From 00738bf65e9021ac3e6d7d6daff1ae1f8297c303 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 10 Feb 2022 18:15:42 +0000 Subject: [PATCH] Ensure ctr_drbg is initialised every time ctr_drbg is a local variable and thus needs initialisation every time LLVMFuzzerTestOneInput() is called, the rest of the variables inside the if(initialised) block are all static. Add extra validation to attempt to catch this issue in future. Signed-off-by: Paul Elliott --- library/aes.c | 1 + programs/fuzz/fuzz_server.c | 13 +++++++------ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/library/aes.c b/library/aes.c index 4afc3c48ae..d2b05e262b 100644 --- a/library/aes.c +++ b/library/aes.c @@ -971,6 +971,7 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, unsigned char output[16] ) { AES_VALIDATE_RET( ctx != NULL ); + AES_VALIDATE_RET( ctx->rk != NULL ); AES_VALIDATE_RET( input != NULL ); AES_VALIDATE_RET( output != NULL ); AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index e6eb5a71db..3d11d474cd 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -55,13 +55,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { } options = Data[Size - 1]; - if (initialized == 0) { - mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); - if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen( pers ) ) != 0 ) - return 1; + if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, + ( const unsigned char * ) pers, strlen( pers ) ) != 0 ) + return 1; + + if (initialized == 0) { #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_x509_crt_init( &srvcert );