Fuzzing

Since version 5.5.3 parts of the strongSwan code base are fuzzed on Google’s OSS-Fuzz infrastructure.

The following fuzz targets are currently in use:

fuzz-certs

Fuzzes the X.509 certificate parsing framework as provided by the loaded plugins and the ASN.1 parser of the libstrongswan library.

fuzz-crls

Fuzzes the CRL parsing framework provided by the loaded plugins and the ASN.1 parser of the libstrongswan library.

fuzz-ids

Fuzzes the identity parser of the libstrongswan library.

fuzz-ocsp-req

Fuzzes the OCSP request parsing framework provided by the loaded plugins and the ASN.1 parser of the libstrongswan library.

fuzz-ocsp-rsp

Fuzzes the OCSP response parsing framework provided by the loaded plugins and the ASN.1 parser of the libstrongswan library.

fuzz-pa-tnc

Fuzzes the PA-TNC message parser (libimcv).

fuzz-pb-tnc

Fuzzes the PB-TNC batch parser (libtnccs).

The seed corpora used by the fuzz targets is provided in a separate repository.