(CXX_LINK) -o $@ fuzz_attrset.o -lkrad $(KRB5_BASE_LIBS) $(FUZZ_LDFLAGS)
+
fuzz_chpw: fuzz_chpw.o $(KRB5_BASE_DEPLIBS)
$(CXX_LINK) -o $@ fuzz_chpw.o $(KRB5_BASE_LIBS) $(FUZZ_LDFLAGS)
+fuzz_crypto: fuzz_crypto.o $(KRB5_BASE_DEPLIBS)
+ $(CXX_LINK) -o $@ fuzz_crypto.o $(KRB5_BASE_LIBS) $(FUZZ_LDFLAGS)
+
+fuzz_des: fuzz_des.o $(KRB5_BASE_DEPLIBS)
+ $(CXX_LINK) -o $@ fuzz_des.o $(KRB5_BASE_LIBS) $(FUZZ_LDFLAGS)
+
fuzz_gss: fuzz_gss.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
$(CXX_LINK) -o $@ fuzz_gss.o $(GSS_LIBS) $(KRB5_BASE_LIBS) $(FUZZ_LDFLAGS)
fuzz_json: fuzz_json.o $(KRB5_BASE_DEPLIBS)
$(CXX_LINK) -o $@ fuzz_json.o $(KRB5_BASE_LIBS) $(FUZZ_LDFLAGS)
+fuzz_kdc: fuzz_kdc.o $(KRB5_BASE_DEPLIBS)
+ $(CXX_LINK) -o $@ fuzz_kdc.o $(KRB5_BASE_LIBS) $(FUZZ_LDFLAGS)
+
fuzz_krad: fuzz_krad.o $(KRB5_BASE_DEPLIBS)
$(CXX_LINK) -o $@ fuzz_krad.o -lkrad $(KRB5_BASE_LIBS) $(FUZZ_LDFLAGS)
+fuzz_krb: fuzz_krb.o $(KRB5_BASE_DEPLIBS)
+ $(CXX_LINK) -o $@ fuzz_krb.o $(KRB5_BASE_LIBS) $(FUZZ_LDFLAGS)
+
fuzz_krb5_ticket: fuzz_krb5_ticket.o $(KRB5_BASE_DEPLIBS)
$(CXX_LINK) -o $@ fuzz_krb5_ticket.o $(KRB5_BASE_LIBS) $(FUZZ_LDFLAGS)
fuzz_ndr: fuzz_ndr.o $(KRB5_BASE_DEPLIBS)
$(CXX_LINK) -o $@ fuzz_ndr.o $(KRB5_BASE_LIBS) $(FUZZ_LDFLAGS)
+fuzz_oid: fuzz_oid.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+ $(CXX_LINK) -o $@ fuzz_oid.o $(GSS_LIBS) $(KRB5_BASE_LIBS) $(FUZZ_LDFLAGS)
+
fuzz_pac: fuzz_pac.o $(KRB5_BASE_DEPLIBS)
$(CXX_LINK) -o $@ fuzz_pac.o $(KRB5_BASE_LIBS) $(FUZZ_LDFLAGS)
#
# Generated makefile dependencies follow.
#
+$(OUTPRE)fuzz_aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../lib/crypto/krb/crypto_int.h \
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ fuzz_aes.c
+$(OUTPRE)fuzz_asn.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-spake.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ fuzz_asn.c
+$(OUTPRE)fuzz_attrset.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+ $(srcdir)/../../lib/krad/internal.h $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/krad.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ fuzz_attrset.c
$(OUTPRE)fuzz_chpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
$(top_srcdir)/include/socket-utils.h fuzz_chpw.c
+$(OUTPRE)fuzz_crypto.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../lib/crypto/krb/crypto_int.h \
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ fuzz_crypto.c
+$(OUTPRE)fuzz_des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../lib/crypto/builtin/des/des_int.h \
+ $(srcdir)/../../lib/crypto/builtin/des/f_cbc.c $(srcdir)/../../lib/crypto/builtin/des/f_tables.h \
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ fuzz_des.c
$(OUTPRE)fuzz_gss.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \
$(COM_ERR_DEPS) $(top_srcdir)/include/gssapi.h $(top_srcdir)/include/krb5.h \
$(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
$(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
fuzz_json.c
+$(OUTPRE)fuzz_kdc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
+ $(srcdir)/../../kdc/extern.h $(srcdir)/../../kdc/kdc_util.h \
+ $(srcdir)/../../kdc/realm_data.h $(srcdir)/../../kdc/replay.c \
+ $(srcdir)/../../kdc/reqstate.h $(top_srcdir)/include/gssrpc/auth.h \
+ $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+ $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+ $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+ $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+ $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+ $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+ $(top_srcdir)/include/k5-hashtab.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-queue.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/kdcpreauth_plugin.h \
+ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ fuzz_kdc.c
$(OUTPRE)fuzz_krad.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
$(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
$(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
$(top_srcdir)/include/socket-utils.h fuzz_krad.c
