From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 26 Aug 2021 13:08:15 +0000 (+0200)
Subject: Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests
X-Git-Tag: openssl-3.0.0~39
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=72a509f94fc2be80c9903b7512715cd526a82e25;p=thirdparty%2Fopenssl.git

Make the -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION pass tests

Fixes #16428

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16433)
---

diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c
index 328e0abcc51..e04f9b1f2e5 100644
--- a/crypto/asn1/a_print.c
+++ b/crypto/asn1/a_print.c
@@ -18,12 +18,13 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len)
     int ia5 = 0;
     int t61 = 0;
 
-    if (len <= 0)
-        len = -1;
     if (s == NULL)
         return V_ASN1_PRINTABLESTRING;
 
-    while ((*s) && (len-- != 0)) {
+    if (len < 0)
+        len = strlen((const char *)s);
+
+    while (len-- > 0) {
         c = *(s++);
         if (!ossl_isasn1print(c))
             ia5 = 1;
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 02c34a4438f..5359cbc1172 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -303,7 +303,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
         c = str->data;
 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
         /* No NUL terminator in fuzzing builds */
-        str->data = OPENSSL_realloc(c, len);
+        str->data = OPENSSL_realloc(c, len != 0 ? len : 1);
 #else
         str->data = OPENSSL_realloc(c, len + 1);
 #endif
@@ -316,7 +316,11 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
     str->length = len;
     if (data != NULL) {
         memcpy(str->data, data, len);
-#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+        /* Set the unused byte to something non NUL and printable. */
+        if (len == 0)
+            str->data[len] = '~';
+#else
         /*
          * Add a NUL terminator. This should not be necessary - but we add it as
          * a safety precaution
@@ -384,7 +388,8 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
 
     i = (a->length - b->length);
     if (i == 0) {
-        i = memcmp(a->data, b->data, a->length);
+        if (a->length != 0)
+            i = memcmp(a->data, b->data, a->length);
         if (i == 0)
             return a->type - b->type;
         else
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 2cbd95fa1b5..3503fdc2106 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -229,7 +229,7 @@ static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src)
 static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen,
                               ASN1_OCTET_STRING *src, size_t maxlen)
 {
-    if (src == NULL) {
+    if (src == NULL || src->length == 0) {
         *pdstlen = 0;
         return 1;
     }