From b89fccfabcc28254b7e42f263c5e9c04207606aa Mon Sep 17 00:00:00 2001 From: Ivan Nardi Date: Thu, 23 Jan 2025 15:01:13 +0100 Subject: [PATCH] fuzz: extend fuzzing coverage --- example/reader_util.c | 2 ++ fuzz/fuzz_alg_strnstr.cpp | 2 ++ fuzz/fuzz_config.cpp | 1 + fuzz/fuzz_ndpi_reader.c | 28 +++++++++++++++++++++++++--- 4 files changed, 30 insertions(+), 3 deletions(-) diff --git a/example/reader_util.c b/example/reader_util.c index c7de6413bf6..ce013a4b6c2 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1418,6 +1418,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl if(flow->ndpi_flow->protos.dns.geolocation_iata_code[0] != '\0') strcpy(flow->dns.geolocation_iata_code, flow->ndpi_flow->protos.dns.geolocation_iata_code); +#if 0 if(0) { u_int8_t i; @@ -1433,6 +1434,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl printf("(%s) %s [ttl: %u]\n", flow->host_server_name, buf, flow->ndpi_flow->protos.dns.rsp_addr_ttl[i]); } } +#endif } /* MDNS */ else if(is_ndpi_proto(flow, NDPI_PROTOCOL_MDNS)) { diff --git a/fuzz/fuzz_alg_strnstr.cpp b/fuzz/fuzz_alg_strnstr.cpp index 1a2bd3d2fa4..49a7aebb728 100644 --- a/fuzz/fuzz_alg_strnstr.cpp +++ b/fuzz/fuzz_alg_strnstr.cpp @@ -14,5 +14,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_strnstr(haystack.c_str(), needle.c_str(), len); + ndpi_str_endswith(haystack.c_str(), needle.c_str()); + return 0; } diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp index 981f3eb5234..3ffc2440b09 100644 --- a/fuzz/fuzz_config.cpp +++ b/fuzz/fuzz_config.cpp @@ -750,6 +750,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_get_lru_cache_stats(g_ctx, ndpi_info_mod, static_cast(i), &lru_stats); for(i = 0; i < NDPI_PTREE_MAX + 1; i++) /* + 1 to test invalid type */ ndpi_get_patricia_stats(ndpi_info_mod, static_cast(i), &patricia_stats); + ndpi_patricia_get_stats(NULL, &patricia_stats); for(i = 0; i < NDPI_AUTOMA_MAX + 1; i++) /* + 1 to test invalid type */ ndpi_get_automa_stats(ndpi_info_mod, static_cast(i), &automa_stats); diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c index 6c5be9c4040..ed0fb96b221 100644 --- a/fuzz/fuzz_ndpi_reader.c +++ b/fuzz/fuzz_ndpi_reader.c @@ -22,9 +22,9 @@ u_int8_t human_readeable_string_len = 5; u_int8_t max_num_udp_dissected_pkts = 0, max_num_tcp_dissected_pkts = 0; /* Disable limits at application layer */; int malloc_size_stats = 0; FILE *fingerprint_fp = NULL; -bool do_load_lists = false; +bool do_load_lists = true; char *addr_dump_path = NULL; -int monitoring_enabled = 0; +int monitoring_enabled = 1; extern void ndpi_report_payload_stats(FILE *out); @@ -39,6 +39,26 @@ size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, } #endif +static void node_cleanup_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { + struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; + + (void)depth; + (void)user_data; + + if(flow == NULL) return; + + if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */ + if((!flow->detection_completed) && flow->ndpi_flow) { + u_int8_t proto_guessed; + + flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, + flow->ndpi_flow, &proto_guessed); + } + + process_ndpi_collected_info(workflow, flow); + } +} + int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { pcap_t * pkts; const u_char *pkt; @@ -160,8 +180,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { pcap_close(pkts); /* Free flow trees */ - for(i = 0; i < workflow->prefs.num_roots; i++) + for(i = 0; i < workflow->prefs.num_roots; i++) { + ndpi_twalk(workflow->ndpi_flows_root[i], node_cleanup_walker, NULL); ndpi_tdestroy(workflow->ndpi_flows_root[i], ndpi_flow_info_freer); + } ndpi_free(workflow->ndpi_flows_root); /* Free payload analyzer data */ if(enable_payload_analyzer)