diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-12-11 19:24:17 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-11 19:24:17 +0100 |
| commit | 7b5354588bdd91b46f65136d1adae662d1acb516 (patch) | |
| tree | 7fe074f16eff9431c7736ae93fb430362d1f65f4 | |
| parent | b3f2b1bb7f90c18a7542ab06acdf26318cdfa6fe (diff) | |
fuzz: extend fuzzing coverage (#2208)
| -rw-r--r-- | .gitignore | 6 | ||||
| -rw-r--r-- | fuzz/Makefile.am | 62 | ||||
| -rw-r--r-- | fuzz/corpus/fuzz_filecfg_malicious_ja3/1 | 2 | ||||
| -rw-r--r-- | fuzz/corpus/fuzz_filecfg_malicious_ja3/2 | 1 | ||||
| -rw-r--r-- | fuzz/corpus/fuzz_filecfg_malicious_sha1/1 | 2 | ||||
| -rw-r--r-- | fuzz/corpus/fuzz_filecfg_malicious_sha1/2 | 1 | ||||
| -rw-r--r-- | fuzz/corpus/fuzz_filecfg_risk_domains/1 | 2 | ||||
| -rw-r--r-- | fuzz/fuzz_filecfg_categories.c | 3 | ||||
| -rw-r--r-- | fuzz/fuzz_filecfg_malicious_ja3.c | 47 | ||||
| -rw-r--r-- | fuzz/fuzz_filecfg_malicious_sha1.c | 47 | ||||
| -rw-r--r-- | fuzz/fuzz_filecfg_protocols.c | 3 | ||||
| -rw-r--r-- | fuzz/fuzz_filecfg_risk_domains.c | 47 | ||||
| -rw-r--r-- | src/include/ndpi_api.h | 3 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 87 | ||||
| -rw-r--r-- | src/lib/ndpi_private.h | 6 |
15 files changed, 282 insertions, 37 deletions
diff --git a/.gitignore b/.gitignore index b0054952b..f74e60d4d 100644 --- a/.gitignore +++ b/.gitignore @@ -86,6 +86,9 @@ /fuzz/fuzz_ndpi_reader_payload_analyzer /fuzz/fuzz_filecfg_protocols /fuzz/fuzz_filecfg_categories +/fuzz/fuzz_filecfg_malicious_sha1 +/fuzz/fuzz_filecfg_malicious_ja3 +/fuzz/fuzz_filecfg_risk_domains /fuzz/fuzz_readerutils_workflow /fuzz/fuzz_readerutils_parseprotolist /fuzz/fuzz_ndpi_reader_alloc_fail_seed_corpus.zip @@ -114,6 +117,9 @@ /fuzz/fuzz_tls_certificate_seed_corpus.zip /fuzz/fuzz_filecfg_protocols_seed_corpus.zip /fuzz/fuzz_filecfg_categories_seed_corpus.zip +/fuzz/fuzz_filecfg_malicious_sha1_seed_corpus.zip +/fuzz/fuzz_filecfg_malicious_ja3_seed_corpus.zip +/fuzz/fuzz_filecfg_risk_domains_seed_corpus.zip /fuzz/fuzz_dga_seed_corpus.zip /fuzz/fuzz_ndpi_reader_payload_analyzer_seed_corpus.zip /fuzz/fuzz_readerutils_workflow_seed_corpus.zip diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index 6caa57fa9..978102813 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -8,7 +8,7 @@ bin_PROGRAMS += fuzz_libinjection fuzz_binaryfusefilter #Internal crypto bin_PROGRAMS += fuzz_gcrypt_light fuzz_gcrypt_aes fuzz_gcrypt_gcm fuzz_gcrypt_cipher #Configuration files -bin_PROGRAMS += fuzz_filecfg_protocols fuzz_filecfg_categories +bin_PROGRAMS += fuzz_filecfg_protocols fuzz_filecfg_categories fuzz_filecfg_malicious_sha1 fuzz_filecfg_malicious_ja3 fuzz_filecfg_risk_domains #Reader utils bin_PROGRAMS += fuzz_readerutils_workflow fuzz_readerutils_parseprotolist @@ -499,7 +499,7 @@ fuzz_gcrypt_cipher_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(fuzz_gcrypt_cipher_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ fuzz_filecfg_protocols_SOURCES = fuzz_filecfg_protocols.c fuzz_common_code.c -fuzz_filecfg_protocols_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) +fuzz_filecfg_protocols_CFLAGS = -I../src/lib/ @NDPI_CFLAGS@ $(CXXFLAGS) -DNDPI_LIB_COMPILATION fuzz_filecfg_protocols_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) fuzz_filecfg_protocols_LDFLAGS = $(LIBS) if HAS_FUZZLDFLAGS @@ -512,7 +512,7 @@ fuzz_filecfg_protocols_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(fuzz_filecfg_protocols_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ fuzz_filecfg_categories_SOURCES = fuzz_filecfg_categories.c fuzz_common_code.c -fuzz_filecfg_categories_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) +fuzz_filecfg_categories_CFLAGS = -I../src/lib/ @NDPI_CFLAGS@ $(CXXFLAGS) -DNDPI_LIB_COMPILATION fuzz_filecfg_categories_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) fuzz_filecfg_categories_LDFLAGS = $(LIBS) if HAS_FUZZLDFLAGS @@ -524,6 +524,45 @@ fuzz_filecfg_categories_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ $(fuzz_filecfg_categories_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ +fuzz_filecfg_malicious_sha1_SOURCES = fuzz_filecfg_malicious_sha1.c fuzz_common_code.c +fuzz_filecfg_malicious_sha1_CFLAGS = -I../src/lib/ @NDPI_CFLAGS@ $(CXXFLAGS) -DNDPI_LIB_COMPILATION +fuzz_filecfg_malicious_sha1_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) +fuzz_filecfg_malicious_sha1_LDFLAGS = $(LIBS) +if HAS_FUZZLDFLAGS +fuzz_filecfg_malicious_sha1_CFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_filecfg_malicious_sha1_LDFLAGS += $(LIB_FUZZING_ENGINE) +endif +# force usage of CXX for linker +fuzz_filecfg_malicious_sha1_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ + $(fuzz_filecfg_malicious_sha1_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ + +fuzz_filecfg_malicious_ja3_SOURCES = fuzz_filecfg_malicious_ja3.c fuzz_common_code.c +fuzz_filecfg_malicious_ja3_CFLAGS = -I../src/lib/ @NDPI_CFLAGS@ $(CXXFLAGS) -DNDPI_LIB_COMPILATION +fuzz_filecfg_malicious_ja3_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) +fuzz_filecfg_malicious_ja3_LDFLAGS = $(LIBS) +if HAS_FUZZLDFLAGS +fuzz_filecfg_malicious_ja3_CFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_filecfg_malicious_ja3_LDFLAGS += $(LIB_FUZZING_ENGINE) +endif +# force usage of CXX for linker +fuzz_filecfg_malicious_ja3_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ + $(fuzz_filecfg_malicious_ja3_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ + +fuzz_filecfg_risk_domains_SOURCES = fuzz_filecfg_risk_domains.c fuzz_common_code.c +fuzz_filecfg_risk_domains_CFLAGS = -I../src/lib/ @NDPI_CFLAGS@ $(CXXFLAGS) -DNDPI_LIB_COMPILATION +fuzz_filecfg_risk_domains_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) +fuzz_filecfg_risk_domains_LDFLAGS = $(LIBS) +if HAS_FUZZLDFLAGS +fuzz_filecfg_risk_domains_CFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_filecfg_risk_domains_LDFLAGS += $(LIB_FUZZING_ENGINE) +endif +# force usage of CXX for linker +fuzz_filecfg_risk_domains_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ + $(fuzz_filecfg_risk_domains_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ + fuzz_readerutils_workflow_SOURCES = fuzz_readerutils_workflow.cpp fuzz_common_code.c ../example/reader_util.c fuzz_readerutils_workflow_CXXFLAGS = -I../example/ @NDPI_CFLAGS@ $(CXXFLAGS) -DDISABLE_CUSTOM_ALLOCATOR_ON_READERUTILS fuzz_readerutils_workflow_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DDISABLE_CUSTOM_ALLOCATOR_ON_READERUTILS @@ -656,6 +695,18 @@ files_corpus_fuzz_filecfg_categories := $(wildcard corpus/fuzz_filecfg_categori fuzz_filecfg_categories_seed_corpus.zip: $(files_corpus_fuzz_filecfg_categories) zip -j fuzz_filecfg_categories_seed_corpus.zip $(files_corpus_fuzz_filecfg_categories) +files_corpus_fuzz_filecfg_malicious_sha1 := $(wildcard corpus/fuzz_filecfg_malicious_sha1/*) +fuzz_filecfg_malicious_sha1_seed_corpus.zip: $(files_corpus_fuzz_filecfg_malicious_sha1) + zip -j fuzz_filecfg_malicious_sha1_seed_corpus.zip $(files_corpus_fuzz_filecfg_malicious_sha1) + +files_corpus_fuzz_filecfg_malicious_ja3 := $(wildcard corpus/fuzz_filecfg_malicious_ja3/*) +fuzz_filecfg_malicious_ja3_seed_corpus.zip: $(files_corpus_fuzz_filecfg_malicious_ja3) + zip -j fuzz_filecfg_malicious_ja3_seed_corpus.zip $(files_corpus_fuzz_filecfg_malicious_ja3) + +files_corpus_fuzz_filecfg_risk_domains := $(wildcard corpus/fuzz_filecfg_risk_domains/*) +fuzz_filecfg_risk_domains_seed_corpus.zip: $(files_corpus_fuzz_filecfg_risk_domains) + zip -j fuzz_filecfg_risk_domains_seed_corpus.zip $(files_corpus_fuzz_filecfg_risk_domains) + files_corpus_fuzz_readerutils_workflow := $(wildcard corpus/fuzz_readerutils_workflow/*) fuzz_readerutils_workflow_seed_corpus.zip: $(files_corpus_fuzz_readerutils_workflow) zip -j fuzz_readerutils_workflow_seed_corpus.zip $(files_corpus_fuzz_readerutils_workflow) @@ -672,7 +723,7 @@ files_corpus_fuzz_ds_domain_classify := $(wildcard corpus/fuzz_ds_domain_classi fuzz_ds_domain_classify_seed_corpus.zip: $(files_corpus_fuzz_ds_domain_classify) zip -j fuzz_ds_domain_classify_seed_corpus.zip $(files_corpus_fuzz_ds_domain_classify) -corpus: fuzz_ndpi_reader_seed_corpus.zip fuzz_ndpi_reader_alloc_fail_seed_corpus.zip fuzz_ndpi_reader_payload_analyzer_seed_corpus.zip fuzz_quic_get_crypto_data_seed_corpus.zip fuzz_config_seed_corpus.zip fuzz_ds_patricia_seed_corpus.zip fuzz_ds_ahocorasick_seed_corpus.zip fuzz_alg_ses_des_seed_corpus.zip fuzz_alg_hw_rsi_outliers_da_seed_corpus.zip fuzz_alg_bins_seed_corpus.zip fuzz_alg_hll_seed_corpus.zip fuzz_alg_jitter_seed_corpus.zip fuzz_ds_libcache_seed_corpus.zip fuzz_community_id_seed_corpus.zip fuzz_ds_tree_seed_corpus.zip fuzz_serialization_seed_corpus.zip fuzz_ds_ptree_seed_corpus.zip fuzz_alg_crc32_md5_seed_corpus.zip fuzz_alg_bytestream_seed_corpus.zip fuzz_libinjection_seed_corpus.zip fuzz_tls_certificate_seed_corpus.zip fuzz_filecfg_protocols_seed_corpus.zip fuzz_readerutils_workflow_seed_corpus.zip fuzz_readerutils_parseprotolist_seed_corpus.zip fuzz_ds_bitmap64_seed_corpus.zip fuzz_ds_domain_classify_seed_corpus.zip fuzz_filecfg_protocols_seed_corpus.zip fuzz_is_stun_udp_seed_corpus.zip fuzz_is_stun_tcp_seed_corpus.zip +corpus: fuzz_ndpi_reader_seed_corpus.zip fuzz_ndpi_reader_alloc_fail_seed_corpus.zip