Replace fuzzer-generated PKCS7 regression tests

This commit adds well-formed reproducers for the memory management issues fixed in the following commits: 290f01b3f54a16045be201699becda8f500eebd5 e7f8c616d0b9388fd20ffd6c9730ea8188f27716 f7641544eafeaf0c71d109fbbec1d9f8aa2e74d8 Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2025-01-31 18:32:57 +00:00 · 2023-01-19 20:57:44 +01:00 · 2023-01-19 20:57:44 +01:00 · 248971348b
commit 248971348b
parent ffb92b0789
6 changed files with 18 additions and 6 deletions
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@ -1369,6 +1369,18 @@ pkcs7_data_signed_badsigner.der: pkcs7_data_cert_signed_sha256.der
 	echo -en '\xa1' | dd of=$@ bs=1 seek=918 conv=notrunc
 all_final += pkcs7_data_signed_badsigner.der

+# pkcs7 signature file with invalid tag in signerInfo[1].serial after long issuer name
+pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der: pkcs7_data_multiple_signed.der
+	cp $< $@
+	echo -en '\xa1' | dd of=$@ bs=1 seek=498 conv=notrunc
+all_final += pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der
+
+# pkcs7 signature file with invalid tag in signerInfo[2]
+pkcs7_signerInfo_2_invalid_tag.der: pkcs7_data_3_signed.der
+	cp $< $@
+	echo -en '\xa1' | dd of=$@ bs=1 seek=810 conv=notrunc
+all_final += pkcs7_signerInfo_2_invalid_tag.der
+
 # pkcs7 file with version 2
 pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der
 	cp pkcs7_data_cert_signed_sha256.der $@
--- a/tests/data_files/pkcs7_get_signers_info_set-leak-fuzz_pkcs7-4541044530479104.der
+++ b/tests/data_files/pkcs7_get_signers_info_set-leak-fuzz_pkcs7-4541044530479104.der
--- a/tests/data_files/pkcs7_get_signers_info_set-missing_free-fuzz_pkcs7-6213931373035520.der
+++ b/tests/data_files/pkcs7_get_signers_info_set-missing_free-fuzz_pkcs7-6213931373035520.der
--- a/tests/data_files/pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der
+++ b/tests/data_files/pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der
--- a/tests/data_files/pkcs7_signerInfo_2_invalid_tag.der
+++ b/tests/data_files/pkcs7_signerInfo_2_invalid_tag.der
--- a/tests/suites/test_suite_pkcs7.data
+++ b/tests/suites/test_suite_pkcs7.data
@ -78,13 +78,13 @@ PKCS7 Signed Data Parse Failure Corrupt signerInfo.serial #15.2
 depends_on:MBEDTLS_SHA256_C
 pkcs7_parse:"data_files/pkcs7_signerInfo_serial_invalid_size.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO

-pkcs7_get_signers_info_set error handling (6213931373035520)
-depends_on:MBEDTLS_RIPEMD160_C
-pkcs7_parse:"data_files/pkcs7_get_signers_info_set-missing_free-fuzz_pkcs7-6213931373035520.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+PKCS7 Signed Data Parse Fail Corrupt signerInfos[2] (6213931373035520)
+depends_on:MBEDTLS_SHA256_C
+pkcs7_parse:"data_files/pkcs7_signerInfo_2_invalid_tag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)

-pkcs7_get_signers_info_set error handling (4541044530479104)
-depends_on:MBEDTLS_RIPEMD160_C
-pkcs7_parse:"data_files/pkcs7_get_signers_info_set-leak-fuzz_pkcs7-4541044530479104.der": MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
+PKCS7 Signed Data Parse Fail Corrupt signerInfos[1].issuerAndSerialNumber.serialNumber, after multi-element .name (4541044530479104)
+depends_on:MBEDTLS_SHA256_C
+pkcs7_parse:"data_files/pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO

 PKCS7 Only Signed Data Parse Pass #15
 depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C