vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-02 00:40:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

fuzz: extend fuzzing coverage (#2626)

Browse source
This commit is contained in:
Ivan Nardi 2024-11-20 13:36:41 +01:00 committed by GitHub
parent c5bd9d8bff
commit 43f7dc9ba0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 26 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

14
fuzz/fuzz_alg_crc32_md5.c
View file

@ -6,10 +6,15 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
ndpi_MD5_CTX ctx;
struct ndpi_popcount popcount;
char *str;
u_int len;
u_char out[2048], out2[2048];
int pseudo_bool;
/* No memory allocations involved */
/* Used for crc32, md5, hash(es) and popcount algs */
/* Used for crc32, md5, hash(es), popcount and hex2bin algs */
pseudo_bool = (size % 2 == 0);
ndpi_crc16_ccit(data, size);
ndpi_crc16_ccit_false(data, size);
@ -44,8 +49,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
}
ndpi_popcount_init(&popcount);
ndpi_popcount_count(&popcount, data, size);
ndpi_popcount_init(pseudo_bool ? &popcount : NULL);
ndpi_popcount_count(pseudo_bool ? &popcount : NULL, data, size);
len = ndpi_bin2hex(out, sizeof(out), (u_char *)data, size);
ndpi_hex2bin(out2, sizeof(out2), out, len);
return 0;
}

5
fuzz/fuzz_alg_memmem.cpp
View file

@ -29,7 +29,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
/* Let use this fuzzer to check also this simple function... */
ndpi_strlcpy(dst, (const char *)h, sizeof(dst), h_len);
if(fuzzed_data.ConsumeBool())
ndpi_strlcpy(dst, (const char *)h, sizeof(dst), h_len);
else
ndpi_strlcpy(NULL, (const char *)h, 0, h_len);
return 0;
}

7
fuzz/fuzz_config.cpp
View file

@ -36,6 +36,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
char cfg_param[32];
u_int64_t cat_userdata = 0;
u_int16_t unused1, unused2;
ndpi_master_app_protocol proto1, proto2;
/* To allow memory allocation failures */
fuzz_set_alloc_callbacks_and_seed(size);
@ -645,6 +646,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
ndpi_fpc_confidence_get_name(static_cast<ndpi_fpc_confidence_t>(fuzzed_data.ConsumeIntegral<u_int8_t>()));
ndpi_get_proto_breed_name(static_cast<ndpi_protocol_breed_t>(fuzzed_data.ConsumeIntegral<u_int8_t>()));
ndpi_get_l4_proto_name(static_cast<ndpi_l4_proto_info>(fuzzed_data.ConsumeIntegral<u_int8_t>()));
proto1.app_protocol = fuzzed_data.ConsumeIntegral<u_int16_t>();
proto1.master_protocol = fuzzed_data.ConsumeIntegral<u_int16_t>();
ndpi_is_proto_unknown(proto1);
proto2.app_protocol = fuzzed_data.ConsumeIntegral<u_int16_t>();
proto2.master_protocol = fuzzed_data.ConsumeIntegral<u_int16_t>();
ndpi_is_proto_equals(proto1, proto2, fuzzed_data.ConsumeBool());
char buf2[16];
ndpi_entropy2str(fuzzed_data.ConsumeFloatingPoint<float>(), fuzzed_data.ConsumeBool() ? buf2 : NULL, sizeof(buf2));

6
fuzz/fuzz_ndpi_reader.c
View file

@ -89,14 +89,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
ndpi_set_config(workflow->ndpi_struct, NULL, "flow.track_payload", "1");
ndpi_set_config(workflow->ndpi_struct, NULL, "tcp_ack_payload_heuristic", "1");
ndpi_set_config(workflow->ndpi_struct, "tls", "application_blocks_tracking", "1");
ndpi_set_config(workflow->ndpi_struct, "stun", "max_packets_extra_dissection", "255");
ndpi_set_config(workflow->ndpi_struct, "stun", "max_packets_extra_dissection", "40");
ndpi_set_config(workflow->ndpi_struct, "zoom", "max_packets_extra_dissection", "255");
ndpi_set_config(workflow->ndpi_struct, "rtp", "search_for_stun", "1");
ndpi_set_config(workflow->ndpi_struct, "openvpn", "dpi.heuristics", "0x01");
ndpi_set_config(workflow->ndpi_struct, "openvpn", "dpi.heuristics.num_messages", "255");
ndpi_set_config(workflow->ndpi_struct, "openvpn", "dpi.heuristics.num_messages", "20");
ndpi_set_config(workflow->ndpi_struct, "tls", "metadata.ja4r_fingerprint", "1");
ndpi_set_config(workflow->ndpi_struct, "tls", "dpi.heuristics", "0x07");
ndpi_set_config(workflow->ndpi_struct, "tls", "dpi.heuristics.max_packets_extra_dissection", "255");
ndpi_set_config(workflow->ndpi_struct, "tls", "dpi.heuristics.max_packets_extra_dissection", "40");
ndpi_set_config(workflow->ndpi_struct, "stun", "monitoring", "1");
ndpi_finalize_initialization(workflow->ndpi_struct);

2
fuzz/fuzz_serialization.cpp
View file

@ -19,7 +19,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
/* To allow memory allocation failures */
fuzz_set_alloc_callbacks_and_seed(size);
fmt = static_cast<ndpi_serialization_format>(fuzzed_data.ConsumeIntegralInRange(1, 4));
fmt = static_cast<ndpi_serialization_format>(fuzzed_data.ConsumeIntegralInRange(1, 5));
if (fuzzed_data.ConsumeBool())
rc = ndpi_init_serializer(&serializer, fmt);