Google Git
Sign in
gdch-oss/third_party/strongswan/strongswan/refs/heads/3026-fuzz-vici^!/.
commit
1620a6f0d5c413985ede40e70f536b94adc222a6
[log]
author
Arthur Chan <arthur.chan@adalogics.com>
Wed Mar 11 21:54:45 2026 +0000
committer
Tobias Brunner <tobias@strongswan.org>
Thu Apr 23 09:48:00 2026 +0200
tree
827b355b57935d79e3a3c44dd419ddda2bf92e8c
parent
b4ba8a6fb57894e7d614462dc2a011b9855634e7 [diff]
fuzz: Add fuzzer targeting VICI messages

Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>

diff --git a/fuzz/.gitignore b/fuzz/.gitignore
index ec40917..ca184d8 100644
--- a/fuzz/.gitignore
+++ b/fuzz/.gitignore

@@ -10,3 +10,4 @@
 fuzz_ocsp_rsp_def
 fuzz_pa_tnc
 fuzz_pb_tnc
+fuzz_vici

diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am
index b2801e0..dba75c8 100644
--- a/fuzz/Makefile.am
+++ b/fuzz/Makefile.am

@@ -38,7 +38,7 @@
 	$(top_builddir)/src/libtncif/.libs/libtncif.a \
 	$(fuzz_ldflags)
 
-ike_ldflags = \
+charon_ldflags = \
 	$(top_builddir)/src/libcharon/.libs/libcharon.a \
 	$(top_builddir)/src/libradius/.libs/libradius.a \
 	$(fuzz_ldflags)
@@ -51,7 +51,7 @@
 fuzzers_with_cus = $(fuzzers_with_plugins:%=%_cus)
 
 fuzzers_no_plugins = \
-	fuzz_ids fuzz_ike fuzz_pa_tnc fuzz_pb_tnc
+	fuzz_ids fuzz_ike fuzz_pa_tnc fuzz_pb_tnc fuzz_vici
 
 ALL_FUZZERS=$(fuzzers_with_def) $(fuzzers_with_cus) $(fuzzers_no_plugins)
 
@@ -93,7 +93,10 @@
 	$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
 
 fuzz_ike: fuzz_ike.c ${libfuzzer}
-	$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(ike_ldflags)
+	$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(charon_ldflags)
+
+fuzz_vici: fuzz_vici.c ${libfuzzer}
+	$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(charon_ldflags)
 
 noinst_LIBRARIES = libFuzzerLocal.a
 libFuzzerLocal_a_SOURCES = libFuzzerLocal.c

diff --git a/fuzz/fuzz_vici.c b/fuzz/fuzz_vici.c
new file mode 100644
index 0000000..b8a9b75
--- /dev/null
+++ b/fuzz/fuzz_vici.c

@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2026 Arthur SC Chan
+ *
+ * Copyright (C) secunet Security Networks AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <daemon.h>
+#include <library.h>
+#include <plugins/vici/vici_message.h>
+
+int LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+	dbg_default_set_level(-1);
+	library_init(NULL, "fuzz_vici");
+	libcharon_init();
+	return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+	enumerator_t *enumerator;
+	vici_message_t *msg;
+	chunk_t data, value;
+	vici_type_t type;
+	char *name;
+	int count;
+
+	if (len < 1)
+	{
+		return 0;
+	}
+
+	data = chunk_create((u_char*)buf, len);
+	msg = vici_message_create_from_data(data, FALSE);
+
+	msg->get_str(msg, NULL, "version");
+	msg->get_int(msg, 0, "timeout");
+	msg->get_bool(msg, FALSE, "enabled");
+	msg->get_value(msg, chunk_empty, "data");
+
+	enumerator = msg->create_enumerator(msg);
+	count = 0;
+	while (count++ < 10000 &&
+		   enumerator->enumerate(enumerator, &type, &name, &value));
+	enumerator->destroy(enumerator);
+
+	msg->destroy(msg);
+	return 0;
+}