← All libraries
Network · C
How to fuzz GnuTLS
GnuTLS is the TLS stack for GNOME and glib-networking — certificate parsing bugs affect the desktop.
GnuTLS is the TLS implementation used across the GNOME ecosystem, CUPS, and many server applications. Its ASN.1 DER parser, X.509 certificate verification, and DTLS reassembly logic all consume attacker-controlled data; historical CVEs include critical authentication bypass and memory corruption vulnerabilities.
Common bug classes
- •Heap buffer overflow in ASN.1 DER tag-length-value decode
- •Integer overflow in X.509 GeneralName SAN IP address length
- •Out-of-bounds read in DTLS fragment reassembly buffer
- •Authentication bypass via crafted certificate chain ordering
- •Use-after-free in TLS session resumption ticket decrypt
Recommended setup
Fuzzers
- → AFL++
- → libFuzzer
- → Honggfuzz
Sanitizers
- → ASan
- → UBSan
- → MSan
Harness scaffold
#include <stdint.h>
#include <stddef.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
gnutls_x509_crt_t cert;
if (gnutls_x509_crt_init(&cert) < 0) return 0;
gnutls_datum_t der = { (unsigned char *)data, (unsigned int)size };
gnutls_x509_crt_import(cert, &der, GNUTLS_X509_FMT_DER);
gnutls_x509_crt_import(cert, &der, GNUTLS_X509_FMT_PEM);
gnutls_x509_crt_deinit(cert);
return 0;
}Save this as fuzz_target.cc, build with your compiler + sanitizer flags, and you have a working starting point.
Notable CVEs found by fuzzing
- → CVE-2021-20232
- → CVE-2022-2509
Push the harness above + a Dockerfile. First month 50% off.