Don't print excessively long ASN1 items in fuzzer

Prevent spurious fuzzer timeouts by not printing ASN1 which is excessively
long.

This fixes a false positive encountered by OSS-Fuzz.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23640)

diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index ee602a08a3d91230c05ed32340b074d668f5a13f..d55554b7fd0a1a68139005c4c84a7426ed91a5e7 100644 (file)
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -312,10 +312,16 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
         ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, i);
 
         if (o != NULL) {
-            BIO *bio = BIO_new(BIO_s_null());
-            if (bio != NULL) {
-                ASN1_item_print(bio, o, 4, i, pctx);
-                BIO_free(bio);
+            /*
+             * Don't print excessively long output to prevent spurious fuzzer
+             * timeouts.
+             */
+            if (b - buf < 10000) {
+                BIO *bio = BIO_new(BIO_s_null());
+                if (bio != NULL) {
+                    ASN1_item_print(bio, o, 4, i, pctx);
+                    BIO_free(bio);
+                }
             }
             if (ASN1_item_i2d(o, &der, i) > 0) {
                 OPENSSL_free(der);