limit bignums to 128 bytes

Keep us from spinning forever doing huge amounts of math in the fuzzer Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25013)
author: Neil Horman <nhorman@openssl.org> 2024-07-26 17:01:05 +0200
committer: Neil Horman <nhorman@openssl.org> 2024-08-09 13:59:03 +0200
commit: f0768376e1639d12a328745ef69c90d584138074 (patch)
tree: ab0c22d1ce8a09f4649602841ff0822b6de5f54e /fuzz
parent: Add "no-fips-post" configure option. (diff)
download: openssl-f0768376e1639d12a328745ef69c90d584138074.tar.xz
openssl-f0768376e1639d12a328745ef69c90d584138074.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/fuzz/bignum.c b/fuzz/bignum.c
index d7c3716aac..783e915977 100644
--- a/fuzz/bignum.c
+++ b/fuzz/bignum.c
@@ -52,11 +52,12 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
      */
     if (len > 2) {
         len -= 3;
-        l1 = (buf[0] * len) / 255;
+        /* limit l1, l2, and l3 to be no more than 512 bytes */
+        l1 = ((buf[0] * len) / 255) % 512;
         ++buf;
-        l2 = (buf[0] * (len - l1)) / 255;
+        l2 = ((buf[0] * (len - l1)) / 255) % 512;
         ++buf;
-        l3 = len - l1 - l2;
+        l3 = (len - l1 - l2) % 512;
 
         s1 = buf[0] & 1;
         s3 = buf[0] & 4;
author	Neil Horman <nhorman@openssl.org>	2024-07-26 17:01:05 +0200
committer	Neil Horman <nhorman@openssl.org>	2024-08-09 13:59:03 +0200
commit	f0768376e1639d12a328745ef69c90d584138074 (patch)
tree	ab0c22d1ce8a09f4649602841ff0822b6de5f54e /fuzz
parent	Add "no-fips-post" configure option. (diff)
download	openssl-f0768376e1639d12a328745ef69c90d584138074.tar.xz openssl-f0768376e1639d12a328745ef69c90d584138074.zip