From 8111eb934fa8d874dae9b0cee2726b9d9b96ed35 Mon Sep 17 00:00:00 2001 From: Mats Klepsland Date: Sun, 10 Apr 2016 13:41:02 +0200 Subject: [PATCH] QA: add --afl-der= Expose SSL/TLS certificate decoding (DER) to commandline using --afl-der=. --- configure.ac | 1 + src/suricata.c | 7 +++++++ src/util-decode-der.c | 28 ++++++++++++++++++++++++++++ src/util-decode-der.h | 4 ++++ 4 files changed, 40 insertions(+) diff --git a/configure.ac b/configure.ac index f3741e578b..a6c3f3aa8c 100644 --- a/configure.ac +++ b/configure.ac @@ -270,6 +270,7 @@ AC_DEFINE([AFLFUZZ_APPLAYER], [1], [Enable --afl-$proto-request commandline option]) AC_DEFINE([AFLFUZZ_MIME], [1], [Enable --afl-mime commandline option]) AC_DEFINE([AFLFUZZ_DECODER], [1], [Enable --afl-decoder-$proto commandline option]) + AC_DEFINE([AFLFUZZ_DER], [1], [Enable --afl-der commandline option]) ]) # disable TLS on user request diff --git a/src/suricata.c b/src/suricata.c index a81b816824..d2d816028e 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -153,6 +153,7 @@ #include "app-layer-smb.h" #include "app-layer-modbus.h" +#include "util-decode-der.h" #include "util-radix-tree.h" #include "util-host-os-info.h" #include "util-cidr.h" @@ -1162,6 +1163,7 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri) {"afl-mime", required_argument, 0 , 0}, {"afl-decoder-ppp", required_argument, 0 , 0}, + {"afl-der", required_argument, 0, 0}, #ifdef BUILD_UNIX_SOCKET {"unix-socket", optional_argument, 0, 0}, #endif @@ -1450,6 +1452,11 @@ static TmEcode ParseCommandLine(int argc, char** argv, SCInstance *suri) FlowInitConfig(FLOW_QUIET); //printf("arg: //%s\n", optarg); exit(DecoderParseDataFromFile(optarg, DecodePPP)); +#endif +#ifdef AFLFUZZ_DER + } else if(strcmp((long_opts[option_index]).name, "afl-der") == 0) { + //printf("arg: //%s\n", optarg); + exit(DerParseDataFromFile(optarg)); #endif } else if(strcmp((long_opts[option_index]).name, "simulate-ips") == 0) { SCLogInfo("Setting IPS mode"); diff --git a/src/util-decode-der.c b/src/util-decode-der.c index be56b5e546..c080cefd93 100644 --- a/src/util-decode-der.c +++ b/src/util-decode-der.c @@ -898,6 +898,34 @@ Asn1Generic * DecodeDer(const unsigned char *buffer, uint32_t size, return cert; } +#ifdef AFLFUZZ_DER +int DerParseDataFromFile(char *filename) +{ + int result = 1; + FILE *fp = fopen(filename, "r"); + BUG_ON(fp == NULL); + uint8_t buffer[65536]; + + uint32_t errcode = 0; + + while (1) { + int done = 0; + size_t result = fread(&buffer, 1, sizeof(buffer), fp); + if (result < sizeof(buffer)) + done = 1; + + DecodeDer(buffer, result, &errcode); + + if (done) + break; + } + + result = 0; + fclose(fp); + return result; +} +#endif + void DerFree(Asn1Generic *a) { Asn1Generic *it, *n; diff --git a/src/util-decode-der.h b/src/util-decode-der.h index 4c4b1aaf1c..b923c12d40 100644 --- a/src/util-decode-der.h +++ b/src/util-decode-der.h @@ -93,4 +93,8 @@ typedef struct Asn1Generic_ { Asn1Generic * DecodeDer(const unsigned char *buffer, uint32_t size, uint32_t *errcode); void DerFree(Asn1Generic *a); +#ifdef AFLFUZZ_DER +int DerParseDataFromFile(char *filename); +#endif + #endif /* __UTIL_DECODE_DER_H__ */