Limit the number of commands that can be used in the quic-lcidm fuzzer

The fuzzer was reporting a spurious timeout due to excessive numbers of
commands in a single file. We limit the number of commands to avoid this.

Found by OSSFuzz

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24831)

1 files changed, 6 insertions, 0 deletions

diff --git a/fuzz/quic-lcidm.c b/fuzz/quic-lcidm.c
index f72f091860..f74e6504bb 100644
--- a/fuzz/quic-lcidm.c
+++ b/fuzz/quic-lcidm.c
@@ -48,6 +48,8 @@ enum {
     CMD_LOOKUP
 };
 
+#define MAX_CMDS    10000
+
 static int get_cid(PACKET *pkt, QUIC_CONN_ID *cid)
 {
     unsigned int cidl;
@@ -72,6 +74,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
     OSSL_QUIC_FRAME_NEW_CONN_ID ncid_frame;
     int did_retire;
     void *opaque_out;
+    size_t limit = 0;
 
     if (!PACKET_buf_init(&pkt, buf, len))
         goto err;
@@ -91,6 +94,9 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
         if (!PACKET_get_1(&pkt, &cmd))
             goto err;
 
+        if (++limit > MAX_CMDS)
+            goto err;
+
         switch (cmd) {
         case CMD_ENROL_ODCID:
             if (!PACKET_get_net_8(&pkt, &arg_opaque)