From 00738bf65e9021ac3e6d7d6daff1ae1f8297c303 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 10 Feb 2022 18:15:42 +0000 Subject: [PATCH] Ensure ctr_drbg is initialised every time ctr_drbg is a local variable and thus needs initialisation every time LLVMFuzzerTestOneInput() is called, the rest of the variables inside the if(initialised) block are all static. Add extra validation to attempt to catch this issue in future. Signed-off-by: Paul Elliott --- library/aes.c | 1 + programs/fuzz/fuzz_server.c | 13 +++++++------ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/library/aes.c b/library/aes.c index 4afc3c48a..d2b05e262 100644 --- a/library/aes.c +++ b/library/aes.c @@ -971,6 +971,7 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, unsigned char output[16] ) { AES_VALIDATE_RET( ctx != NULL ); + AES_VALIDATE_RET( ctx->rk != NULL ); AES_VALIDATE_RET( input != NULL ); AES_VALIDATE_RET( output != NULL ); AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index e6eb5a71d..3d11d474c 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -55,13 +55,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { } options = Data[Size - 1]; - if (initialized == 0) { - mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); - if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen( pers ) ) != 0 ) - return 1; + if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, + ( const unsigned char * ) pers, strlen( pers ) ) != 0 ) + return 1; + + if (initialized == 0) { #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_x509_crt_init( &srvcert );