From: Matt Caswell <matt@openssl.org>
Date: Tue, 9 Jul 2024 15:52:12 +0000 (+0100)
Subject: Limit the number of commands that can be used in the quic-lcidm fuzzer
X-Git-Tag: openssl-3.4.0-alpha1~357
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=939dd479ac2c819da6cee21d00a21bfdb28d6eb2;p=thirdparty%2Fopenssl.git

Limit the number of commands that can be used in the quic-lcidm fuzzer

The fuzzer was reporting a spurious timeout due to excessive numbers of
commands in a single file. We limit the number of commands to avoid this.

Found by OSSFuzz

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24831)
---

diff --git a/fuzz/quic-lcidm.c b/fuzz/quic-lcidm.c
index f72f0918600..f74e6504bbf 100644
--- a/fuzz/quic-lcidm.c
+++ b/fuzz/quic-lcidm.c
@@ -48,6 +48,8 @@ enum {
     CMD_LOOKUP
 };
 
+#define MAX_CMDS    10000
+
 static int get_cid(PACKET *pkt, QUIC_CONN_ID *cid)
 {
     unsigned int cidl;
@@ -72,6 +74,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
     OSSL_QUIC_FRAME_NEW_CONN_ID ncid_frame;
     int did_retire;
     void *opaque_out;
+    size_t limit = 0;
 
     if (!PACKET_buf_init(&pkt, buf, len))
         goto err;
@@ -91,6 +94,9 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
         if (!PACKET_get_1(&pkt, &cmd))
             goto err;
 
+        if (++limit > MAX_CMDS)
+            goto err;
+
         switch (cmd) {
         case CMD_ENROL_ODCID:
             if (!PACKET_get_net_8(&pkt, &arg_opaque)