+$(OUTPRE)fuzz_krb.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-base64.h \
+ $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-hex.h \
+ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+ $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
+ $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/port-sockets.h \
+ $(top_srcdir)/include/socket-utils.h fuzz_krb.c
$(OUTPRE)fuzz_krb5_ticket.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
$(top_srcdir)/include/krb5/kdcpreauth_plugin.h $(top_srcdir)/include/krb5/plugin.h \
$(top_srcdir)/include/net-server.h $(top_srcdir)/include/port-sockets.h \
$(top_srcdir)/include/socket-utils.h fuzz_ndr.c
+$(OUTPRE)fuzz_oid.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
+ $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/krb5/krb5.h \
+ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+ $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+ $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+ $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+ $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+ $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
+ $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+ fuzz_oid.c
$(OUTPRE)fuzz_pac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
--- /dev/null
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/fuzzing/fuzz_aes.c - fuzzing harness for AES encryption/decryption */
+/*
+ * Copyright (C) 2024 by Arjun. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "autoconf.h"
+#include <k5-int.h>
+#include <crypto_int.h>
+
+#define kMinInputLength 48
+#define kMaxInputLength 512
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+static void
+fuzz_aes(const uint8_t *data, size_t size, size_t key_size, krb5_enctype etype)
+{
+ krb5_error_code ret;
+ krb5_keyblock keyblock;
+ krb5_crypto_iov iov;
+ krb5_key key = NULL;
+ char *aeskey = NULL, *data_in = NULL;
+ char encivbuf[16] = { 0 }, decivbuf[16] = { 0 };
+ krb5_data enciv = make_data(encivbuf, 16), deciv = make_data(decivbuf, 16);
+
+ aeskey = k5memdup(data, key_size, &ret);
+ if (ret)
+ return;
+
+ data_in = k5memdup(data + key_size, size - key_size, &ret);
+ if (ret)
+ goto cleanup;
+
+ keyblock.contents = (krb5_octet *)aeskey;
+ keyblock.length = key_size;
+ keyblock.enctype = etype;
+
+ ret = krb5_k_create_key(NULL, &keyblock, &key);
+ if (ret)
+ goto cleanup;
+
+ iov.flags = KRB5_CRYPTO_TYPE_DATA;
+ iov.data = make_data(data_in, size - key_size);
+
+ /* iov.data.data is input and output buffer */
+ ret = krb5int_aes_encrypt(key, &enciv, &iov, 1);
+ if (ret)
+ goto cleanup;
+
+ ret = krb5int_aes_decrypt(key, &deciv, &iov, 1);
+ if (ret)
+ goto cleanup;
+
+ /* Check that decryption result matches original plaintext. */
+ ret = memcmp(data_in, data + key_size, size - key_size);
+ if (ret)
+ abort();
+
+ (void)krb5int_aes_decrypt(key, &deciv, &iov, 1);
+
+cleanup:
+ free(aeskey);
+ free(data_in);
+ krb5_k_free_key(NULL, key);
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ if (size < kMinInputLength || size > kMaxInputLength)
+ return 0;
+
+ fuzz_aes(data, size, 16, ENCTYPE_AES128_CTS_HMAC_SHA1_96);
+ fuzz_aes(data, size, 16, ENCTYPE_AES256_CTS_HMAC_SHA1_96);
+ fuzz_aes(data, size, 32, ENCTYPE_AES128_CTS_HMAC_SHA1_96);
+ fuzz_aes(data, size, 32, ENCTYPE_AES256_CTS_HMAC_SHA1_96);
+
+ return 0;
+}
--- /dev/null
+I would like the General Gau's Chicken, please, and wonton soup.
\ No newline at end of file
--- /dev/null
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/fuzzing/fuzz_asn.c - fuzzing harness for ASN.1 encoding/decoding */
+/*
+ * Copyright (C) 2024 by Arjun. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "autoconf.h"
+#include <k5-spake.h>
+
+#define kMinInputLength 2
+#define kMaxInputLength 2048
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+static void
+free_cred_enc_part_whole(krb5_context ctx, krb5_cred_enc_part *val)
+{
+ krb5_free_cred_enc_part(ctx, val);
+ free(val);
+}
+
+static void
+free_kkdcp_message(krb5_context context, krb5_kkdcp_message *val)
