mirror of
https://github.com/opnsense/src.git
synced 2026-02-27 03:40:37 -05:00
3e696dfb70
Some highlights from NEWS:
** bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*();
gh#480.
** New API calls:
- fido_dev_info_set;
- fido_dev_io_handle;
- fido_dev_new_with_info;
- fido_dev_open_with_info.
** Documentation and reliability fixes.
** Support for TPM 2.0 attestation of COSE_ES256 credentials.
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
|
||
|---|---|---|
| .. | ||
| build-coverage | ||
| clock.c | ||
| CMakeLists.txt | ||
| Dockerfile | ||
| dummy.h | ||
| export.gnu | ||
| functions.txt | ||
| fuzz_assert.c | ||
| fuzz_bio.c | ||
| fuzz_cred.c | ||
| fuzz_credman.c | ||
| fuzz_hid.c | ||
| fuzz_largeblob.c | ||
| fuzz_mgmt.c | ||
| fuzz_netlink.c | ||
| libfuzzer.c | ||
| Makefile | ||
| mutator_aux.c | ||
| mutator_aux.h | ||
| preload-fuzz.c | ||
| preload-snoop.c | ||
| prng.c | ||
| README | ||
| report.tgz | ||
| summary.txt | ||
| udev.c | ||
| uniform_random.c | ||
| wiredata_fido2.h | ||
| wiredata_u2f.h | ||
| wrap.c | ||
| wrapped.sym | ||
libfido2 can be fuzzed using AFL or libFuzzer, with or without
ASAN/MSAN/UBSAN.
AFL is more convenient when fuzzing the path from the authenticator to
libfido2 in an existing application. To do so, use preload-snoop.c with a real
authenticator to obtain an initial corpus, rebuild libfido2 with -DFUZZ=ON, and
use preload-fuzz.c to read device data from stdin.
libFuzzer is better suited for bespoke fuzzers; see fuzz_cred.c, fuzz_credman.c,
fuzz_assert.c, fuzz_hid.c, and fuzz_mgmt.c for examples. To build these
harnesses, use -DFUZZ=ON -DLIBFUZZER=ON.
To run under ASAN/MSAN/UBSAN, libfido2 needs to be linked against flavours of
libcbor and OpenSSL built with the respective sanitiser. In order to keep
memory utilisation at a manageable level, you can either enforce limits at
the OS level (e.g. cgroups on Linux), or patch libcbor with the diff below.
diff --git src/cbor/internal/memory_utils.c src/cbor/internal/memory_utils.c
index aa049a2..e294b38 100644
--- src/cbor/internal/memory_utils.c
+++ src/cbor/internal/memory_utils.c
@@ -28,7 +28,10 @@ bool _cbor_safe_to_multiply(size_t a, size_t b) {
void* _cbor_alloc_multiple(size_t item_size, size_t item_count) {
if (_cbor_safe_to_multiply(item_size, item_count)) {
- return _CBOR_MALLOC(item_size * item_count);
+ if (item_count > 1000) {
+ return NULL;
+ } else
+ return _CBOR_MALLOC(item_size * item_count);
} else {
return NULL;
}