fuzz_ndpi_reader_payload_analyzer_seed_corpus.zip fuzz_quic_get_crypto_data_seed_corpus.zip fuzz_config_seed_corpus.zip fuzz_ds_patricia_seed_corpus.zip fuzz_ds_ahocorasick_seed_corpus.zip fuzz_alg_ses_des_seed_corpus.zip fuzz_alg_hw_rsi_outliers_da_seed_corpus.zip fuzz_alg_bins_seed_corpus.zip fuzz_alg_hll_seed_corpus.zip fuzz_alg_jitter_seed_corpus.zip fuzz_ds_libcache_seed_corpus.zip fuzz_community_id_seed_corpus.zip fuzz_ds_tree_seed_corpus.zip fuzz_serialization_seed_corpus.zip fuzz_ds_ptree_seed_corpus.zip fuzz_alg_crc32_md5_seed_corpus.zip fuzz_alg_bytestream_seed_corpus.zip fuzz_libinjection_seed_corpus.zip fuzz_tls_certificate_seed_corpus.zip fuzz_filecfg_protocols_seed_corpus.zip fuzz_readerutils_workflow_seed_corpus.zip fuzz_readerutils_parseprotolist_seed_corpus.zip fuzz_ds_bitmap64_seed_corpus.zip fuzz_ds_domain_classify_seed_corpus.zip fuzz_filecfg_protocols_seed_corpus.zip fuzz_is_stun_udp_seed_corpus.zip fuzz_is_stun_tcp_seed_corpus.zip fuzz_filecfg_malicious_sha1_seed_corpus.zip fuzz_filecfg_malicious_ja3_seed_corpus.zip fuzz_filecfg_risk_domains_seed_corpus.zip cp corpus/fuzz_*seed_corpus.zip . #Create dictionaries exactly as expected by oss-fuzz. @@ -702,6 +753,9 @@ distdir: -o -path './corpus/fuzz_quic_get_crypto_data/*' \ -o -path './corpus/fuzz_filecfg_protocols/*' \ -o -path './corpus/fuzz_filecfg_categories/*' \ + -o -path './corpus/fuzz_filecfg_malicious_sha1/*' \ + -o -path './corpus/fuzz_filecfg_malicious_ja3/*' \ + -o -path './corpus/fuzz_filecfg_risk_domains/*' \ -o -path './corpus/fuzz_readerutils_workflow/*' \ -o -path './corpus/fuzz_readerutils_parseprotolist/*' \ -o -path './corpus/fuzz_config/*' \ diff --git a/fuzz/corpus/fuzz_filecfg_malicious_ja3/1 b/fuzz/corpus/fuzz_filecfg_malicious_ja3/1 new file mode 100644 index 000000000..6cebd9e6e --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_malicious_ja3/1 @@ -0,0 +1,2 @@ +# ja3_md5,Firstseen,Lastseen,Listingreason +b386946a5a44d1ddcc843bc75336dfce,2017-07-14 18:08:15,2019-07-27 20:42:54,Dridex diff --git a/fuzz/corpus/fuzz_filecfg_malicious_ja3/2 b/fuzz/corpus/fuzz_filecfg_malicious_ja3/2 new file mode 100644 index 000000000..b169853f2 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_malicious_ja3/2 @@ -0,0 +1 @@ +8991a387e4cc841740f25d6f5139f92d8991a387e4cc841740f25d6f5139f92d,2017-07-14 19:02:03,2019-07-28 00:34:38,Adware diff --git a/fuzz/corpus/fuzz_filecfg_malicious_sha1/1 b/fuzz/corpus/fuzz_filecfg_malicious_sha1/1 new file mode 100644 index 000000000..8428dbab7 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_malicious_sha1/1 @@ -0,0 +1,2 @@ +#The first entry (and only the first one) is fake. It is used to trigger the risk in the tests +1970-01-01 00:00:00,0DDB34F875632C7E1EC09D75827F82D2336DFEB6, Fake diff --git a/fuzz/corpus/fuzz_filecfg_malicious_sha1/2 b/fuzz/corpus/fuzz_filecfg_malicious_sha1/2 new file mode 100644 index 000000000..f13b5ae50 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_malicious_sha1/2 @@ -0,0 +1 @@ +2022-07-02 07:02:11,3784422d67a6ae0c82d60eeaf3850960a9896cb22,AsyncRAT C&C diff --git