diff options
Diffstat (limited to 'fuzz/server.cc')
-rw-r--r-- | fuzz/server.cc | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/fuzz/server.cc b/fuzz/server.cc index f4f999a9..75522bac 100644 --- a/fuzz/server.cc +++ b/fuzz/server.cc @@ -1,5 +1,20 @@ +/* Copyright (c) 2016, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + #include <assert.h> +#include <openssl/rand.h> #include <openssl/ssl.h> static const uint8_t kCertificateDER[] = { @@ -204,7 +219,8 @@ struct GlobalState { static GlobalState g_state; extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) { - // This only fuzzes the initial flow from the client so far. + RAND_reset_for_fuzzing(); + SSL *server = SSL_new(g_state.ctx); BIO *in = BIO_new(BIO_s_mem()); BIO *out = BIO_new(BIO_s_mem()); @@ -212,7 +228,15 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) { SSL_set_accept_state(server); BIO_write(in, buf, len); - SSL_do_handshake(server); + if (SSL_do_handshake(server) == 1) { + // Keep reading application data until error or EOF. + uint8_t tmp[1024]; + for (;;) { + if (SSL_read(server, tmp, sizeof(tmp)) <= 0) { + break; + } + } + } SSL_free(server); return 0; |