QA: add --afl-der=<file>

Expose SSL/TLS certificate decoding (DER) to commandline using --afl-der=<file>.
9 years ago · 8111eb934f
parent d165906397
commit 8111eb934f
4 changed files with 40 additions and 0 deletions
--- a/configure.ac
+++ b/configure.ac
@ -270,6 +270,7 @@
            AC_DEFINE([AFLFUZZ_APPLAYER], [1], [Enable --afl-$proto-request commandline option])
            AC_DEFINE([AFLFUZZ_MIME], [1], [Enable --afl-mime commandline option])
            AC_DEFINE([AFLFUZZ_DECODER], [1], [Enable --afl-decoder-$proto commandline option])
+            AC_DEFINE([AFLFUZZ_DER], [1], [Enable --afl-der commandline option])
    ])

  # disable TLS on user request
--- a/src/suricata.c
+++ b/src/suricata.c
@ -153,6 +153,7 @@
 #include "app-layer-smb.h"
 #include "app-layer-modbus.h"

+#include "util-decode-der.h"
 #include "util-radix-tree.h"
 #include "util-host-os-info.h"
 #include "util-cidr.h"
@ -1162,6 +1163,7 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
        {"afl-mime", required_argument, 0 , 0},

        {"afl-decoder-ppp", required_argument, 0 , 0},
+        {"afl-der", required_argument, 0, 0},
 #ifdef BUILD_UNIX_SOCKET
        {"unix-socket", optional_argument, 0, 0},
 #endif
@ -1450,6 +1452,11 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri)
                FlowInitConfig(FLOW_QUIET);
                //printf("arg: //%s\n", optarg);
                exit(DecoderParseDataFromFile(optarg, DecodePPP));
+#endif
+#ifdef AFLFUZZ_DER
+            } else if(strcmp((long_opts[option_index]).name, "afl-der") == 0) {
+                //printf("arg: //%s\n", optarg);
+                exit(DerParseDataFromFile(optarg));
 #endif
            } else if(strcmp((long_opts[option_index]).name, "simulate-ips") == 0) {
                SCLogInfo("Setting IPS mode");
--- a/src/util-decode-der.c
+++ b/src/util-decode-der.c
@ -898,6 +898,34 @@ Asn1Generic * DecodeDer(const unsigned char *buffer, uint32_t size,
    return cert;
 }

+#ifdef AFLFUZZ_DER
+int DerParseDataFromFile(char *filename)
+{
+    int result = 1;
+    FILE *fp = fopen(filename, "r");
+    BUG_ON(fp == NULL);
+    uint8_t buffer[65536];
+
+    uint32_t errcode = 0;
+
+    while (1) {
+        int done = 0;
+        size_t result = fread(&buffer, 1, sizeof(buffer), fp);
+        if (result < sizeof(buffer))
+            done = 1;
+
+        DecodeDer(buffer, result, &errcode);
+
+        if (done)
+            break;
+    }
+
+    result = 0;
+    fclose(fp);
+    return result;
+}
+#endif
+
 void DerFree(Asn1Generic *a)
 {
    Asn1Generic *it, *n;
--- a/src/util-decode-der.h
+++ b/src/util-decode-der.h
@ -93,4 +93,8 @@ typedef struct Asn1Generic_ {
 Asn1Generic * DecodeDer(const unsigned char *buffer, uint32_t size, uint32_t *errcode);
 void DerFree(Asn1Generic *a);

+#ifdef AFLFUZZ_DER
+int DerParseDataFromFile(char *filename);
+#endif
+
 #endif /* __UTIL_DECODE_DER_H__ */