Skip to content

Commit

Permalink
add cbor to the fuzzer, and fix a few issues it found
Browse files Browse the repository at this point in the history
  • Loading branch information
alandekok committed Dec 2, 2024
1 parent 21765a9 commit 27c433d
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 6 deletions.
2 changes: 1 addition & 1 deletion src/bin/all.mk
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ SUBMAKEFILES := \
# The fuzzer binary needs special magic to run, as it doesn't parse
# command-line options. See fuzzer.mk for details.
#
FUZZER_PROTOCOLS = radius dhcpv4 dhcpv6 dns tacacs vmps tftp util bfd
FUZZER_PROTOCOLS = radius dhcpv4 dhcpv6 dns tacacs vmps tftp util bfd cbor

#
# Add the fuzzer only if everything was built with the fuzzing flags.
Expand Down
16 changes: 11 additions & 5 deletions src/lib/util/cbor.c
Original file line number Diff line number Diff line change
Expand Up @@ -1027,7 +1027,12 @@ ssize_t fr_cbor_decode_value_box(TALLOC_CTX *ctx, fr_value_box_t *vb, fr_dbuff_t
return -1;
}

fr_assert(info != 31);
if (info == 31) {
no_chunks:
fr_strerror_const("Chunked strings are not supported");
return 0;
}


/*
* @todo - undefinite length strings. Which are really "chunked" strings.
Expand Down Expand Up @@ -1059,10 +1064,10 @@ ssize_t fr_cbor_decode_value_box(TALLOC_CTX *ctx, fr_value_box_t *vb, fr_dbuff_t
case CBOR_OCTETS:
if (type != FR_TYPE_OCTETS) goto mismatch;

fr_assert(info != 31);
if (info == 31) goto no_chunks;

/*
* @todo - undefinite length octet strings. Which are really "chunked" octet strings.
* @todo - indefinite length octet strings. Which are really "chunked" octet strings.
*/
slen = cbor_decode_integer(&value, info, &work_dbuff);
if (slen < 0) return_slen;
Expand Down Expand Up @@ -1590,7 +1595,8 @@ static fr_type_t cbor_guess_type(fr_dbuff_t *dbuff, bool pair)
return FR_TYPE_IPV4_ADDR;

case 54:
FR_DBUFF_OUT_RETURN(&major, &work_dbuff);
slen = fr_dbuff_out(&major, &work_dbuff);
if (slen <= 0) goto no_data;

major >>= 5;

Expand Down Expand Up @@ -1726,9 +1732,9 @@ ssize_t fr_cbor_decode_pair(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dbuff_t *db
break;

default:
talloc_free(vp);
fr_strerror_printf("Invalid data type %s for child %s of %s",
fr_type_to_str(da->type), vp->da->name, parent->name);
talloc_free(vp);
return -1;
}

Expand Down

0 comments on commit 27c433d

Please sign in to comment.