+{
+ if (val == NULL)
+ return;
+ free(val->kerb_message.data);
+ free(val->target_domain.data);
+ free(val);
+}
+
+#define FUZZ_ASAN(type, encoder, decoder, freefn) do { \
+ type *v; \
+ krb5_data *data_out = NULL; \
+ \
+ if ((*decoder)(&data_in, &v) != 0) \
+ break; \
+ \
+ (*encoder)(v, &data_out); \
+ krb5_free_data(context, data_out); \
+ (*freefn)(context, v); \
+ } while (0)
+
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ krb5_context context;
+ krb5_data data_in;
+
+ if (size < kMinInputLength || size > kMaxInputLength)
+ return 0;
+
+ if (krb5_init_context(&context))
+ return 0;
+
+ data_in = make_data((void *)data, size);
+
+ /* Adapted from krb5_decode_leak.c */
+ FUZZ_ASAN(krb5_authenticator, encode_krb5_authenticator,
+ decode_krb5_authenticator, krb5_free_authenticator);
+ FUZZ_ASAN(krb5_ticket, encode_krb5_ticket, decode_krb5_ticket,
+ krb5_free_ticket);
+ FUZZ_ASAN(krb5_keyblock, encode_krb5_encryption_key,
+ decode_krb5_encryption_key, krb5_free_keyblock);
+ FUZZ_ASAN(krb5_enc_tkt_part, encode_krb5_enc_tkt_part,
+ decode_krb5_enc_tkt_part, krb5_free_enc_tkt_part);
+ FUZZ_ASAN(krb5_enc_kdc_rep_part, encode_krb5_enc_kdc_rep_part,
+ decode_krb5_enc_kdc_rep_part, krb5_free_enc_kdc_rep_part);
+ FUZZ_ASAN(krb5_kdc_rep, encode_krb5_as_rep, decode_krb5_as_rep,
+ krb5_free_kdc_rep);
+ FUZZ_ASAN(krb5_kdc_rep, encode_krb5_tgs_rep, decode_krb5_tgs_rep,
+ krb5_free_kdc_rep);
+ FUZZ_ASAN(krb5_ap_req, encode_krb5_ap_req, decode_krb5_ap_req,
+ krb5_free_ap_req);
+ FUZZ_ASAN(krb5_ap_rep, encode_krb5_ap_rep, decode_krb5_ap_rep,
+ krb5_free_ap_rep);
+ FUZZ_ASAN(krb5_ap_rep_enc_part, encode_krb5_ap_rep_enc_part,
+ decode_krb5_ap_rep_enc_part, krb5_free_ap_rep_enc_part);
+ FUZZ_ASAN(krb5_kdc_req, encode_krb5_as_req, decode_krb5_as_req,
+ krb5_free_kdc_req);
+ FUZZ_ASAN(krb5_kdc_req, encode_krb5_tgs_req, decode_krb5_tgs_req,
+ krb5_free_kdc_req);
+ FUZZ_ASAN(krb5_kdc_req, encode_krb5_kdc_req_body, decode_krb5_kdc_req_body,
+ krb5_free_kdc_req);
+ FUZZ_ASAN(krb5_safe, encode_krb5_safe, decode_krb5_safe, krb5_free_safe);
+ FUZZ_ASAN(krb5_priv, encode_krb5_priv, decode_krb5_priv, krb5_free_priv);
+ FUZZ_ASAN(krb5_priv_enc_part, encode_krb5_enc_priv_part,
+ decode_krb5_enc_priv_part, krb5_free_priv_enc_part);
+ FUZZ_ASAN(krb5_cred, encode_krb5_cred, decode_krb5_cred, krb5_free_cred);
+ FUZZ_ASAN(krb5_cred_enc_part, encode_krb5_enc_cred_part,
+ decode_krb5_enc_cred_part, free_cred_enc_part_whole);
+ FUZZ_ASAN(krb5_error, encode_krb5_error, decode_krb5_error,
+ krb5_free_error);
+ FUZZ_ASAN(krb5_authdata *, encode_krb5_authdata, decode_krb5_authdata,
+ krb5_free_authdata);
+ FUZZ_ASAN(krb5_pa_data *, encode_krb5_padata_sequence,
+ decode_krb5_padata_sequence, krb5_free_pa_data);
+ FUZZ_ASAN(krb5_pa_data *, encode_krb5_typed_data,
+ decode_krb5_typed_data, krb5_free_pa_data);
+ FUZZ_ASAN(krb5_etype_info_entry *, encode_krb5_etype_info,
+ decode_krb5_etype_info, krb5_free_etype_info);
+ FUZZ_ASAN(krb5_etype_info_entry *, encode_krb5_etype_info2,
+ decode_krb5_etype_info2, krb5_free_etype_info);
+ FUZZ_ASAN(krb5_pa_enc_ts, encode_krb5_pa_enc_ts, decode_krb5_pa_enc_ts,
+ krb5_free_pa_enc_ts);
+ FUZZ_ASAN(krb5_enc_data, encode_krb5_enc_data, decode_krb5_enc_data,
+ krb5_free_enc_data);
+ FUZZ_ASAN(krb5_sam_challenge_2, encode_krb5_sam_challenge_2,
+ decode_krb5_sam_challenge_2, krb5_free_sam_challenge_2);
+ FUZZ_ASAN(krb5_sam_challenge_2_body, encode_krb5_sam_challenge_2_body,
+ decode_krb5_sam_challenge_2_body,
+ krb5_free_sam_challenge_2_body);
+ FUZZ_ASAN(krb5_sam_response_2, encode_krb5_sam_response_2,
+ decode_krb5_sam_response_2, krb5_free_sam_response_2);
+ FUZZ_ASAN(krb5_enc_sam_response_enc_2, encode_krb5_enc_sam_response_enc_2,
+ decode_krb5_enc_sam_response_enc_2,
+ krb5_free_enc_sam_response_enc_2);
+ FUZZ_ASAN(krb5_pa_for_user, encode_krb5_pa_for_user,
+ decode_krb5_pa_for_user, krb5_free_pa_for_user);
+ FUZZ_ASAN(krb5_pa_s4u_x509_user, encode_krb5_pa_s4u_x509_user,
+ decode_krb5_pa_s4u_x509_user, krb5_free_pa_s4u_x509_user);
