Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add fuzz coverage for all session ticket formats #4965

Open
jmayclin opened this issue Dec 10, 2024 · 0 comments
Open

add fuzz coverage for all session ticket formats #4965

jmayclin opened this issue Dec 10, 2024 · 0 comments
Labels
difficulty/beginner good first issue priority/medium Rank 3 size/small

Comments

@jmayclin
Copy link
Contributor

Problem:

Thanks to the work in #4960 , we can see that the de-serialization logic for S2N_SERIALIZED_FORMAT_TLS12_V3 is not currently being fuzz tested.

Solution:

We manually set the first byte of the session ticket using the modulus operator

s2n-tls/tests/fuzz/s2n_deserialize_resumption_state_test.c

Lines 47 to 48 in aaae641

randval = randval % S2N_SERIALIZED_FORMAT_TLS12_V3;
POSIX_GUARD(s2n_stuffer_write_uint8(&fuzzed_ticket, randval));

But this means randval will never actually be S2N_SERIALIZED_FORMAT_TLS12_V3.

My preferred solution is to completely remove the manual input setting. I expect that libfuzzer (with a nice corpus) will be able to find all branches.

Requirements / Acceptance Criteria:

  1. add fuzz test coverage of S2N_SERIALIZED_FORMAT_TLS12_V3.
  2. generate fuzz test coverage locally to confirm that the function is covered.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
difficulty/beginner good first issue priority/medium Rank 3 size/small
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@goatgoose @jmayclin