From d949c6266ce64f5c2419f8c7cf4a196122fff9d7 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 4 Jan 2017 14:34:05 +0100
Subject: tests: added test case with invalid openpgp cert

This triggers a memory error. Issue found using oss-fuzz:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 tests/cert-tests/Makefile.am               |   3 ++-
 tests/cert-tests/data/openpgp-invalid1.pub | Bin 0 -> 264 bytes
 tests/cert-tests/openpgp-cert-parser       |   6 ++++++
 3 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 tests/cert-tests/data/openpgp-invalid1.pub

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 5e15f9eb3d..2c14da68fd 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -61,7 +61,8 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem
 	data/selfsigs/alice.pub data/key-utf8-1.p12 data/key-utf8-2.p12 \
 	data/code-signing-ca.pem data/code-signing-cert.pem data/multi-value-dn.pem \
 	data/pkcs7-cat-ca.pem data/pkcs7-cat.p7 data/openssl.p7b data/openssl.p7b.out \
-	data/openssl-keyid.p7b data/openssl-keyid.p7b.out data/openssl.p12
+	data/openssl-keyid.p7b data/openssl-keyid.p7b.out data/openssl.p12 \
+	data/openpgp-invalid1.pub
 
 dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \
 	pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \
diff --git a/tests/cert-tests/data/openpgp-invalid1.pub b/tests/cert-tests/data/openpgp-invalid1.pub
new file mode 100644
index 0000000000..dd38a04dc6
Binary files /dev/null and b/tests/cert-tests/data/openpgp-invalid1.pub differ
diff --git a/tests/cert-tests/openpgp-cert-parser b/tests/cert-tests/openpgp-cert-parser
index f30f1d6d83..eb3cb1ac98 100755
--- a/tests/cert-tests/openpgp-cert-parser
+++ b/tests/cert-tests/openpgp-cert-parser
@@ -58,4 +58,10 @@ if test $rc != 1;then
 	fail "Parsing should have errored"
 fi
 
+${VALGRIND} "${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/data/openpgp-invalid1.pub" 2>&1
+rc=$?
+if test $rc != 1;then
+	fail "Parsing should have errored"
+fi
+
 exit ${RETCODE:-0}
-- 
cgit v1.2.1