+ FUZZ_ASAN(krb5_ad_kdcissued, encode_krb5_ad_kdcissued,
+ decode_krb5_ad_kdcissued, krb5_free_ad_kdcissued);
+ FUZZ_ASAN(krb5_iakerb_header, encode_krb5_iakerb_header,
+ decode_krb5_iakerb_header, krb5_free_iakerb_header);
+ FUZZ_ASAN(krb5_iakerb_finished, encode_krb5_iakerb_finished,
+ decode_krb5_iakerb_finished, krb5_free_iakerb_finished);
+ FUZZ_ASAN(krb5_fast_response, encode_krb5_fast_response,
+ decode_krb5_fast_response, krb5_free_fast_response);
+ FUZZ_ASAN(krb5_enc_data, encode_krb5_pa_fx_fast_reply,
+ decode_krb5_pa_fx_fast_reply, krb5_free_enc_data);
+
+ /* Adapted from krb5_encode_test.c */
+ FUZZ_ASAN(krb5_otp_tokeninfo, encode_krb5_otp_tokeninfo,
+ decode_krb5_otp_tokeninfo, k5_free_otp_tokeninfo);
+ FUZZ_ASAN(krb5_pa_otp_challenge, encode_krb5_pa_otp_challenge,
+ decode_krb5_pa_otp_challenge, k5_free_pa_otp_challenge);
+ FUZZ_ASAN(krb5_pa_otp_req, encode_krb5_pa_otp_req, decode_krb5_pa_otp_req,
+ k5_free_pa_otp_req);
+ FUZZ_ASAN(krb5_data, encode_krb5_pa_otp_enc_req,
+ decode_krb5_pa_otp_enc_req, krb5_free_data);
+ FUZZ_ASAN(krb5_kkdcp_message, encode_krb5_kkdcp_message,
+ decode_krb5_kkdcp_message, free_kkdcp_message);
+ FUZZ_ASAN(krb5_cammac, encode_krb5_cammac, decode_krb5_cammac,
+ k5_free_cammac);
+ FUZZ_ASAN(krb5_secure_cookie, encode_krb5_secure_cookie,
+ decode_krb5_secure_cookie, k5_free_secure_cookie);
+ FUZZ_ASAN(krb5_spake_factor, encode_krb5_spake_factor,
+ decode_krb5_spake_factor, k5_free_spake_factor);
+ FUZZ_ASAN(krb5_pa_spake, encode_krb5_pa_spake, decode_krb5_pa_spake,
+ k5_free_pa_spake);
+
+ /* Adapted from krb5_decode_test.c */
+ {
+ krb5_pa_pac_req *pa_pac_req = NULL;
+
+ if (decode_krb5_pa_pac_req(&data_in, &pa_pac_req) == 0)
+ free(pa_pac_req);
+ }
+
+ krb5_free_context(context);
+ return 0;
+}
--- /dev/null
+b\81ยค0\81ยกย \ 3\ 2\ 1\ 5ยก\10\e\ eATHENA.MIT.EDUยข\1a0\18ย \ 3\ 2\ 1\ 1ยก\110\ f\e\ 6hftsai\e\ 5extraยฃ\ f0\rย \ 3\ 2\ 1\ 1ยก\ 6\ 4\ 41234ยค\ 5\ 2\ 3\ 1รข@ยฅ\11\18\ f19940610060317Zยฆ\130\11ย \ 3\ 2\ 1\ 1ยก
+\ 4\b12345678ยง\ 6\ 2\ 4รฟรฟรฟรฟยจ$0"0\ fย \ 3\ 2\ 1\ 1ยก\b\ 4\ 6foobar0\ fย \ 3\ 2\ 1\ 1ยก\b\ 4\ 6foobar
\ No newline at end of file
--- /dev/null
+0\1aย \ 3\ 2\ 1\ 1ยก
+\ 4\b12345678ยข\a0\ 5ย \ 3\ 2\ 1\ 1
\ No newline at end of file
--- /dev/null
+0\12ย \ 4\ 2\ 2รฟ\ 1ยก
+\ 4\b12345678
\ No newline at end of file
--- /dev/null
+0\14ย \ 6\ 2\ 4\7fรฟรฟรฟยก
+\ 4\b12345678
\ No newline at end of file
--- /dev/null
+0\81\85ย 503ย \ 5\ 2\ 3\ 1รข@ยก\11\18\ f19940610060317Zยข\ 3\ 2\ 1*ยฃ\ 6\ 4\ 41234ยค
+\ 4\bkrb5dataยก\b\ 4\ 6pvalueยข$0"0\13\ 6 *\86H\86รท\12\ 1\ 2\ 2\ 4\ 6params0\v\ 6 *\86H\86รท\12\ 1\ 2\ 2ยฃ
+\ 4\bkrb5dataยค\100\ e0\fย
+\ 6\bkrb5data
\ No newline at end of file
--- /dev/null
+0\12ย \100\ e0\fย \ 3\ 2\ 1\ 1ยก\ 5\ 4\ 3ad1
\ No newline at end of file
--- /dev/null
+0\81รฒย \1e0\1c0\fย \ 3\ 2\ 1\ 1ยก\ 5\ 4\ 3ad10\fย \ 3\ 2\ 1\ 2ยก\ 5\ 4\ 3ad2ยก=0;ย \1a0\18ย \ 3\ 2\ 1\ 1ยก\110\ f\e\ 6hftsai\e\ 5extraยก\ 3\ 2\ 1\ 5ยข\ 3\ 2\ 1\10ยฃ\130\11ย \ 3\ 2\ 1\ 1ยก
+\ 4\bcksumkdcยข=0;ย \1a0\18ย \ 3\ 2\ 1\ 1ยก\110\ f\e\ 6hftsai\e\ 5extraยก\ 3\ 2\ 1\ 5ยข\ 3\ 2\ 1\10ยฃ\130\11ย \ 3\ 2\ 1\ 1ยก
+\ 4\bcksumsvcยฃR0P0\13ยฃ\110\ fย \ 3\ 2\ 1\ 1ยก\b\ 4\ 6cksum109ย \1a0\18ย \ 3\ 2\ 1\ 1ยก\110\ f\e\ 6hftsai\e\ 5extraยก\ 3\ 2\ 1\ 5ยข\ 3\ 2\ 1\10ยฃ\110\ fย \ 3\ 2\ 1\ 1ยก\b\ 4\ 6cksum2
\ No newline at end of file
--- /dev/null
+0eย \ f0\rย \ 3\ 2\ 1\ 1ยก\ 6\ 4\ 41234ยก\10\e\ eATHENA.MIT.EDUยข\1a0\18ย \ 3\ 2\ 1\ 1ยก\110\ f\e\ 6hftsai\e\ 5extraยฃ$0"0\ fย \ 3\ 2\ 1\ 1ยก\b\ 4\ 6foobar0\ fย \ 3\ 2\ 1\ 1ยก\b\ 4\ 6foobar
\ No newline at end of file
--- /dev/null
+{\1c0\1aย \11\18\ f19940610060317Zยก\ 5\ 2\ 3\ 1รข@
\ No newline at end of file
--- /dev/null
+0"0\ fย \ 3\ 2\ 1\ 1ยก\b\ 4\ 6foobar0\ fย \ 3\ 2\ 1\ 1ยก\b\ 4\ 6foobar
\ No newline at end of file
--- /dev/null
+bO0Mย \ 3\ 2\ 1\ 5ยก\10\e\ eATHENA.MIT.EDUยข\1a0\18ย \ 3\ 2\ 1\ 1ยก\110\ f\e\ 6hftsai\e\ 5extraยค\ 5\ 2\ 3\ 1รข@ยฅ\11\18\ f19940610060317Z
\ No newline at end of file
--- /dev/null
