From: Matt Caswell <matt@openssl.org>
Date: Tue, 20 Feb 2024 15:11:26 +0000 (+0000)
Subject: Don't print excessively long ASN1 items in fuzzer
X-Git-Tag: openssl-3.3.0-alpha1~72
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4a6f70c03182b421d326831532edca32bcdb3fb1;p=thirdparty%2Fopenssl.git

Don't print excessively long ASN1 items in fuzzer

Prevent spurious fuzzer timeouts by not printing ASN1 which is excessively
long.

This fixes a false positive encountered by OSS-Fuzz.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23640)
---

diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index ee602a08a3d..d55554b7fd0 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -312,10 +312,16 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
         ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, i);
 
         if (o != NULL) {
-            BIO *bio = BIO_new(BIO_s_null());
-            if (bio != NULL) {
-                ASN1_item_print(bio, o, 4, i, pctx);
-                BIO_free(bio);
+            /*
+             * Don't print excessively long output to prevent spurious fuzzer
+             * timeouts.
+             */
+            if (b - buf < 10000) {
+                BIO *bio = BIO_new(BIO_s_null());
+                if (bio != NULL) {
+                    ASN1_item_print(bio, o, 4, i, pctx);
+                    BIO_free(bio);
+                }
             }
             if (ASN1_item_i2d(o, &der, i) > 0) {
                 OPENSSL_free(der);