diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-11-07 17:46:29 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-07 17:46:29 +0100 |
| commit | b539b0d0902bc0fda235d8bbf1bc7f64e9028465 (patch) | |
| tree | b4f3e0283cfd2ed757d5721ffb9c6d6862db8597 /fuzz | |
| parent | 58a9e2d9679f268a64b9082dae70498147bb58a8 (diff) | |
fuzz: improve coverage and remove dead code (#2135)
We are not able to remove custom rules: remove the empty stubs (which
originate from the original OpenDPI code).
`ndpi_guess_protocol_id()` is only called on the first packet of the
flow, so the bitmask `flow->excluded_protocol_bitmask` is always empty,
since we didn't call any dissectors yet.
Move another hash function to the dedicated source file.
Diffstat (limited to 'fuzz')
| -rw-r--r-- | fuzz/fuzz_alg_crc32_md5.c | 3 | ||||
| -rw-r--r-- | fuzz/fuzz_ds_hash.cpp | 2 | ||||
| -rw-r--r-- | fuzz/fuzz_gcrypt_cipher.cpp | 42 | ||||
| -rw-r--r-- | fuzz/fuzz_gcrypt_gcm.cpp | 10 |
4 files changed, 36 insertions, 21 deletions
diff --git a/fuzz/fuzz_alg_crc32_md5.c b/fuzz/fuzz_alg_crc32_md5.c index 1f45e476e..def56566c 100644 --- a/fuzz/fuzz_alg_crc32_md5.c +++ b/fuzz/fuzz_alg_crc32_md5.c @@ -15,6 +15,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_murmur_hash((const char *)data, size); ndpi_quick_hash(data, size); + if(size >= 16) + ndpi_quick_16_byte_hash(data); + str = ndpi_malloc(size + 1); if(str) { memcpy(str, data, size); diff --git a/fuzz/fuzz_ds_hash.cpp b/fuzz/fuzz_ds_hash.cpp index 5b26d684b..2b7463b49 100644 --- a/fuzz/fuzz_ds_hash.cpp +++ b/fuzz/fuzz_ds_hash.cpp @@ -57,6 +57,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_hash_find_entry(h, value_added.data(), value_added.size(), &value); } + if (fuzzed_data.ConsumeBool()) + ndpi_hash_free(NULL, cleanup_func); ndpi_hash_free(&h, cleanup_func); return 0; diff --git a/fuzz/fuzz_gcrypt_cipher.cpp b/fuzz/fuzz_gcrypt_cipher.cpp index 7eaffcdc2..270c583ea 100644 --- a/fuzz/fuzz_gcrypt_cipher.cpp +++ b/fuzz/fuzz_gcrypt_cipher.cpp @@ -67,28 +67,34 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { rc_e = mbedtls_cipher_setkey(ctx_e, key.data(), key.size() * 8, MBEDTLS_ENCRYPT); rc_d = mbedtls_cipher_setkey(ctx_d, key.data(), key.size() * 8, MBEDTLS_DECRYPT); if(rc_e == 0 && rc_d == 0) { - rc_e = mbedtls_cipher_set_iv(ctx_e, iv.data(), iv.size()); - rc_d = mbedtls_cipher_set_iv(ctx_d, iv.data(), iv.size()); - if(rc_e == 0 && rc_d == 0) { - mbedtls_cipher_reset(ctx_e); - mbedtls_cipher_reset(ctx_d); - - rc_e = mbedtls_cipher_update(ctx_e, input.data(), input.size(), output, &output_size); - if(rc_e == 0) { - rc_e = mbedtls_cipher_finish(ctx_e, NULL, &output_size2); + + if(fuzzed_data.ConsumeBool()) { + rc_e = mbedtls_cipher_crypt(ctx_e, iv.data(), iv.size(), + input.data(), input.size(), output, &output_size); + } else { + rc_e = mbedtls_cipher_set_iv(ctx_e, iv.data(), iv.size()); + rc_d = mbedtls_cipher_set_iv(ctx_d, iv.data(), iv.size()); + if(rc_e == 0 && rc_d == 0) { + mbedtls_cipher_reset(ctx_e); + mbedtls_cipher_reset(ctx_d); + + rc_e = mbedtls_cipher_update(ctx_e, input.data(), input.size(), output, &output_size); if(rc_e == 0) { + rc_e = mbedtls_cipher_finish(ctx_e, NULL, &output_size2); + if(rc_e == 0) { - rc_d = mbedtls_cipher_update(ctx_d, output, output_size, decrypted, &decrypted_size); - if(rc_d == 0) { - rc_d = mbedtls_cipher_finish(ctx_d, NULL, &output_size2); - /* TODO: decryption doesn't work with no-aesni data path! - Note that with MASAN, aesni is always disabled */ + rc_d = mbedtls_cipher_update(ctx_d, output, output_size, decrypted, &decrypted_size); + if(rc_d == 0) { + rc_d = mbedtls_cipher_finish(ctx_d, NULL, &output_size2); + /* TODO: decryption doesn't work with no-aesni data path! + Note that with MASAN, aesni is always disabled */ #if 0 - if(rc_d == 0) { - assert(input.size() == decrypted_size); - assert(memcmp(input.data(), decrypted, decrypted_size) == 0); - } + if(rc_d == 0) { + assert(input.size() == decrypted_size); + assert(memcmp(input.data(), decrypted, decrypted_size) == 0); + } #endif + } } } } diff --git a/fuzz/fuzz_gcrypt_gcm.cpp b/fuzz/fuzz_gcrypt_gcm.cpp index debead9b4..3e0b85cca 100644 --- a/fuzz/fuzz_gcrypt_gcm.cpp +++ b/fuzz/fuzz_gcrypt_gcm.cpp @@ -20,13 +20,14 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int key_len, rc_e, rc_d; mbedtls_cipher_id_t cipher; unsigned char *tag; - int iv_len, tag_len, input_length, force_auth_tag_error; + int iv_len, tag_len, ad_len, input_length, force_auth_tag_error; /* No real memory allocations involved */ if(fuzzed_data.remaining_bytes() < 1 + 4 + 512 / 8 + 1 + 64 + /* iv */ 1 + /* tag_len */ + 1 + 17 + /* ad */ 1 + 64 + /* input */ 1 + /* force_auth_tag_error */ 1 /* useless data: to be able to add the check with assert */) @@ -50,6 +51,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { tag_len = fuzzed_data.ConsumeIntegralInRange(0, 17); tag = (unsigned char *)malloc(tag_len); + ad_len = fuzzed_data.ConsumeIntegralInRange(0, 17); + std::vector<u_int8_t>ad = fuzzed_data.ConsumeBytes<uint8_t>(ad_len); + input_length = fuzzed_data.ConsumeIntegralInRange(16, 64); std::vector<unsigned char>input = fuzzed_data.ConsumeBytes<u_int8_t>(input_length); output = (unsigned char *)malloc(input_length); @@ -71,7 +75,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { rc_e = mbedtls_gcm_crypt_and_tag(gcm_e_ctx, MBEDTLS_GCM_ENCRYPT, input.size(), iv.data(), iv.size(), - NULL, 0, /* TODO */ + ad.data(), ad.size(), input.data(), output, tag_len, tag); @@ -85,7 +89,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { rc_d = mbedtls_gcm_auth_decrypt(gcm_d_ctx, input.size(), iv.data(), iv.size(), - NULL, 0, /* TODO */ + ad.data(), ad.size(), tag, tag_len, output, decrypted); |