+~\81ยบ0\81ยทย \ 3\ 2\ 1\ 5ยก\ 3\ 2\ 1\1eยข\11\18\ f19940610060317Zยฃ\ 5\ 2\ 3\ 1รข@ยค\11\18\ f19940610060317Zยฅ\ 5\ 2\ 3\ 1รข@ยฆ\ 3\ 2\ 1<ยง\10\e\ eATHENA.MIT.EDUยจ\1a0\18ย \ 3\ 2\ 1\ 1ยก\110\ f\e\ 6hftsai\e\ 5extraยฉ\10\e\ eATHENA.MIT.EDUยช\1a0\18ย \ 3\ 2\ 1\ 1ยก\110\ f\e\ 6hftsai\e\ 5extraยซ
+\e\bkrb5dataยฌ
+\ 4\bkrb5data
\ No newline at end of file
--- /dev/null
+~`0^ย \ 3\ 2\ 1\ 5ยก\ 3\ 2\ 1\1eยฃ\ 5\ 2\ 3\ 1รข@ยค\11\18\ f19940610060317Zยฅ\ 5\ 2\ 3\ 1รข@ยฆ\ 3\ 2\ 1<ยฉ\10\e\ eATHENA.MIT.EDUยช\1a0\18ย \ 3\ 2\ 1\ 1ยก\110\ f\e\ 6hftsai\e\ 5extra
\ No newline at end of file
--- /dev/null
+0\81\9fย &0$0\10ยก\ 3\ 2\ 1\rยข \ 4\apa-data0\10ยก\ 3\ 2\ 1\rยข \ 4\apa-dataยก\130\11ย \ 3\ 2\ 1\ 1ยก
+\ 4\b12345678ยข[0Yย \11\18\ f19940610060317Zยก\ 5\ 2\ 3\ 1รข@ยข\10\e\ eATHENA.MIT.EDUยฃ\1a0\18ย \ 3\ 2\ 1\ 1ยก\110\ f\e\ 6hftsai\e\ 5extraยค\ f0\rย \ 3\ 2\ 1\ 1ยก\ 6\ 4\ 41234ยฃ\ 3\ 2\ 1*
\ No newline at end of file
--- /dev/null
+0\11ยก\ f0\rย \ 3\ 2\ 1\ 1ยก\ 6\ 4\ 41234
\ No newline at end of file
--- /dev/null
+0\18ยก
+\f\bkrb5dataยข
+\ 4\bkrb5data
\ No newline at end of file
--- /dev/null
+0\13ย \11\18\ f19940610060317Z
\ No newline at end of file
--- /dev/null
+0Kย \1a0\18ย \ 3\ 2\ 1\ 1ยก\110\ f\e\ 6hftsai\e\ 5extraยก\10\e\ eATHENA.MIT.EDUยข\ f0\rย \ 3\ 2\ 1\ 1ยก\ 6\ 4\ 41234ยฃ
+\e\bkrb5data
\ No newline at end of file
--- /dev/null
+ย (0&\80\bkrb5dataยก
+\ 4\bkrb5dataยข\ e0\fย
+\ 6\bkrb5data
\ No newline at end of file
--- /dev/null
+\81\bkrb5data
\ No newline at end of file
--- /dev/null
+ย \f0
+ย \b0\ 6\ 2\ 1\ 1\ 2\ 1\ 2
\ No newline at end of file
--- /dev/null
+ยก-0+ย \ 3\ 2\ 1\ 1ยก \ 4\aT valueยข\190\170\ 5ย \ 3\ 2\ 1\ 10\ eย \ 3\ 2\ 1\ 2ยก\a\ 4\ 5fdata
\ No newline at end of file
--- /dev/null
+0&ย \130\11ย \ 3\ 2\ 1\ 1ยก
+\ 4\b12345678ยก\ f0\rย \ 3\ 2\ 1\ 1ยก\ 6\ 4\ 41234
\ No newline at end of file
--- /dev/null
+0"ย \r0\v\ 4 challengeยก\110\ f0\rย \ 3\ 2\ 1\ 1ยก\ 6\ 4\ 41234
\ No newline at end of file
--- /dev/null
+0,\ 2\ 4-รธ\ 2%0$0\10ยก\ 3\ 2\ 1\rยข \ 4\apa-data0\10ยก\ 3\ 2\ 1\rยข \ 4\apa-data
\ No newline at end of file
--- /dev/null
+0\81\810\v\ 6 *\86H\86รท\12\ 1\ 2\ 2ย 2\ 400.ย \10\e\ eATHENA.MIT.EDUยก\1a0\18ย \ 3\ 2\ 1\ 1ยก\110\ f\e\ 6hftsai\e\ 5extraยก2\ 400.ย \10\e\ eATHENA.MIT.EDUยก\1a0\18ย \ 3\ 2\ 1\ 1ยก\110\ f\e\ 6hftsai\e\ 5extraยข
+\ 4\bkrb5data
\ No newline at end of file
--- /dev/null
+0\ 5ย \ 3\ 2\ 1\ 1
\ No newline at end of file
--- /dev/null
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/fuzzing/fuzz_attrset.c - fuzzing harness for kr_attrset functions */
+/*
+ * Copyright (C) 2024 by Arjun. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "autoconf.h"
+#include <k5-int.h>
+#include <internal.h>
+
+#define kMinInputLength 2
+#define kMaxInputLength 1024
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krad_attrset *set;
+ krb5_data data_in;
+ uint8_t buffer[KRAD_PACKET_SIZE_MAX], auth[MD5_DIGEST_SIZE] = { 0 };
+ size_t encode_len;
+
+ if (size < kMinInputLength || size > kMaxInputLength)
+ return 0;
+
+ data_in = make_data((void *)data, size);
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ return 0;
+
+ ret = kr_attrset_decode(context, &data_in, "f", auth, &set);
+ if (!ret)
+ kr_attrset_encode(set, "f", auth, FALSE, buffer, &encode_len);
+
+ krad_attrset_free(set);
+ krb5_free_context(context);
+
+ return 0;
+}
--- /dev/null
+\ 1
+testUser\ 2\12X\8dรฟร7รนรคร\19ยฎIยท\16mX'
\ No newline at end of file
--- /dev/null
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/fuzzing/fuzz_crypto.c - fuzzing harness for general crypto */
+/*
+ * Copyright (C) 2024 by Arjun. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "autoconf.h"
+#include <k5-int.h>
+#include <crypto_int.h>
+
+#define kMinInputLength 2
+#define kMaxInputLength 512
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+static void
+fuzz_checksum(krb5_cksumtype sumtype, krb5_keyblock keyblock,
+ krb5_keyusage usage, krb5_data data)
+{
+ krb5_error_code ret;
+ krb5_checksum cksum;
+ krb5_boolean valid;
+
+ ret = krb5_c_make_checksum(NULL, sumtype, &keyblock, usage, &data, &cksum);
+ if (ret)
+ return;
+
