diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-02-09 20:02:12 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-02-09 20:02:12 +0100 |
| commit | b51a2ac72a3cbd1b470890d0151a46da28e6754e (patch) | |
| tree | 694a86ec7690962b21fb2c1bcf12df9f842d5957 /fuzz/fuzz_alg_jitter.cpp | |
| parent | 4bb851384efb2a321def0bdb5e93786fac1cc02b (diff) | |
fuzz: some improvements and add two new fuzzers (#1881)
Remove `FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION` define from
`fuzz/Makefile.am`; it is already included by the main configure script
(when fuzzing).
Add a knob to force disabling of AESNI optimizations: this way we can
fuzz also no-aesni crypto code.
Move CRC32 algorithm into the library.
Add some fake traces to extend fuzzing coverage. Note that these traces
are hand-made (via scapy/curl) and must not be used as "proof" that the
dissectors are really able to identify this kind of traffic.
Some small updates to some dissectors:
CSGO: remove a wrong rule (never triggered, BTW). Any UDP packet starting
with "VS01" will be classified as STEAM (see steam.c around line 111).
Googling it, it seems right so.
XBOX: XBOX only analyses UDP flows while HTTP only TCP ones; therefore
that condition is false.
RTP, STUN: removed useless "break"s
Zattoo: `flow->zattoo_stage` is never set to any values greater or equal
to 5, so these checks are never true.
PPStream: `flow->l4.udp.ppstream_stage` is never read. Delete it.
TeamSpeak: we check for `flow->packet_counter == 3` just above, so the
following check `flow->packet_counter >= 3` is always false.
Diffstat (limited to 'fuzz/fuzz_alg_jitter.cpp')
| -rw-r--r-- | fuzz/fuzz_alg_jitter.cpp | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/fuzz/fuzz_alg_jitter.cpp b/fuzz/fuzz_alg_jitter.cpp index 275b32290..aa1b92e4f 100644 --- a/fuzz/fuzz_alg_jitter.cpp +++ b/fuzz/fuzz_alg_jitter.cpp @@ -8,7 +8,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FuzzedDataProvider fuzzed_data(data, size); u_int16_t i, num_iteration, num_learning_values; - struct ndpi_jitter_struct s; + struct ndpi_jitter_struct *s; int rc; /* Just to have some data */ @@ -18,16 +18,19 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* To allow memory allocation failures */ fuzz_set_alloc_callbacks_and_seed(size); + s = (struct ndpi_jitter_struct *)ndpi_malloc(sizeof(*s)); + num_learning_values = fuzzed_data.ConsumeIntegral<u_int16_t>(); - rc = ndpi_jitter_init(&s, num_learning_values); + rc = ndpi_jitter_init(s, num_learning_values); if (rc == 0) { num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>(); for (i = 0; i < num_iteration; i++) - ndpi_jitter_add_value(&s, fuzzed_data.ConsumeFloatingPoint<float>()); + ndpi_jitter_add_value(s, fuzzed_data.ConsumeFloatingPoint<float>()); - ndpi_jitter_free(&s); + ndpi_jitter_free(s); } + ndpi_free(s); return 0; } |