tests: internal: fuzzers: aws_credentials_fuzzer: fix incorrect length parameter

edsiper · edsiper · commit 781aedf38eda · 2025-11-04T15:00:23.000-06:00
The fuzz_http function was passing a hardcoded length of 250 bytes to
flb_parse_http_credentials(), but get_null_terminated() may return a
shorter string if less data is available. This mismatch could cause
the parser to read past the null terminator or into uninitialized
memory during fuzzing.

Fix by:
- Calculate actual response length based on available data
- Use strlen(response) to get the actual string length when calling
  flb_parse_http_credentials()
- Add null check for response before using it

This prevents out-of-bounds reads and crashes during fuzz testing.

Signed-off-by: Eduardo Silva &lt;eduardo@chronosphere.io&gt;
diff --git a/tests/internal/fuzzers/aws_credentials_fuzzer.c b/tests/internal/fuzzers/aws_credentials_fuzzer.c
@@ -18,6 +18,7 @@
  */
 
 #include <stdint.h>
+#include <string.h>
 #include <fluent-bit.h>
 #include <fluent-bit/flb_sds.h>
 #include <fluent-bit/flb_aws_credentials.h>
@@ -57,7 +58,7 @@ void fuzz_sts(const uint8_t *data, size_t size) {
         flb_sds_t s1 = flb_sts_uri(action, role_arn, session_name,
                                    external_id, identity_token);
         if (s1 != NULL) {
-            flb_sds_destroy(s1);                
+            flb_sds_destroy(s1);
         }
 
         flb_free(action);
@@ -76,13 +77,17 @@ void fuzz_sts(const uint8_t *data, size_t size) {
 void fuzz_http(const uint8_t *data, size_t size) {
     time_t expiration;
     struct flb_aws_credentials *creds = NULL;
-
-    char *response = get_null_terminated(250, &data, &size);
-    creds = flb_parse_http_credentials(response, 250, &expiration);
-    if (creds != NULL) {
-        flb_aws_credentials_destroy(creds);
+    size_t response_len;
+
+    response_len = (size > 250) ? 250 : size;
+    char *response = get_null_terminated(response_len, &data, &size);
+    if (response != NULL) {
+        creds = flb_parse_http_credentials(response, strlen(response), &expiration);
+        if (creds != NULL) {
+            flb_aws_credentials_destroy(creds);
+        }
+        flb_free(response);
     }
-    flb_free(response);
 }
 
 
