fuzz: limit the retry count in handshake fuzzer

author Daiki Ueno <ueno@gnu.org>

Sun, 29 Nov 2020 17:17:54 +0000 (18:17 +0100)

committer Daiki Ueno <ueno@gnu.org>

Sun, 29 Nov 2020 17:22:14 +0000 (18:22 +0100)
author Daiki Ueno <ueno@gnu.org>
Sun, 29 Nov 2020 17:17:54 +0000 (18:17 +0100)
committer Daiki Ueno <ueno@gnu.org>
Sun, 29 Nov 2020 17:22:14 +0000 (18:22 +0100)
diff --git a/fuzz/gnutls_handshake_client_fuzzer.c b/fuzz/gnutls_handshake_client_fuzzer.c

index 8ae5babdc0a4382dec7265dcfe741b2b9adca8de..f03b830248c8c1686d2a0c367e55c9f915c82022 100644 (file)
--- a/fuzz/gnutls_handshake_client_fuzzer.c
+++ b/fuzz/gnutls_handshake_client_fuzzer.c
@@ -49,6 +49,7 @@ int LLVMFuzzerTestOneInput(const uint8_t * data, size_t size)
         gnutls_session_t session;
         gnutls_certificate_credentials_t xcred;
         struct mem_st memdata;
+       unsigned int retry;
  
         res = gnutls_init(&session, GNUTLS_CLIENT);
         assert(res >= 0);
@@ -69,6 +70,7 @@ int LLVMFuzzerTestOneInput(const uint8_t * data, size_t size)
         gnutls_transport_set_pull_function(session, error_pull);
         gnutls_handshake_set_read_function(session, handshake_discard);
  
+       retry = 0;
         do {
                 res = gnutls_handshake(session);
                 if (res == GNUTLS_E_AGAIN) {
@@ -76,6 +78,12 @@ int LLVMFuzzerTestOneInput(const uint8_t * data, size_t size)
                                 res = GNUTLS_E_INTERNAL_ERROR;
                                 break;
                         }
+                       if (retry > HANDSHAKE_MAX_RETRY_COUNT) {
+                               break;
+                       }
+                       retry++;
+               } else {
+                       retry = 0;
                 }
         } while (res < 0 && gnutls_error_is_fatal(res) == 0);
  
diff --git a/fuzz/gnutls_handshake_client_fuzzer.in/a3e993409526cd26a6a6f7599c7fef26acc93f6a3077eddef2b557161fbc778a b/fuzz/gnutls_handshake_client_fuzzer.in/a3e993409526cd26a6a6f7599c7fef26acc93f6a3077eddef2b557161fbc778a

new file mode 100644 (file)

index 0000000..4e8caeb

Binary files /dev/null and b/fuzz/gnutls_handshake_client_fuzzer.in/a3e993409526cd26a6a6f7599c7fef26acc93f6a3077eddef2b557161fbc778a differ
diff --git a/fuzz/gnutls_handshake_server_fuzzer.c b/fuzz/gnutls_handshake_server_fuzzer.c

index 06b4218dc7fd979bf7f433f1fbd8c3083a10fafd..dd58cecf82b31b091e77474e1daf9a818d08c537 100644 (file)
--- a/fuzz/gnutls_handshake_server_fuzzer.c
+++ b/fuzz/gnutls_handshake_server_fuzzer.c
@@ -51,6 +51,7 @@ int LLVMFuzzerTestOneInput(const uint8_t * data, size_t size)
         gnutls_session_t session;
         gnutls_certificate_credentials_t xcred;
         struct mem_st memdata;
+       unsigned int retry;
  
         res = gnutls_init(&session, GNUTLS_SERVER);
         assert(res >= 0);
@@ -114,6 +115,7 @@ int LLVMFuzzerTestOneInput(const uint8_t * data, size_t size)
         gnutls_transport_set_pull_function(session, error_pull);
         gnutls_handshake_set_read_function(session, handshake_discard);
  
+       retry = 0;
         do {
                 res = gnutls_handshake(session);
                 if (res == GNUTLS_E_AGAIN) {
@@ -121,6 +123,12 @@ int LLVMFuzzerTestOneInput(const uint8_t * data, size_t size)
                                 res = GNUTLS_E_INTERNAL_ERROR;
                                 break;
                         }
+                       if (retry > HANDSHAKE_MAX_RETRY_COUNT) {
+                               break;
+                       }
+                       retry++;
+               } else {
+                       retry = 0;
                 }
         } while (res < 0 && gnutls_error_is_fatal(res) == 0);
  
diff --git a/fuzz/gnutls_handshake_server_fuzzer.in/e42772ece86289ff9a1387235c19361d767d41ebbcdbbac22abac9b4435fda57 b/fuzz/gnutls_handshake_server_fuzzer.in/e42772ece86289ff9a1387235c19361d767d41ebbcdbbac22abac9b4435fda57

new file mode 100644 (file)

index 0000000..bafc6b6

Binary files /dev/null and b/fuzz/gnutls_handshake_server_fuzzer.in/e42772ece86289ff9a1387235c19361d767d41ebbcdbbac22abac9b4435fda57 differ
diff --git a/fuzz/handshake.h b/fuzz/handshake.h

index e14a1cee7785ef1f4de39bd3b10a451a28730f43..34c7b701e65edeb53ecdaca66d48933975aaa75e 100644 (file)
--- a/fuzz/handshake.h
+++ b/fuzz/handshake.h
@@ -24,6 +24,8 @@
  #ifndef HANDSHAKE_H
  # define HANDSHAKE_H
  
+#define HANDSHAKE_MAX_RETRY_COUNT 10
+
  typedef struct mem_st {
         const uint8_t *data;
         size_t size;
author	Daiki Ueno <ueno@gnu.org>
	Sun, 29 Nov 2020 17:17:54 +0000 (18:17 +0100)
committer	Daiki Ueno <ueno@gnu.org>
	Sun, 29 Nov 2020 17:22:14 +0000 (18:22 +0100)
fuzz/gnutls_handshake_client_fuzzer.c		patch \| blob \| blame \| history
fuzz/gnutls_handshake_client_fuzzer.in/a3e993409526cd26a6a6f7599c7fef26acc93f6a3077eddef2b557161fbc778a	[new file with mode: 0644]	patch \| blob
fuzz/gnutls_handshake_server_fuzzer.c		patch \| blob \| blame \| history
fuzz/gnutls_handshake_server_fuzzer.in/e42772ece86289ff9a1387235c19361d767d41ebbcdbbac22abac9b4435fda57	[new file with mode: 0644]	patch \| blob
fuzz/handshake.h		patch \| blob \| blame \| history