diff options
| author | Nardi Ivan <nardi.ivan@gmail.com> | 2023-09-15 20:30:30 +0200 |
|---|---|---|
| committer | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-09-16 11:26:11 +0200 |
| commit | 70814002a98ec52deda2ff61ac03613916c3efeb (patch) | |
| tree | 05464457bdc5d5a3ab43befdefff7894ba2cd8ed /fuzz | |
| parent | 0828dff3acae6e06e6ac1d284ecb2c19ad83d27d (diff) | |
fuzz: extend fuzzing coverage
Diffstat (limited to 'fuzz')
| -rw-r--r-- | fuzz/Makefile.am | 18 | ||||
| -rw-r--r-- | fuzz/fuzz_binaryfusefilter.cpp | 63 | ||||
| -rw-r--r-- | fuzz/fuzz_ds_domain_classify.cpp | 5 | ||||
| -rw-r--r-- | fuzz/random_list.list | 6 |
4 files changed, 91 insertions, 1 deletions
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index 9764f58ac..3903c85cd 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -4,7 +4,7 @@ bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_ #Data structures bin_PROGRAMS += fuzz_ds_patricia fuzz_ds_ahocorasick fuzz_ds_libcache fuzz_ds_tree fuzz_ds_ptree fuzz_ds_hash fuzz_ds_cmsketch fuzz_ds_bitmap64 fuzz_ds_domain_classify #Third party -bin_PROGRAMS += fuzz_libinjection +bin_PROGRAMS += fuzz_libinjection fuzz_binaryfusefilter #Internal crypto bin_PROGRAMS += fuzz_gcrypt_light #Configuration files @@ -371,6 +371,21 @@ fuzz_libinjection_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ $(fuzz_libinjection_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ +fuzz_binaryfusefilter_SOURCES = fuzz_binaryfusefilter.cpp fuzz_common_code.c +fuzz_binaryfusefilter_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) +fuzz_binaryfusefilter_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) +fuzz_binaryfusefilter_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) +fuzz_binaryfusefilter_LDFLAGS = $(LIBS) +if HAS_FUZZLDFLAGS +fuzz_binaryfusefilter_CXXFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_binaryfusefilter_CFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_binaryfusefilter_LDFLAGS += $(LIB_FUZZING_ENGINE) +endif +# force usage of CXX for linker +fuzz_binaryfusefilter_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ + $(fuzz_binaryfusefilter_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ + fuzz_tls_certificate_SOURCES = fuzz_tls_certificate.c fuzz_common_code.c fuzz_tls_certificate_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) fuzz_tls_certificate_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) @@ -584,6 +599,7 @@ distdir: -o -name 'ipv4_addresses.txt' \ -o -name 'bd_param.txt' \ -o -name 'splt_param.txt' \ + -o -name 'random_list.list' \ -o -path './dictionary.dict' \ -o -path './dictionary_tls_certificate.dict' \ -o -path './corpus/fuzz_*.zip' \ diff --git a/fuzz/fuzz_binaryfusefilter.cpp b/fuzz/fuzz_binaryfusefilter.cpp new file mode 100644 index 000000000..e891127c1 --- /dev/null +++ b/fuzz/fuzz_binaryfusefilter.cpp @@ -0,0 +1,63 @@ +#include "fuzz_common_code.h" +#include "../src/lib/third_party/include/binaryfusefilter.h" +#include "fuzzer/FuzzedDataProvider.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + FuzzedDataProvider fuzzed_data(data, size); + u_int16_t i, num_iteration; + bool rc; + u_int64_t *values, value; + binary_fuse8_t filter8; + binary_fuse16_t filter16; + + /* To allow memory allocation failures */ + fuzz_set_alloc_callbacks_and_seed(size); + + size = fuzzed_data.ConsumeIntegral<u_int16_t>(); + values = (u_int64_t *)ndpi_calloc(size, sizeof(u_int64_t)); + if (!values) + return 0; + for (i = 0; i < size; i++) { + values[i] = fuzzed_data.ConsumeIntegral<u_int64_t>(); + } + + rc = binary_fuse8_allocate(size, &filter8); + if (rc) { + rc = binary_fuse8_populate(values, size, &filter8); + + if (rc) { + /* "Random" search */ + num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>(); + for (i = 0; i < num_iteration; i++) { + value = fuzzed_data.ConsumeIntegral<u_int64_t>(); + binary_fuse8_contain(value, &filter8); + } + /* Search of an added entry */ + if (size > 0) + binary_fuse8_contain(values[0], &filter8); + } + binary_fuse8_free(&filter8); + } + + rc = binary_fuse16_allocate(size, &filter16); + if (rc) { + rc = binary_fuse16_populate(values, size, &filter16); + + if (rc) { + /* "Random" search */ + num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>(); + for (i = 0; i < num_iteration; i++) { + value = fuzzed_data.ConsumeIntegral<u_int64_t>(); + binary_fuse16_contain(value, &filter16); + } + /* Search of an added entry */ + if (size > 0) + binary_fuse16_contain(values[0], &filter16); + } + binary_fuse16_free(&filter16); + } + + ndpi_free(values); + + return 0; +} diff --git a/fuzz/fuzz_ds_domain_classify.cpp b/fuzz/fuzz_ds_domain_classify.cpp index afd43a796..9a945deff 100644 --- a/fuzz/fuzz_ds_domain_classify.cpp +++ b/fuzz/fuzz_ds_domain_classify.cpp @@ -33,6 +33,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { } } + ndpi_domain_classify_add_domains(d, NDPI_PROTOCOL_UNKNOWN, "random_list.list"); + + if (fuzzed_data.ConsumeBool()) + ndpi_domain_classify_finalize(d); + /* "Random" search */ num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>(); for (i = 0; i < num_iteration; i++) { diff --git a/fuzz/random_list.list b/fuzz/random_list.list new file mode 100644 index 000000000..af4f1c0a5 --- /dev/null +++ b/fuzz/random_list.list @@ -0,0 +1,6 @@ +# +# Custom random list +# +aa1084bets10.com + +q |