From c13516c45741a0d6e7ee3b9c9236a444de85653a Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 27 Mar 2017 17:40:23 +0200
Subject: fuzz: added PKCS#12 file parser fuzzer

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 devel/fuzz/Makefile                           |  37 +--------------
 devel/fuzz/gnutls_pkcs12_key_parser.in/s1.p12 | Bin 0 -> 2669 bytes
 devel/fuzz/gnutls_pkcs12_key_parser.in/s2.p12 | Bin 0 -> 1411 bytes
 devel/fuzz/gnutls_pkcs12_key_parser.in/s3.p12 | Bin 0 -> 7338 bytes
 devel/fuzz/gnutls_pkcs12_key_parser_fuzzer.cc |  65 ++++++++++++++++++++++++++
 5 files changed, 67 insertions(+), 35 deletions(-)
 create mode 100644 devel/fuzz/gnutls_pkcs12_key_parser.in/s1.p12
 create mode 100644 devel/fuzz/gnutls_pkcs12_key_parser.in/s2.p12
 create mode 100644 devel/fuzz/gnutls_pkcs12_key_parser.in/s3.p12
 create mode 100644 devel/fuzz/gnutls_pkcs12_key_parser_fuzzer.cc

diff --git a/devel/fuzz/Makefile b/devel/fuzz/Makefile
index b9bf39ae17..282d17400c 100644
--- a/devel/fuzz/Makefile
+++ b/devel/fuzz/Makefile
@@ -24,42 +24,9 @@ all: gnutls_pkcs7_parser_fuzzer gnutls_client_fuzzer gnutls_dn_parser_fuzzer \
 	gnutls_openpgp_cert_parser_fuzzer gnutls_pkcs7_parser_fuzzer gnutls_pkcs8_key_parser_fuzzer \
 	gnutls_private_key_parser_fuzzer gnutls_server_fuzzer gnutls_x509_parser_fuzzer \
 	gnutls_reverse_idna_parser_fuzzer gnutls_idna_parser_fuzzer gnutls_ocsp_resp_parser_fuzzer \
-	gnutls_ocsp_req_parser_fuzzer
-
-gnutls_ocsp_req_parser_fuzzer: gnutls_ocsp_req_parser_fuzzer.cc
-	$(CC) $(CFLAGS) main.c $^ $(COMMON) -o $@
-
-gnutls_ocsp_resp_parser_fuzzer: gnutls_ocsp_resp_parser_fuzzer.cc
-	$(CC) $(CFLAGS) main.c $^ $(COMMON) -o $@
-
-gnutls_pkcs7_parser_fuzzer: gnutls_pkcs7_parser_fuzzer.cc
-	$(CC) $(CFLAGS) main.c $^ $(COMMON) -o $@
-
-gnutls_client_fuzzer: gnutls_client_fuzzer.cc
-	$(CC) $(CFLAGS) main.c $^ $(COMMON) -o $@
-
-gnutls_dn_parser_fuzzer: gnutls_dn_parser_fuzzer.cc
-	$(CC) $(CFLAGS) main.c $^ $(COMMON) -o $@
-
-gnutls_openpgp_cert_parser_fuzzer: gnutls_openpgp_cert_parser_fuzzer.cc
-	$(CC) $(CFLAGS) main.c $^ $(COMMON) -o $@
-
-gnutls_pkcs8_key_parser_fuzzer: gnutls_pkcs8_key_parser_fuzzer.cc
-	$(CC) $(CFLAGS) main.c $^ $(COMMON) -o $@
-
-gnutls_private_key_parser_fuzzer: gnutls_private_key_parser_fuzzer.cc
-	$(CC) $(CFLAGS) main.c $^ $(COMMON) -o $@
-
-gnutls_server_fuzzer: gnutls_server_fuzzer.cc
-	$(CC) $(CFLAGS) main.c $^ $(COMMON) -o $@
-
-gnutls_x509_parser_fuzzer: gnutls_x509_parser_fuzzer.cc
-	$(CC) $(CFLAGS) main.c $^ $(COMMON) -o $@
-
-gnutls_idna_parser_fuzzer: gnutls_idna_parser_fuzzer.cc
-	$(CC) $(CFLAGS) main.c $^ $(COMMON) -o $@
+	gnutls_ocsp_req_parser_fuzzer gnutls_pkcs12_key_parser_fuzzer
 