a/fuzz/corpus/fuzz_filecfg_risk_domains/1 b/fuzz/corpus/fuzz_filecfg_risk_domains/1 new file mode 100644 index 000000000..8c0066e74 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_risk_domains/1 @@ -0,0 +1,2 @@ +# https://www.spamhaus.org/statistics/tlds/ +.fail diff --git a/fuzz/fuzz_filecfg_categories.c b/fuzz/fuzz_filecfg_categories.c index 8b39d714f..4a45021d8 100644 --- a/fuzz/fuzz_filecfg_categories.c +++ b/fuzz/fuzz_filecfg_categories.c @@ -1,4 +1,5 @@ #include "ndpi_api.h" +#include "ndpi_private.h" #include "fuzz_common_code.h" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { @@ -35,7 +36,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_debug_bitmask(ndpi_struct, debug_bitmask); fd = buffer_to_file(data, size); - ndpi_load_categories_file_fd(ndpi_struct, fd, NULL); + load_categories_file_fd(ndpi_struct, fd, NULL); if(fd) fclose(fd); diff --git a/fuzz/fuzz_filecfg_malicious_ja3.c b/fuzz/fuzz_filecfg_malicious_ja3.c new file mode 100644 index 000000000..69adeb0f0 --- /dev/null +++ b/fuzz/fuzz_filecfg_malicious_ja3.c @@ -0,0 +1,47 @@ +#include "ndpi_api.h" +#include "ndpi_private.h" +#include "fuzz_common_code.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + struct ndpi_detection_module_struct *ndpi_struct; + FILE *fd; + /* Try to be fast */ + ndpi_init_prefs prefs = ndpi_dont_load_tor_list | + ndpi_dont_load_azure_list | + ndpi_dont_load_whatsapp_list | + ndpi_dont_load_amazon_aws_list | + ndpi_dont_load_ethereum_list | + ndpi_dont_load_zoom_list | + ndpi_dont_load_cloudflare_list | + ndpi_dont_load_microsoft_list | + ndpi_dont_load_google_list | + ndpi_dont_load_google_cloud_list | + ndpi_dont_load_asn_lists | + ndpi_dont_init_risk_ptree | + ndpi_dont_load_cachefly_list | + ndpi_dont_load_protonvpn_list | + ndpi_dont_load_mullvad_list; + NDPI_PROTOCOL_BITMASK all; + NDPI_PROTOCOL_BITMASK debug_bitmask; + + /* To allow memory allocation failures */ + fuzz_set_alloc_callbacks_and_seed(size); + + ndpi_struct = ndpi_init_detection_module(prefs); + NDPI_BITMASK_SET_ALL(all); + ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); + + NDPI_BITMASK_SET_ALL(debug_bitmask); + ndpi_set_log_level(ndpi_struct, 4); + ndpi_set_debug_bitmask(ndpi_struct, debug_bitmask); + + fd = buffer_to_file(data, size); + load_malicious_ja3_file_fd(ndpi_struct, fd); + if(fd) + fclose(fd); + + /* We don't really need to call ndpi_finalize_initialization */ + + ndpi_exit_detection_module(ndpi_struct); + return 0; +} diff --git a/fuzz/fuzz_filecfg_malicious_sha1.c b/fuzz/fuzz_filecfg_malicious_sha1.c new file mode 100644 index 000000000..0d5ca3ae4 --- /dev/null +++ b/fuzz/fuzz_filecfg_malicious_sha1.c @@ -0,0 +1,47 @@ +#include "ndpi_api.h" +#include "ndpi_private.h" +#include "fuzz_common_code.