fuzz: extend fuzzing coverage (#2052)

Added/merged some traces. Improved Socks identification
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2023-07-18 07:41:56 +0200
committer: GitHub <noreply@github.com> 2023-07-18 07:41:56 +0200
commit: 3edfad01a1bb22b33bd5bafa0ceeb13e27f03e67 (patch)
tree: 6236e68075678a76a402e37f0ff09e5e273faf13 /fuzz
parent: 09548bb7cf661f42cc496c412ccfd62a864f5029 (diff)
5 files changed, 56 insertions, 4 deletions
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am
index d1b51dcc7..53c7832d0 100644
--- a/fuzz/Makefile.am
+++ b/fuzz/Makefile.am
@@ -2,7 +2,7 @@ bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader fuzz_ndpi_reader_alloc_fail
 #Alghoritms
 bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_jitter fuzz_alg_ses_des fuzz_alg_crc32_md5 fuzz_alg_bytestream
 #Data structures
-bin_PROGRAMS += fuzz_ds_patricia fuzz_ds_ahocorasick fuzz_ds_libcache fuzz_ds_tree fuzz_ds_ptree fuzz_ds_hash
+bin_PROGRAMS += fuzz_ds_patricia fuzz_ds_ahocorasick fuzz_ds_libcache fuzz_ds_tree fuzz_ds_ptree fuzz_ds_hash fuzz_ds_cmsketch
 #Third party
 bin_PROGRAMS += fuzz_libinjection
 #Internal crypto
@@ -295,7 +295,7 @@ fuzz_ds_ptree_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(fuzz_ds_ptree_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
 fuzz_ds_hash_SOURCES = fuzz_ds_hash.cpp fuzz_common_code.c
-fuzz_ds_hash_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DENABLE_MEM_ALLOC_FAILURES
+fuzz_ds_hash_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_ds_hash_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_ds_hash_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
 fuzz_ds_hash_LDFLAGS = $(LIBS)
@@ -309,6 +309,21 @@ fuzz_ds_hash_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \
     $(fuzz_ds_hash_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
+fuzz_ds_cmsketch_SOURCES = fuzz_ds_cmsketch.cpp fuzz_common_code.c
+fuzz_ds_cmsketch_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_ds_cmsketch_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_ds_cmsketch_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
+fuzz_ds_cmsketch_LDFLAGS = $(LIBS)
+if HAS_FUZZLDFLAGS
+fuzz_ds_cmsketch_CXXFLAGS += $(LIB_FUZZING_ENGINE)
+fuzz_ds_cmsketch_CFLAGS += $(LIB_FUZZING_ENGINE)
+fuzz_ds_cmsketch_LDFLAGS += $(LIB_FUZZING_ENGINE)
+endif
+# force usage of CXX for linker
+fuzz_ds_cmsketch_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+    $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \
+    $(fuzz_ds_cmsketch_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
+
 fuzz_libinjection_SOURCES = fuzz_libinjection.c
 fuzz_libinjection_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_libinjection_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
diff --git a/fuzz/dictionary.dict b/fuzz/dictionary.dict
index f6c9b420b..b74b3d13b 100644
--- a/fuzz/dictionary.dict
+++ b/fuzz/dictionary.dict
@@ -7,7 +7,7 @@
 #FTP_DATA
 
 "RIFF"
-"MZ"
+"MZ\x00"
 "OggS"
 "PK\x03\x04"
 "\x00\x00\x01\xBA"
diff --git a/fuzz/fuzz_dga.c b/fuzz/fuzz_dga.c
index d047f531a..3b09550ff 100644
--- a/fuzz/fuzz_dga.c
+++ b/fuzz/fuzz_dga.c
@@ -22,6 +22,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 
   if (data[0] % 2 == 0)
     ndpi_dga_function = ndpi_custom_dga_fn;
+  else
+    ndpi_dga_function = NULL;
 
   name = ndpi_malloc(size + 1);
   if (name) {
diff --git a/fuzz/fuzz_ds_cmsketch.cpp b/fuzz/fuzz_ds_cmsketch.cpp
new file mode 100644
index 000000000..1181b1593
--- /dev/null
+++ b/fuzz/fuzz_ds_cmsketch.cpp
@@ -0,0 +1,35 @@
+#include "ndpi_api.h"
+#include "fuzz_common_code.h"
+
+#include <stdint.h>
+#include "fuzzer/FuzzedDataProvider.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  FuzzedDataProvider fuzzed_data(data, size);
+  struct ndpi_cm_sketch *sketch;
+  u_int16_t i, num_hashes, num_iteration, num_lookup;
+
+  /* Just to have some data */
+  if (fuzzed_data.remaining_bytes() < 1024)
+    return -1;
+
+  /* To allow memory allocation failures */
+  fuzz_set_alloc_callbacks_and_seed(size);
+
+  num_hashes = fuzzed_data.ConsumeIntegralInRange(0, 8192);
+  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
+  num_lookup = fuzzed_data.ConsumeIntegral<u_int8_t>();
+
+  sketch = ndpi_cm_sketch_init(num_hashes);
+  if (sketch) {
+    for (i = 0; i < num_iteration; i++) { 
+      ndpi_cm_sketch_add(sketch, fuzzed_data.ConsumeIntegral<u_int32_t>());
+    }
+    for (i = 0; i < num_lookup; i++) { 
+      ndpi_cm_sketch_count(sketch, fuzzed_data.ConsumeIntegral<u_int32_t>());
+    }
+    ndpi_cm_sketch_destroy(sketch);
+  }
+
+  return 0;
+}
diff --git a/fuzz/fuzz_serialization.cpp b/fuzz/fuzz_serialization.cpp
index e5d02d4d7..d097c683c 100644
--- a/fuzz/fuzz_serialization.cpp
+++ b/fuzz/fuzz_serialization.cpp
@@ -19,7 +19,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
   /* To allow memory allocation failures */
   fuzz_set_alloc_callbacks_and_seed(size);
 
-  fmt = static_cast<ndpi_serialization_format>(fuzzed_data.ConsumeIntegralInRange(1, 3));
+  fmt = static_cast<ndpi_serialization_format>(fuzzed_data.ConsumeIntegralInRange(1, 4));
 
   if (fuzzed_data.ConsumeBool())
     rc = ndpi_init_serializer(&serializer, fmt);
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2023-07-18 07:41:56 +0200
committer	GitHub <noreply@github.com>	2023-07-18 07:41:56 +0200
commit	3edfad01a1bb22b33bd5bafa0ceeb13e27f03e67 (patch)
tree	6236e68075678a76a402e37f0ff09e5e273faf13 /fuzz
parent	09548bb7cf661f42cc496c412ccfd62a864f5029 (diff)