kcer_nss_fuzzer: Skip certs that NSS doesn’t consider valid

The RunImportCertFromBytesUseValidCert method tries to import a
valid certificate and checks that it succeeds. Filter out
certificates that NSS doesn’t consider valid.

Fixed: b:415855133
Change-Id: I32ae3f72fc4bfa1b3f5c6542bac2bbf93ab08850
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6518956
Auto-Submit: Michael Ershov <miersh@google.com>
Commit-Queue: Andreea Costinas <acostinas@google.com>
Reviewed-by: Andreea Costinas <acostinas@google.com>
Cr-Commit-Position: refs/heads/main@{#1456830}

This commit is contained in:

Michael Ershov

2025-05-07 02:34:33 -07:00

committed by

Chromium LUCI CQ

parent a29e9e5bb8

commit 133a92e89c

1 changed files with 6 additions and 0 deletions

									
										6

chromeos/ash/components/kcer/kcer_nss/kcer_nss_fuzzer.cc
									
				@ -883,6 +883,12 @@ void KcerFuzzer::RunImportCertFromBytesUseValidCert() {

				  if (!cert) {

				    return;

				  }

				  net::ScopedCERTCertificate nss_cert =

				      net::x509_util::CreateCERTCertificateFromX509Certificate(cert.get());

				  if (!nss_cert) {

				    // NSS doesn't consider the cert valid.

				    return;

				  }

				  base::span<const uint8_t> cert_data = GetCertData(cert);

				  CertDer cert_der(std::vector<uint8_t>(cert_data.begin(), cert_data.end()));

kcer_nss_fuzzer: Skip certs that NSS doesn’t consider valid

6 chromeos/ash/components/kcer/kcer_nss/kcer_nss_fuzzer.cc

6

chromeos/ash/components/kcer/kcer_nss/kcer_nss_fuzzer.cc