From f0768376e1639d12a328745ef69c90d584138074 Mon Sep 17 00:00:00 2001 From: Neil Horman Date: Fri, 26 Jul 2024 11:01:05 -0400 Subject: [PATCH] limit bignums to 128 bytes Keep us from spinning forever doing huge amounts of math in the fuzzer Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/25013) --- fuzz/bignum.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fuzz/bignum.c b/fuzz/bignum.c index d7c3716aac..783e915977 100644 --- a/fuzz/bignum.c +++ b/fuzz/bignum.c @@ -52,11 +52,12 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) */ if (len > 2) { len -= 3; - l1 = (buf[0] * len) / 255; + /* limit l1, l2, and l3 to be no more than 512 bytes */ + l1 = ((buf[0] * len) / 255) % 512; ++buf; - l2 = (buf[0] * (len - l1)) / 255; + l2 = ((buf[0] * (len - l1)) / 255) % 512; ++buf; - l3 = len - l1 - l2; + l3 = (len - l1 - l2) % 512; s1 = buf[0] & 1; s3 = buf[0] & 4;