+ ret = krb5_c_verify_checksum(NULL, &keyblock, usage, &data, &cksum,
+ &valid);
+ if (ret || !valid)
+ abort();
+
+ krb5_free_checksum_contents(NULL, &cksum);
+}
+
+static void
+fuzz_crypt(krb5_keyblock keyblock, krb5_enctype enctype,
+ krb5_keyusage usage, krb5_data data)
+{
+ krb5_error_code ret;
+ krb5_enc_data encoded = { 0 };
+ krb5_data decoded = empty_data();
+ size_t enclen;
+
+ ret = krb5_c_encrypt_length(NULL, enctype, data.length, &enclen);
+ if (ret)
+ return;
+
+ encoded.magic = KV5M_ENC_DATA;
+ encoded.enctype = enctype;
+
+ ret = alloc_data(&encoded.ciphertext, enclen);
+ if (ret)
+ return;
+
+ ret = alloc_data(&decoded, data.length);
+ if (ret) {
+ krb5_free_data_contents(NULL, &encoded.ciphertext);
+ return;
+ }
+
+ ret = krb5_c_encrypt(NULL, &keyblock, usage, NULL, &data, &encoded);
+ if (ret)
+ goto cleanup;
+
+ ret = krb5_c_decrypt(NULL, &keyblock, usage, NULL, &encoded, &decoded);
+ if (ret)
+ goto cleanup;
+
+ if (memcmp(data.data, decoded.data, data.length) != 0)
+ abort();
+
+cleanup:
+ krb5_free_data_contents(NULL, &encoded.ciphertext);
+ krb5_free_data_contents(NULL, &decoded);
+}
+
+static void
+fuzz_prf(krb5_keyblock keyblock, krb5_enctype enctype, krb5_data data)
+{
+ krb5_error_code ret;
+ krb5_data output;
+ size_t prfsz;
+
+ ret = krb5_c_prf_length(NULL, enctype, &prfsz);
+ if (ret)
+ return;
+
+ ret = alloc_data(&output, prfsz);
+ if (ret)
+ return;
+
+ krb5_c_prf(NULL, &keyblock, &data, &output);
+
+ krb5_free_data_contents(NULL, &output);
+}
+
+static void
+fuzz_setup(krb5_enctype enctype, krb5_cksumtype sumtype,
+ krb5_keyusage usage, krb5_data data)
+{
+ krb5_error_code ret;
+ krb5_keyblock keyblock;
+
+ ret = krb5_c_make_random_key(NULL, enctype, &keyblock);
+ if (ret)
+ return;
+
+ fuzz_checksum(sumtype, keyblock, usage, data);
+ fuzz_crypt(keyblock, enctype, usage, data);
+ fuzz_prf(keyblock, enctype, data);
+
+ krb5_free_keyblock_contents(NULL, &keyblock);
+}
+
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ krb5_data data_in;
+
+ if (size < kMinInputLength || size > kMaxInputLength)
+ return 0;
+
+ data_in = make_data((void *)data, size);
+
+ fuzz_setup(ENCTYPE_DES3_CBC_SHA1, CKSUMTYPE_HMAC_SHA1_DES3, 0, data_in);
+ fuzz_setup(ENCTYPE_ARCFOUR_HMAC, CKSUMTYPE_MD5_HMAC_ARCFOUR, 1, data_in);
+ fuzz_setup(ENCTYPE_ARCFOUR_HMAC, CKSUMTYPE_HMAC_MD5_ARCFOUR, 2, data_in);
+ fuzz_setup(ENCTYPE_ARCFOUR_HMAC_EXP, CKSUMTYPE_RSA_MD4, 3, data_in);
+ fuzz_setup(ENCTYPE_ARCFOUR_HMAC_EXP, CKSUMTYPE_RSA_MD5, 4, data_in);
+ fuzz_setup(ENCTYPE_ARCFOUR_HMAC_EXP, CKSUMTYPE_SHA1, 5, data_in);
+ fuzz_setup(ENCTYPE_AES128_CTS_HMAC_SHA1_96, CKSUMTYPE_HMAC_SHA1_96_AES128,
+ 6, data_in);
+ fuzz_setup(ENCTYPE_AES256_CTS_HMAC_SHA1_96, CKSUMTYPE_HMAC_SHA1_96_AES256,
+ 7, data_in);
+ fuzz_setup(ENCTYPE_CAMELLIA128_CTS_CMAC, CKSUMTYPE_CMAC_CAMELLIA128,
+ 8, data_in);
+ fuzz_setup(ENCTYPE_CAMELLIA256_CTS_CMAC, CKSUMTYPE_CMAC_CAMELLIA256,
+ 9, data_in);
+ fuzz_setup(ENCTYPE_AES128_CTS_HMAC_SHA256_128,
+ CKSUMTYPE_HMAC_SHA256_128_AES128, 10, data_in);
+ fuzz_setup(ENCTYPE_AES256_CTS_HMAC_SHA384_192,
+ CKSUMTYPE_HMAC_SHA384_192_AES256, 11, data_in);
+
+ return 0;
+}
--- /dev/null
+brrr
\ No newline at end of file
--- /dev/null
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/fuzzing/fuzz_des.c - fuzzing harness for DES functions */
+/*
+ * Copyright (C) 2024 by Arjun. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "autoconf.h"
+#include <k5-int.h>
+#include <des_int.h>
+
+#include <f_cbc.c>
+
+#define kMinInputLength 32
+#define kMaxInputLength 128
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+uint8_t default_ivec[8] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
+
+static void
+fuzz_des(uint8_t *input, mit_des_key_schedule sched)
+{
+ uint8_t encrypt[8], decrypt[8];
+
+ mit_des_cbc_encrypt((const mit_des_cblock *)input,
+ (mit_des_cblock *)encrypt, 8,
+ sched, default_ivec, MIT_DES_ENCRYPT);
+
+ mit_des_cbc_encrypt((const mit_des_cblock *)encrypt,
+ (mit_des_cblock *)decrypt, 8,
+ sched, default_ivec, MIT_DES_DECRYPT);
+