-gnutls_reverse_idna_parser_fuzzer: gnutls_reverse_idna_parser_fuzzer.cc
+%: %.cc
 	$(CC) $(CFLAGS) main.c $^ $(COMMON) -o $@
 
 clean:
diff --git a/devel/fuzz/gnutls_pkcs12_key_parser.in/s1.p12 b/devel/fuzz/gnutls_pkcs12_key_parser.in/s1.p12
new file mode 100644
index 0000000000..cddde704d1
Binary files /dev/null and b/devel/fuzz/gnutls_pkcs12_key_parser.in/s1.p12 differ
diff --git a/devel/fuzz/gnutls_pkcs12_key_parser.in/s2.p12 b/devel/fuzz/gnutls_pkcs12_key_parser.in/s2.p12
new file mode 100644
index 0000000000..f6779a1731
Binary files /dev/null and b/devel/fuzz/gnutls_pkcs12_key_parser.in/s2.p12 differ
diff --git a/devel/fuzz/gnutls_pkcs12_key_parser.in/s3.p12 b/devel/fuzz/gnutls_pkcs12_key_parser.in/s3.p12
new file mode 100644
index 0000000000..5fc9cd397d
Binary files /dev/null and b/devel/fuzz/gnutls_pkcs12_key_parser.in/s3.p12 differ
diff --git a/devel/fuzz/gnutls_pkcs12_key_parser_fuzzer.cc b/devel/fuzz/gnutls_pkcs12_key_parser_fuzzer.cc
new file mode 100644
index 0000000000..1c3c15cce9
--- /dev/null
+++ b/devel/fuzz/gnutls_pkcs12_key_parser_fuzzer.cc
@@ -0,0 +1,65 @@
+/*
+# Copyright 2016 Nikos Mavrogiannopoulos
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+
+#include <assert.h>
+#include <stdint.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/pkcs12.h>
+
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    gnutls_datum_t raw = {(unsigned char*)data, (unsigned int)size};
+    gnutls_pkcs12_t p12;
+    gnutls_x509_privkey_t key;
+    gnutls_x509_crt_t *chain;
+    gnutls_x509_crt_t *extras;
+    gnutls_x509_crl_t crl;
+    unsigned int chain_len = 0, extras_len = 0;
+    unsigned int i;
+    int ret;
+
+    raw.data = (unsigned char *)data;
+    raw.size = size;
+
+    ret = gnutls_pkcs12_init(&p12);
+    assert(ret >= 0);
+
+    ret = gnutls_pkcs12_import(p12, &raw, GNUTLS_X509_FMT_DER, 0);
+    if (ret < 0) {
+        goto cleanup;
+    }
+
+    /* catch crashes */
+    gnutls_pkcs12_verify_mac(p12, "1234");
+
+    ret = gnutls_pkcs12_simple_parse(p12, "1234", &key, &chain, &chain_len, &extras, &extras_len, &crl, 0);
+    if (ret >= 0) {
+    	gnutls_x509_privkey_deinit(key);
+    	if (crl)
+	    	gnutls_x509_crl_deinit(crl);
+	for (i=0;i<extras_len;i++)
+		gnutls_x509_crt_deinit(extras[i]);
+	for (i=0;i<chain_len;i++)
+		gnutls_x509_crt_deinit(chain[i]);
+    }
+
+ cleanup:
+    gnutls_pkcs12_deinit(p12);
+    return 0;
+}
-- 
cgit v1.2.1