|
|
|
|
|
|
by kdbg
1318 days ago
|
|
|
It is, it'll build a few fuzzers hitting different areas[0]. The important function in many of those `.c` files is `FuzzerTestOneInput` which is effectively the entrypoint for a single fuzz test. Taking a look at x509.c[1] which I believe is the most likely to be able to reach the punnycode parser. (I am not at all familiar with the codebase). You can see that the OpenSSL fuzzer is basically doing a holistic fuzz (I assume the i2d* and d2i* functions exercise the parser), that is its just invoking key entrypoints that in theory can exercise all the rest of the functionality with the correct inputs. Hanno's fuzzer on the other hand, is explicitly only testing the `ossl_punnycode_decode` function[3]. Given the breadth of the fuzzer, I think its very possible OSS-Fuzz just didn't hit it. [0] https://github.com/openssl/openssl/blob/master/fuzz/ [1] https://github.com/openssl/openssl/blob/master/fuzz/x509.c [2] https://twitter.com/hanno/status/1587775675397726209/photo/2 |
|
|