+ if (memcmp(input, decrypt, 8) != 0)
+ abort();
+}
+
+static void
+fuzz_decrypt(uint8_t *input, mit_des_key_schedule sched)
+{
+ uint8_t output[8];
+
+ mit_des_cbc_encrypt((const mit_des_cblock *)input,
+ (mit_des_cblock *)output, 8,
+ sched, default_ivec, MIT_DES_DECRYPT);
+}
+
+static void
+fuzz_cksum(uint8_t *input, mit_des_key_schedule sched)
+{
+ uint8_t output[8];
+
+ mit_des_cbc_cksum(input, output, 8, sched, default_ivec);
+}
+
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ krb5_error_code ret;
+ mit_des_key_schedule sched;
+ uint8_t *data_in, input[8];
+
+ if (size < kMinInputLength || size > kMaxInputLength)
+ return 0;
+
+ memcpy(input, data, 8);
+ ret = mit_des_key_sched(input, sched);
+ if (ret)
+ return 0;
+
+ memcpy(input, data + 8, 8);
+ fuzz_des(input, sched);
+
+ memcpy(input, data + 16, 8);
+ fuzz_decrypt(input, sched);
+
+ data_in = k5memdup(data + 24, size - 24, &ret);
+ if (ret)
+ return 0;
+
+ fuzz_cksum(data_in, sched);
+ free(data_in);
+
+ return 0;
+}
--- /dev/null
+brrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
\ No newline at end of file
--- /dev/null
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/fuzzing/fuzz_kdc.c - fuzzing harness for KDC replay cache */
+/*
+ * Copyright (C) 2024 by Arjun. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "autoconf.h"
+
+#include <replay.c>
+
+#define kMinInputLength 2
+#define kMaxInputLength 256
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ krb5_error_code ret;
+ krb5_context context = NULL;
+ krb5_data req, rep;
+ struct entry *e;
+
+ if (size < kMinInputLength || size > kMaxInputLength)
+ return 0;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ return 0;
+
+ ret = kdc_init_lookaside(context);
+ if (ret)
+ goto cleanup;
+
+ req = make_data((void *)data, size);
+ rep = make_data((void *)data, size - 1);
+
+ e = insert_entry(context, &req, &rep, 0);
+ discard_entry(context, e);
+
+ kdc_free_lookaside(context);
+
+cleanup:
+ krb5_free_context(context);
+
+ return 0;
+}
--- /dev/null
+I Had Strings, But now i'm free.
\ No newline at end of file
--- /dev/null
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/fuzzing/krb.c - fuzzing harness for miscellaneous libkrb5 functions */
+/*
+ * Copyright (C) 2024 by Arjun. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "autoconf.h"
+#include <k5-int.h>
+
+#define kMinInputLength 2
+#define kMaxInputLength 512
+
+#define ANAME_SZ 40
+#define INST_SZ 40
+#define REALM_SZ 40
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+static void
+fuzz_deltat(char *data_in)
+{
+ krb5_deltat result;
+ krb5_string_to_deltat(data_in, &result);
+}
+
+static void
+fuzz_host_string(char *data_in)
+{
+ krb5_error_code ret;
+ char *host;
+ int port = -1;
+
+ ret = k5_parse_host_string(data_in, 0, &host, &port);
+ if (!ret)
+ free(host);
+}
+
+static void
+fuzz_princ(krb5_context context, char *data_in)
+{
+ krb5_error_code ret;
+ krb5_principal p;
+ char *princ;
+
+ ret = krb5_parse_name(context, data_in, &p);
+ if (ret)
+ return;
+
+ ret = krb5_unparse_name(context, p, &princ);
+ if (!ret)
+ free(princ);
+
+ krb5_free_principal(context, p);
+}
+
+static void
+fuzz_principal_425(krb5_context context, char *data_in)
+{
+ krb5_principal princ;
+ krb5_425_conv_principal(context, data_in, data_in, data_in, &princ);
+ krb5_free_principal(context, princ);
+}
+
+static void
+fuzz_principal_524(krb5_context context, char *data_in)
+{
+ krb5_error_code ret;
+ krb5_principal princ = 0;
+ char aname[ANAME_SZ + 1], inst[INST_SZ + 1], realm[REALM_SZ + 1];
+
+ aname[ANAME_SZ] = inst[INST_SZ] = realm[REALM_SZ] = 0;
+
+ ret = krb5_parse_name(context, data_in, &princ);
+ if (ret)
+ return;
+
+ krb5_524_conv_principal(context, princ, aname, inst, realm);
+ krb5_free_principal(context, princ);
+}
+
+static void
+fuzz_timestamp(char *data_in)
+{
+ krb5_error_code ret;
+ krb5_timestamp timestamp;
+
+ ret = krb5_string_to_timestamp(data_in, ×tamp);
+ if (!ret)
+ ts2tt(timestamp);
+}
+
+/*
+ * data_in is going to be modified during parsing.
