summaryrefslogtreecommitdiffstats
path: root/security/nss/fuzz/tls_mutators.cc
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-04-25 23:08:37 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-04-25 23:08:37 +0200
commit42f8488a5f66d7c1e5324bd1755d7f693b16ee97 (patch)
tree54c7d2a62c4ea34b1250b5362c8e6f89d03f1a02 /security/nss/fuzz/tls_mutators.cc
parent681c39a0ecc84fc918b2bec72cc69ad27d39903a (diff)
parent6c3f95480a191ce432ddfb2aa400a6d70c4884a8 (diff)
downloadUXP-42f8488a5f66d7c1e5324bd1755d7f693b16ee97.tar
UXP-42f8488a5f66d7c1e5324bd1755d7f693b16ee97.tar.gz
UXP-42f8488a5f66d7c1e5324bd1755d7f693b16ee97.tar.lz
UXP-42f8488a5f66d7c1e5324bd1755d7f693b16ee97.tar.xz
UXP-42f8488a5f66d7c1e5324bd1755d7f693b16ee97.zip
Merge branch 'master' into Basilisk-releasev2018.04.26
Diffstat (limited to 'security/nss/fuzz/tls_mutators.cc')
-rw-r--r--security/nss/fuzz/tls_mutators.cc31
1 files changed, 11 insertions, 20 deletions
diff --git a/security/nss/fuzz/tls_mutators.cc b/security/nss/fuzz/tls_mutators.cc
index 228bd0bb7..e9770cb39 100644
--- a/security/nss/fuzz/tls_mutators.cc
+++ b/security/nss/fuzz/tls_mutators.cc
@@ -2,14 +2,11 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-#include <algorithm>
#include "shared.h"
#include "tls_parser.h"
#include "ssl.h"
-extern "C" {
#include "sslimpl.h"
-}
using namespace nss_test;
@@ -42,9 +39,7 @@ class Record {
void truncate(size_t length) {
assert(length >= 5 + gExtraHeaderBytes);
uint8_t *dest = const_cast<uint8_t *>(data_);
- size_t l = length - (5 + gExtraHeaderBytes);
- dest[3] = (l >> 8) & 0xff;
- dest[4] = l & 0xff;
+ (void)ssl_EncodeUintX(length - 5 - gExtraHeaderBytes, 2, &dest[3]);
memmove(dest + length, data_ + size_, remaining_);
}
@@ -227,8 +222,8 @@ size_t FragmentRecord(uint8_t *data, size_t size, size_t max_size,
}
// Pick a record to fragment at random.
- std::uniform_int_distribution<size_t> rand_record(0, records.size() - 1);
- auto &rec = records.at(rand_record(rng));
+ std::uniform_int_distribution<size_t> dist(0, records.size() - 1);
+ auto &rec = records.at(dist(rng));
uint8_t *rdata = const_cast<uint8_t *>(rec->data());
size_t length = rec->size();
size_t content_length = length - 5;
@@ -238,21 +233,17 @@ size_t FragmentRecord(uint8_t *data, size_t size, size_t max_size,
}
// Assign a new length to the first fragment.
- std::uniform_int_distribution<size_t> rand_size(1, content_length - 1);
- size_t first_length = rand_size(rng);
- size_t second_length = content_length - first_length;
- rdata[3] = (first_length >> 8) & 0xff;
- rdata[4] = first_length & 0xff;
- uint8_t *second_record = rdata + 5 + first_length;
+ size_t new_length = content_length / 2;
+ uint8_t *content = ssl_EncodeUintX(new_length, 2, &rdata[3]);
- // Make room for the header of the second record.
- memmove(second_record + 5, second_record,
- rec->remaining() + content_length - first_length);
+ // Make room for one more header.
+ memmove(content + new_length + 5, content + new_length,
+ rec->remaining() + content_length - new_length);
// Write second header.
- memcpy(second_record, rdata, 3);
- second_record[3] = (second_length >> 8) & 0xff;
- second_record[4] = second_length & 0xff;
+ memcpy(content + new_length, rdata, 3);
+ (void)ssl_EncodeUintX(content_length - new_length, 2,
+ &content[new_length + 3]);
return size + 5;
}