From bd6e4bbe68dbe121b245891cd2d71a25931a2f55 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 20 Feb 2018 17:51:55 +0100
Subject: [PATCH] fuzzing: Add fuzzer for CRL parsing

---
 fuzz/.gitignore  |  3 ++-
 fuzz/Makefile.am |  5 ++++-
 fuzz/fuzz_crls.c | 40 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 46 insertions(+), 2 deletions(-)
 create mode 100644 fuzz/fuzz_crls.c

diff --git a/fuzz/.gitignore b/fuzz/.gitignore
index 64271a6dd..cbc050fb1 100644
--- a/fuzz/.gitignore
+++ b/fuzz/.gitignore
@@ -1 +1,2 @@
-fuzz_certs
\ No newline at end of file
+fuzz_certs
+fuzz_crls
\ No newline at end of file
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am
index bdc3e2ebc..3962896f6 100644
--- a/fuzz/Makefile.am
+++ b/fuzz/Makefile.am
@@ -8,7 +8,7 @@ fuzz_ldflags = ${libfuzzer} \
 	-Wl,-Bstatic -lgmp -Wl,-Bdynamic \
 	@FUZZING_LDFLAGS@
 
-FUZZ_TARGETS=fuzz_certs
+FUZZ_TARGETS=fuzz_certs fuzz_crls
 
 all-local: $(FUZZ_TARGETS)
 
@@ -17,6 +17,9 @@ CLEANFILES=$(FUZZ_TARGETS)
 fuzz_certs: fuzz_certs.c ${libfuzzer}
 	$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
 
+fuzz_crls: fuzz_crls.c ${libfuzzer}
+	$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
+
 noinst_LIBRARIES = libFuzzerLocal.a
 libFuzzerLocal_a_SOURCES = libFuzzerLocal.c
 libFuzzerLocal_a_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
diff --git a/fuzz/fuzz_crls.c b/fuzz/fuzz_crls.c
new file mode 100644
index 000000000..c481edded
--- /dev/null
+++ b/fuzz/fuzz_crls.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <library.h>
+#include <utils/debug.h>
+
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+	certificate_t *cert;
+	chunk_t chunk;
+
+	dbg_default_set_level(-1);
+	library_init(NULL, "fuzz_crls");
+	plugin_loader_add_plugindirs(PLUGINDIR, PLUGINS);
+	if (!lib->plugins->load(lib->plugins, PLUGINS))
+	{
+		return 1;
+	}
+
+	chunk = chunk_create((u_char*)buf, len);
+	cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
+							  BUILD_BLOB, chunk, BUILD_END);
+	DESTROY_IF(cert);
+
+	lib->plugins->unload(lib->plugins);
+	library_deinit();
+	return 0;
+}