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + struct ndpi_detection_module_struct *ndpi_struct; + FILE *fd; + /* Try to be fast */ + ndpi_init_prefs prefs = ndpi_dont_load_tor_list | + ndpi_dont_load_azure_list | + ndpi_dont_load_whatsapp_list | + ndpi_dont_load_amazon_aws_list | + ndpi_dont_load_ethereum_list | + ndpi_dont_load_zoom_list | + ndpi_dont_load_cloudflare_list | + ndpi_dont_load_microsoft_list | + ndpi_dont_load_google_list | + ndpi_dont_load_google_cloud_list | + ndpi_dont_load_asn_lists | + ndpi_dont_init_risk_ptree | + ndpi_dont_load_cachefly_list | + ndpi_dont_load_protonvpn_list | + ndpi_dont_load_mullvad_list; + NDPI_PROTOCOL_BITMASK all; + NDPI_PROTOCOL_BITMASK debug_bitmask; + + /* To allow memory allocation failures */ + fuzz_set_alloc_callbacks_and_seed(size); + + ndpi_struct = ndpi_init_detection_module(prefs); + NDPI_BITMASK_SET_ALL(all); + ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); + + NDPI_BITMASK_SET_ALL(debug_bitmask); + ndpi_set_log_level(ndpi_struct, 4); + ndpi_set_debug_bitmask(ndpi_struct, debug_bitmask); + + fd = buffer_to_file(data, size); + load_malicious_sha1_file_fd(ndpi_struct, fd); + if(fd) + fclose(fd); + + /* We don't really need to call ndpi_finalize_initialization */ + + ndpi_exit_detection_module(ndpi_struct); + return 0; +} diff --git a/fuzz/fuzz_filecfg_protocols.c b/fuzz/fuzz_filecfg_protocols.c index efc9cf0ec..e6f296f68 100644 --- a/fuzz/fuzz_filecfg_protocols.c +++ b/fuzz/fuzz_filecfg_protocols.c @@ -1,4 +1,5 @@ #include "ndpi_api.h" +#include "ndpi_private.h" #include "fuzz_common_code.h" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { @@ -35,7 +36,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_debug_bitmask(ndpi_struct, debug_bitmask); fd = buffer_to_file(data, size); - ndpi_load_protocols_file_fd(ndpi_struct, fd); + load_protocols_file_fd(ndpi_struct, fd); if(fd) fclose(fd); diff --git a/fuzz/fuzz_filecfg_risk_domains.c b/fuzz/fuzz_filecfg_risk_domains.c new file mode 100644 index 000000000..94b772bd1 --- /dev/null +++ b/fuzz/fuzz_filecfg_risk_domains.c @@ -0,0 +1,47 @@ +#include "ndpi_api.h" +#include "ndpi_private.h" +#include "fuzz_common_code.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + struct ndpi_detection_module_struct *ndpi_struct; + FILE *fd; + /* Try to be fast */ + ndpi_init_prefs prefs = ndpi_dont_load_tor_list | + ndpi_dont_load_azure_list | + ndpi_dont_load_whatsapp_list | + ndpi_dont_load_amazon_aws_list | + ndpi_dont_load_ethereum_list | + ndpi_dont_load_zoom_list | + ndpi_dont_load_cloudflare_list | + ndpi_dont_load_microsoft_list | + ndpi_dont_load_google_list | + ndpi_dont_load_google_cloud_list | + ndpi_dont_load_asn_lists | + ndpi_dont_init_risk_ptree | + ndpi_dont_load_cachefly_list | + ndpi_dont_load_protonvpn_list | + ndpi_dont_load_mullvad_list; + NDPI_PROTOCOL_BITMASK all; + NDPI_PROTOCOL_BITMASK debug_bitmask; + + /* To allow memory allocation failures */ + fuzz_set_alloc_callbacks_and_seed(size); + + ndpi_struct = ndpi_init_detection_module(prefs); + NDPI_BITMASK_SET_ALL(all); + ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); + + NDPI_BITMASK_SET_ALL(debug_bitmask); + ndpi_set_log_level(ndpi_struct, 4); + ndpi_set_debug_bitmask(ndpi_struct, debug_bitmask); + + fd = buffer_to_file(data, size); + load_risk_domain_file_fd(ndpi_struct, fd); + if(fd) + fclose(fd); + + /* We don't really need to call ndpi_finalize_initialization */ + + ndpi_exit_detection_module(ndpi_struct); + return 0; +} diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 64d183ef6..080f8d924 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -754,8 +754,6 @@ extern "C" { */ int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, const char* path); - int ndpi_load_protocols_file_fd(struct ndpi_detection_module_struct *ndpi_mod, - FILE *fd); /** * Add an IP-address based risk mask @@ -798,7 +796,6 @@ extern "C" { * -1 else */ int ndpi_load_categories_file(struct ndpi_detection_module_struct *ndpi_str, const char* path, void *user_data); - int ndpi_load_categories_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd, void *user_data); /** * Loads a file (separated by <cr>) of domain names associated with the specified category diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 6eafa598b..75e6d5a33 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4460,15 +4460,15 @@ int ndpi_load_categories_file(struct ndpi_detection_module_struct *ndpi_str, return -1; } - rc = ndpi_load_categories_file_fd(ndpi_str, fd, user_data); + rc = load_categories_file_fd(ndpi_str, fd, user_data); fclose(fd); return rc; } -int ndpi_load_categories_file_fd(struct ndpi_detection_module_struct *ndpi_str, - FILE *fd, void *user_data) { +int load_categories_file_fd(struct ndpi_detection_module_struct *ndpi_str, + FILE *fd, void *user_data) { char buffer[512], *line, *name, *category, *saveptr; int len, num = 0; @@ -4678,20 +4678,32 @@ static int ndpi_load_risky_domain(struct ndpi_detection_module_struct *ndpi_str, * - you can add a .<domain name> to avoid mismatches */ int ndpi_load_risk_domain_file(struct ndpi_detection_module_struct *ndpi_str, const char *path) { - char buffer[128], *line; + int rc; FILE *fd; - int len, num = 0; if(!ndpi_str || !path) return(-1); fd = fopen(path, "r"); - if(fd == NULL) { NDPI_LOG_ERR(ndpi_str, "Unable to open file %s [%s]\n", path, strerror(errno)); - return(-1); + return -1; } + rc = load_risk_domain_file_fd(ndpi_str, fd); + + fclose(fd); + + return rc; +} + +int load_risk_domain_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd) { + char buffer[128], *line; + int len, num = 0; + + if(!ndpi_str || !fd) + return(-1); + while(1) { line = fgets(buffer, sizeof(buffer), fd); @@ -4709,8 +4721,6 @@ int ndpi_load_risk_domain_file(struct ndpi_detection_module_struct *ndpi_str, co num++; } - fclose(fd); - if(ndpi_str->risky_domain_automa.ac_automa) ac_automata_finalize((AC_AUTOMATA_t *)ndpi_str->risky_domain_automa.ac_automa); @@ -4726,22 +4736,34 @@ int ndpi_load_risk_domain_file(struct ndpi_detection_module_struct *ndpi_str, co * */ int ndpi_load_malicious_ja3_file(struct ndpi_detection_module_struct *ndpi_str, const char *path) { - char buffer[128], *line; + int rc; FILE *fd; - int len, num = 0; if(!ndpi_str || !path) return(-1); - if(ndpi_str->malicious_ja3_hashmap == NULL && ndpi_hash_init(&ndpi_str->malicious_ja3_hashmap) != 0) - return(-1); fd = fopen(path, "r"); - if(fd == NULL) { NDPI_LOG_ERR(ndpi_str, "Unable to open file %s [%s]\n", path, strerror(errno)); - return(-1); + return -1; } + rc = load_malicious_ja3_file_fd(ndpi_str, fd); + + fclose(fd); + + return rc; +} + +int load_malicious_ja3_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd) { + char buffer[128], *line; + int len, num = 0; + + if(!ndpi_str || !fd) + return(-1); + if(ndpi_str->malicious_ja3_hashmap == NULL && ndpi_hash_init(&ndpi_str->malicious_ja3_hashmap) != 0) + return(-1); + while(1) { char *comma; @@ -4771,8 +4793,6 @@ int ndpi_load_malicious_ja3_file(struct ndpi_detection_module_struct *ndpi_str, num++; } - fclose(fd); - return(num); } @@ -4788,24 +4808,37 @@ int ndpi_load_malicious_ja3_file(struct ndpi_detection_module_struct *ndpi_str, */ int ndpi_load_malicious_sha1_file(struct ndpi_detection_module_struct *ndpi_str, const char *path) { - char buffer[128]; - char *first_comma, *second_comma; + int rc; FILE *fd; - size_t i, len; - int num = 0; if(!ndpi_str || !path) return(-1); - if(ndpi_str->malicious_sha1_hashmap == NULL && ndpi_hash_init(&ndpi_str->malicious_sha1_hashmap) != 0) - return(-1); fd = fopen(path, "r"); - if(fd == NULL) { NDPI_LOG_ERR(ndpi_str, "Unable to open file %s [%s]\n", path, strerror(errno)); return -1; } + rc = load_malicious_sha1_file_fd(ndpi_str, fd); + + fclose(fd); + + return rc; +} + +int load_malicious_sha1_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd) +{ + char buffer[128]; + char *first_comma, *second_comma; + size_t i, len; + int num = 0; + + if(!ndpi_str || !fd) + return(-1); + if(ndpi_str->malicious_sha1_hashmap == NULL && ndpi_hash_init(&ndpi_str->malicious_sha1_hashmap) != 0) + return(-1); + while (fgets(buffer, sizeof(buffer), fd) != NULL) { len = strlen(buffer); @@ -4836,8 +4869,6 @@ int ndpi_load_malicious_sha1_file(struct ndpi_detection_module_struct *ndpi_str, num++; } - fclose(fd); - return num; } @@ -4874,14 +4905,14 @@ int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_str, cons return -1; } - rc = ndpi_load_protocols_file_fd(ndpi_str, fd); + rc = load_protocols_file_fd(ndpi_str, fd); fclose(fd); return rc; } -int ndpi_load_protocols_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd) { +int load_protocols_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd) { char *buffer, *old_buffer; int chunk_len = 1024, buffer_len = chunk_len, old_buffer_len; int i; diff --git a/src/lib/ndpi_private.h b/src/lib/ndpi_private.h index 148b4b9eb..9829ef0c3 100644 --- a/src/lib/ndpi_private.h +++ b/src/lib/ndpi_private.h @@ -355,6 +355,12 @@ char* ndpi_intoav4(unsigned int addr, char* buf, u_int16_t bufLen); u_int16_t icmp4_checksum(u_int8_t const * const buf, size_t len); +int load_protocols_file_fd(struct ndpi_detection_module_struct *ndpi_mod, FILE *fd); +int load_categories_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd, void *user_data); +int load_malicious_sha1_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd); +int load_malicious_ja3_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd); +int load_risk_domain_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd); + /* TLS */ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, |