diff options
author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-04-28 07:38:20 +0200 |
---|---|---|
committer | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-04-28 07:38:20 +0200 |
commit | 6b2bba06b433fb75979ab6daf7bbe8bc76c53875 (patch) | |
tree | 75803b4683889e6e0d2a3faef30415db3ff7b3ba /security/nss/fuzz/tls_mutators.cc | |
parent | 72def35cd0cf3649b6d7ab72b66117df3e1c33fc (diff) | |
parent | c75dae3ed21bfa5a8ae46cd83d18329af5bea05a (diff) | |
download | UXP-6b2bba06b433fb75979ab6daf7bbe8bc76c53875.tar UXP-6b2bba06b433fb75979ab6daf7bbe8bc76c53875.tar.gz UXP-6b2bba06b433fb75979ab6daf7bbe8bc76c53875.tar.lz UXP-6b2bba06b433fb75979ab6daf7bbe8bc76c53875.tar.xz UXP-6b2bba06b433fb75979ab6daf7bbe8bc76c53875.zip |
Merge branch 'master' of https://github.com/MoonchildProductions/UXP into pm_url_1
Diffstat (limited to 'security/nss/fuzz/tls_mutators.cc')
-rw-r--r-- | security/nss/fuzz/tls_mutators.cc | 31 |
1 files changed, 11 insertions, 20 deletions
diff --git a/security/nss/fuzz/tls_mutators.cc b/security/nss/fuzz/tls_mutators.cc index 228bd0bb7..e9770cb39 100644 --- a/security/nss/fuzz/tls_mutators.cc +++ b/security/nss/fuzz/tls_mutators.cc @@ -2,14 +2,11 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#include <algorithm> #include "shared.h" #include "tls_parser.h" #include "ssl.h" -extern "C" { #include "sslimpl.h" -} using namespace nss_test; @@ -42,9 +39,7 @@ class Record { void truncate(size_t length) { assert(length >= 5 + gExtraHeaderBytes); uint8_t *dest = const_cast<uint8_t *>(data_); - size_t l = length - (5 + gExtraHeaderBytes); - dest[3] = (l >> 8) & 0xff; - dest[4] = l & 0xff; + (void)ssl_EncodeUintX(length - 5 - gExtraHeaderBytes, 2, &dest[3]); memmove(dest + length, data_ + size_, remaining_); } @@ -227,8 +222,8 @@ size_t FragmentRecord(uint8_t *data, size_t size, size_t max_size, } // Pick a record to fragment at random. - std::uniform_int_distribution<size_t> rand_record(0, records.size() - 1); - auto &rec = records.at(rand_record(rng)); + std::uniform_int_distribution<size_t> dist(0, records.size() - 1); + auto &rec = records.at(dist(rng)); uint8_t *rdata = const_cast<uint8_t *>(rec->data()); size_t length = rec->size(); size_t content_length = length - 5; @@ -238,21 +233,17 @@ size_t FragmentRecord(uint8_t *data, size_t size, size_t max_size, } // Assign a new length to the first fragment. - std::uniform_int_distribution<size_t> rand_size(1, content_length - 1); - size_t first_length = rand_size(rng); - size_t second_length = content_length - first_length; - rdata[3] = (first_length >> 8) & 0xff; - rdata[4] = first_length & 0xff; - uint8_t *second_record = rdata + 5 + first_length; + size_t new_length = content_length / 2; + uint8_t *content = ssl_EncodeUintX(new_length, 2, &rdata[3]); - // Make room for the header of the second record. - memmove(second_record + 5, second_record, - rec->remaining() + content_length - first_length); + // Make room for one more header. + memmove(content + new_length + 5, content + new_length, + rec->remaining() + content_length - new_length); // Write second header. - memcpy(second_record, rdata, 3); - second_record[3] = (second_length >> 8) & 0xff; - second_record[4] = second_length & 0xff; + memcpy(content + new_length, rdata, 3); + (void)ssl_EncodeUintX(content_length - new_length, 2, + &content[new_length + 3]); return size + 5; } |