From fba28f19754f62b5227650143d5441fc86d4c7d7 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@gmail.com>
Date: Wed, 25 Apr 2018 21:33:33 +0200
Subject: Revert "Update NSS to 3.35-RTM"

This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.
---
 security/nss/fuzz/tls_mutators.cc | 31 +++++++++++--------------------
 1 file changed, 11 insertions(+), 20 deletions(-)

(limited to 'security/nss/fuzz/tls_mutators.cc')

diff --git a/security/nss/fuzz/tls_mutators.cc b/security/nss/fuzz/tls_mutators.cc
index 228bd0bb7a..e9770cb39f 100644
--- a/security/nss/fuzz/tls_mutators.cc
+++ b/security/nss/fuzz/tls_mutators.cc
@@ -2,14 +2,11 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#include <algorithm>
 #include "shared.h"
 #include "tls_parser.h"
 
 #include "ssl.h"
-extern "C" {
 #include "sslimpl.h"
-}
 
 using namespace nss_test;
 
@@ -42,9 +39,7 @@ class Record {
   void truncate(size_t length) {
     assert(length >= 5 + gExtraHeaderBytes);
     uint8_t *dest = const_cast<uint8_t *>(data_);
-    size_t l = length - (5 + gExtraHeaderBytes);
-    dest[3] = (l >> 8) & 0xff;
-    dest[4] = l & 0xff;
+    (void)ssl_EncodeUintX(length - 5 - gExtraHeaderBytes, 2, &dest[3]);
     memmove(dest + length, data_ + size_, remaining_);
   }
 
@@ -227,8 +222,8 @@ size_t FragmentRecord(uint8_t *data, size_t size, size_t max_size,
   }
 
   // Pick a record to fragment at random.
-  std::uniform_int_distribution<size_t> rand_record(0, records.size() - 1);
-  auto &rec = records.at(rand_record(rng));
+  std::uniform_int_distribution<size_t> dist(0, records.size() - 1);
+  auto &rec = records.at(dist(rng));
   uint8_t *rdata = const_cast<uint8_t *>(rec->data());
   size_t length = rec->size();
   size_t content_length = length - 5;
@@ -238,21 +233,17 @@ size_t FragmentRecord(uint8_t *data, size_t size, size_t max_size,
   }
 
   // Assign a new length to the first fragment.
-  std::uniform_int_distribution<size_t> rand_size(1, content_length - 1);
-  size_t first_length = rand_size(rng);
-  size_t second_length = content_length - first_length;
-  rdata[3] = (first_length >> 8) & 0xff;
-  rdata[4] = first_length & 0xff;
-  uint8_t *second_record = rdata + 5 + first_length;
+  size_t new_length = content_length / 2;
+  uint8_t *content = ssl_EncodeUintX(new_length, 2, &rdata[3]);
 
-  // Make room for the header of the second record.
-  memmove(second_record + 5, second_record,
-          rec->remaining() + content_length - first_length);
+  // Make room for one more header.
+  memmove(content + new_length + 5, content + new_length,
+          rec->remaining() + content_length - new_length);
 
   // Write second header.
-  memcpy(second_record, rdata, 3);
-  second_record[3] = (second_length >> 8) & 0xff;
-  second_record[4] = second_length & 0xff;
+  memcpy(content + new_length, rdata, 3);
+  (void)ssl_EncodeUintX(content_length - new_length, 2,
+                        &content[new_length + 3]);
 
   return size + 5;
 }
-- 
cgit v1.2.3