+ */
+static void
+fuzz_enctype_list(char *data_in)
+{
+ krb5_error_code ret;
+ krb5_context context;
+ krb5_enctype *ienc, zero = 0;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ return;
+
+ ret = krb5int_parse_enctype_list(context, "", data_in, &zero, &ienc);
+ if (!ret)
+ free(ienc);
+
+ krb5_free_context(context);
+}
+
+extern int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ krb5_error_code ret;
+ krb5_context context = NULL;
+ char *data_in;
+
+ if (size < kMinInputLength || size > kMaxInputLength)
+ return 0;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ return 0;
+
+ data_in = k5memdup0(data, size, &ret);
+ if (ret)
+ goto cleanup;
+
+ fuzz_deltat(data_in);
+ fuzz_host_string(data_in);
+ fuzz_princ(context, data_in);
+ fuzz_principal_425(context, data_in);
+ fuzz_principal_524(context, data_in);
+ fuzz_timestamp(data_in);
+ fuzz_enctype_list(data_in);
+
+ free(data_in);
+
+cleanup:
+ krb5_free_context(context);
+
+ return 0;
+}
--- /dev/null
+-35791394m-9s
\ No newline at end of file
--- /dev/null
+default -aes128-cts -des-hmac-sha1
\ No newline at end of file
--- /dev/null
+aes des3-cbc-sha1-kd
\ No newline at end of file
--- /dev/null
+camellia -camellia256-cts-cmac
\ No newline at end of file
--- /dev/null
+DEFAULT +aes -arcfour-hmac-md5
\ No newline at end of file
--- /dev/null
+DEFAULT -des3 rc4-hmac rc4-hmac-exp
\ No newline at end of file
--- /dev/null
+des3 +DEFAULT
\ No newline at end of file
--- /dev/null
+aes +rc4 -DEFaulT des3-hmac-sha1
\ No newline at end of file
--- /dev/null
+70000
\ No newline at end of file
--- /dev/null
+test.example:F101
\ No newline at end of file
--- /dev/null
+192.168.1.1
\ No newline at end of file
--- /dev/null
+[BEEF:CAFE:FEED:FACE:DEAD:BEEF:DEAF:BABE]
\ No newline at end of file
--- /dev/null
+[BEEF:CAFE:FEED:FACE:DEAD:BEEF:DEAF:BABE]:250
\ No newline at end of file
--- /dev/null
+:300
\ No newline at end of file
--- /dev/null
+350
\ No newline at end of file
--- /dev/null
+lha@SU.SE
\ No newline at end of file
--- /dev/null
+kadmin
\ No newline at end of file
--- /dev/null
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/* tests/fuzzing/fuzz_oid.c - fuzzing harness for GSS OID conversions */
+/*
+ * Copyright (C) 2024 by Arjun. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "autoconf.h"
+#include <k5-int.h>
+#include <gssapi/gssapi_krb5.h>
+
+#define kMinInputLength 2
+#define kMaxInputLength 1024
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ OM_uint32 minor;
+ gss_buffer_desc buf;
+ gss_OID oid;
+ gss_OID_desc oid_desc;
+
+ if (size < kMinInputLength || size > kMaxInputLength)
+ return 0;
+
+ oid_desc.elements = (void *)data;
+ oid_desc.length = size;
+
+ gss_oid_to_str(&minor, &oid_desc, &buf);
+ gss_release_buffer(&minor, &buf);
+
+ buf.value = (void *)data;
+ buf.length = size;
+
+ gss_str_to_oid(&minor, &buf, &oid);
+ gss_release_oid(&minor, &oid);
+
+ return 0;
+}
--- /dev/null
+\7f
\ No newline at end of file
--- /dev/null
+*\86H\86รท\12\ 1\ 2\ 2
\ No newline at end of file
# Copy fuzz targets and seed corpus to $OUT.
pushd src/tests/fuzzing
-fuzzers=("fuzz_chpw" "fuzz_gss" "fuzz_json" "fuzz_krad" "fuzz_krb5_ticket"
- "fuzz_marshal_cred" "fuzz_marshal_princ" "fuzz_ndr" "fuzz_pac"
- "fuzz_profile" "fuzz_util")
+fuzzers=("fuzz_aes" "fuzz_asn" "fuzz_attrset" "fuzz_chpw" "fuzz_crypto"
+ "fuzz_des" "fuzz_gss" "fuzz_json" "fuzz_kdc" "fuzz_krad" "fuzz_krb"
+ "fuzz_krb5_ticket" "fuzz_marshal_cred" "fuzz_marshal_princ"
+ "fuzz_ndr" "fuzz_oid" "fuzz_pac" "fuzz_profile" "fuzz_util")
for fuzzer in "${fuzzers[@]}"; do
cp "$fuzzer" "$OUT/$fuzzer"
projects / thirdparty / krb5.git / commitdiff
