diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-11-01 18:17:22 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-01 18:17:22 +0100 |
| commit | b63f74a0806ed9d6b80e81e0232ce94a095f1951 (patch) | |
| tree | 3321ff59ba91f294100595a794e145d7fb06a463 | |
| parent | 137d87fd873197f0fe43f627a90203e1696fdb2c (diff) | |
fuzz: improve coverage (#2612)
Add fuzzer to test `ndpi_quick_encrypt()` and `ndpi_quick_decrypt()`
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | fuzz/Makefile.am | 17 | ||||
| -rw-r--r-- | fuzz/fuzz_alg_quick_encryption.cpp | 30 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 7 |
4 files changed, 52 insertions, 3 deletions
diff --git a/.gitignore b/.gitignore index 63f6dc7c9..baa2a26dc 100644 --- a/.gitignore +++ b/.gitignore @@ -68,6 +68,7 @@ /fuzz/fuzz_alg_shoco /fuzz/fuzz_alg_memmem /fuzz/fuzz_alg_strnstr +/fuzz/fuzz_alg_quick_encryption /fuzz/fuzz_config /fuzz/fuzz_community_id /fuzz/fuzz_serialization diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index 198091c88..c22102892 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -1,6 +1,6 @@ bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader fuzz_ndpi_reader_alloc_fail fuzz_ndpi_reader_payload_analyzer fuzz_quic_get_crypto_data fuzz_config fuzz_community_id fuzz_serialization fuzz_tls_certificate fuzz_dga fuzz_is_stun_udp fuzz_is_stun_tcp #Alghoritms -bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_jitter fuzz_alg_ses_des fuzz_alg_crc32_md5 fuzz_alg_bytestream fuzz_alg_shoco fuzz_alg_memmem fuzz_alg_strnstr +bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_jitter fuzz_alg_ses_des fuzz_alg_crc32_md5 fuzz_alg_bytestream fuzz_alg_shoco fuzz_alg_memmem fuzz_alg_strnstr fuzz_alg_quick_encryption #Data structures bin_PROGRAMS += fuzz_ds_patricia fuzz_ds_ahocorasick fuzz_ds_libcache fuzz_ds_tree fuzz_ds_ptree fuzz_ds_hash fuzz_ds_cmsketch fuzz_ds_bitmap64_fuse fuzz_ds_domain_classify #Third party @@ -249,6 +249,21 @@ fuzz_alg_strnstr_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ $(fuzz_alg_strnstr_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ +fuzz_alg_quick_encryption_SOURCES = fuzz_alg_quick_encryption.cpp fuzz_common_code.c +fuzz_alg_quick_encryption_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) +fuzz_alg_quick_encryption_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) +fuzz_alg_quick_encryption_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) +fuzz_alg_quick_encryption_LDFLAGS = $(LIBS) +if HAS_FUZZLDFLAGS +fuzz_alg_quick_encryption_CXXFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_alg_quick_encryption_CFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_alg_quick_encryption_LDFLAGS += $(LIB_FUZZING_ENGINE) +endif +# force usage of CXX for linker +fuzz_alg_quick_encryption_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ + $(fuzz_alg_quick_encryption_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ + fuzz_alg_ses_des_SOURCES = fuzz_alg_ses_des.cpp fuzz_common_code.c fuzz_alg_ses_des_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) fuzz_alg_ses_des_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) diff --git a/fuzz/fuzz_alg_quick_encryption.cpp b/fuzz/fuzz_alg_quick_encryption.cpp new file mode 100644 index 000000000..6bf65bdd7 --- /dev/null +++ b/fuzz/fuzz_alg_quick_encryption.cpp @@ -0,0 +1,30 @@ +#include "ndpi_api.h" +#include "fuzz_common_code.h" + +#include <stdlib.h> +#include <stdint.h> +#include "fuzzer/FuzzedDataProvider.h" + + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + FuzzedDataProvider fuzzed_data(data, size); + char *enc_buffer, *dec_buffer; + u_int16_t encrypted_msg_len, decrypted_msg_len; + + if(fuzzed_data.remaining_bytes() <= 64) /* Some data */ + return -1; + + /* To allow memory allocation failures */ + fuzz_set_alloc_callbacks_and_seed(size); + + std::vector<unsigned char>key = fuzzed_data.ConsumeBytes<u_int8_t>(64); + std::vector<char>cleartext_msg = fuzzed_data.ConsumeRemainingBytes<char>(); + + enc_buffer = ndpi_quick_encrypt(cleartext_msg.data(), cleartext_msg.size(), &encrypted_msg_len, key.data()); + if(enc_buffer) { + dec_buffer = ndpi_quick_decrypt(enc_buffer, encrypted_msg_len, &decrypted_msg_len, key.data()); + ndpi_free(enc_buffer); + ndpi_free(dec_buffer); + } + return 0; +} diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index a51f6c059..6aefc20e2 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -3810,7 +3810,8 @@ char* ndpi_quick_encrypt(const char *cleartext_msg, encoded = ndpi_base64_encode((const unsigned char *)encoded_buf, encoded_len); ndpi_free(encoded_buf); - *encrypted_msg_len = strlen(encoded); + if(encoded) + *encrypted_msg_len = strlen(encoded); return(encoded); } @@ -3842,13 +3843,15 @@ char* ndpi_quick_decrypt(const char *encrypted_msg, if((content == NULL) || (content_len == 0)) { /* Base64 decoding error */ + ndpi_free(decoded_string); ndpi_free(content); return(NULL); } if(allocated_decoded_string < (content_len+1)) { /* Buffer size failure */ - free(content); + ndpi_free(decoded_string); + ndpi_free(content); return(NULL); } |