diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-04-04 14:39:29 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-04 14:39:29 +0200 |
| commit | 25c111191189f64c4077f9d0609b0fdbdc12c4ad (patch) | |
| tree | 61f9def5c87b76e0bc2b74e037720726deb0a24e /fuzz | |
| parent | f1193d5e6f7680e6b8195eea33d740987619ac9c (diff) | |
fuzz: add a new fuzzer triggering the payload analyzer function(s) (#1926)
Diffstat (limited to 'fuzz')
| -rw-r--r-- | fuzz/Makefile.am | 21 | ||||
| -rw-r--r-- | fuzz/fuzz_ndpi_reader.c | 11 |
2 files changed, 29 insertions, 3 deletions
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index b283e6095..2723b1d9c 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -1,4 +1,4 @@ -bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader fuzz_ndpi_reader_alloc_fail fuzz_quic_get_crypto_data fuzz_config fuzz_community_id fuzz_serialization fuzz_tls_certificate +bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader fuzz_ndpi_reader_alloc_fail fuzz_ndpi_reader_payload_analyzer fuzz_quic_get_crypto_data fuzz_config fuzz_community_id fuzz_serialization fuzz_tls_certificate #Alghoritms bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_jitter fuzz_alg_ses_des fuzz_alg_crc32_md5 fuzz_alg_bytestream #Data structures @@ -47,6 +47,19 @@ fuzz_ndpi_reader_alloc_fail_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAG $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ $(fuzz_ndpi_reader_alloc_fail_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ +fuzz_ndpi_reader_payload_analyzer_SOURCES = fuzz_ndpi_reader.c ../example/reader_util.c +fuzz_ndpi_reader_payload_analyzer_CFLAGS = -I../example/ @NDPI_CFLAGS@ $(CXXFLAGS) -DENABLE_PAYLOAD_ANALYZER +fuzz_ndpi_reader_payload_analyzer_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) +fuzz_ndpi_reader_payload_analyzer_LDFLAGS = $(PCAP_LIB) $(LIBS) +if HAS_FUZZLDFLAGS +fuzz_ndpi_reader_payload_analyzer_CFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_ndpi_reader_payload_analyzer_LDFLAGS += $(LIB_FUZZING_ENGINE) +endif +# force usage of CXX for linker +fuzz_ndpi_reader_payload_analyzer_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ + $(fuzz_ndpi_reader_payload_analyzer_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ + fuzz_quic_get_crypto_data_SOURCES = fuzz_quic_get_crypto_data.c fuzz_common_code.c fuzz_quic_get_crypto_data_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) fuzz_quic_get_crypto_data_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) @@ -332,6 +345,9 @@ fuzz_ndpi_reader_seed_corpus.zip: $(testpcaps) fuzz_ndpi_reader_alloc_fail_seed_corpus.zip: $(testpcaps) zip -j fuzz_ndpi_reader_alloc_fail_seed_corpus.zip $(testpcaps) +fuzz_ndpi_reader_payload_analyzer_seed_corpus.zip: $(testpcaps) + zip -j fuzz_ndpi_reader_payload_analyzer_seed_corpus.zip $(testpcaps) + files_corpus_fuzz_quic_get_crypto_data := $(wildcard corpus/fuzz_quic_get_crypto_data/*) fuzz_quic_get_crypto_data_seed_corpus.zip: $(files_corpus_fuzz_quic_get_crypto_data) @@ -422,7 +438,7 @@ files_corpus_fuzz_tls_certificate := $(wildcard corpus/fuzz_tls_certificate/*) fuzz_tls_certificate_seed_corpus.zip: $(files_corpus_fuzz_tls_certificate) zip -j fuzz_tls_certificate_seed_corpus.zip $(files_corpus_fuzz_tls_certificate) -corpus: fuzz_ndpi_reader_seed_corpus.zip fuzz_ndpi_reader_alloc_fail_seed_corpus.zip fuzz_quic_get_crypto_data_seed_corpus.zip fuzz_config_seed_corpus.zip fuzz_ds_patricia_seed_corpus.zip fuzz_ds_ahocorasick_seed_corpus.zip fuzz_alg_ses_des_seed_corpus.zip fuzz_alg_hw_rsi_outliers_da_seed_corpus.zip fuzz_alg_bins_seed_corpus.zip fuzz_alg_hll_seed_corpus.zip fuzz_alg_jitter_seed_corpus.zip fuzz_ds_libcache_seed_corpus.zip fuzz_community_id_seed_corpus.zip fuzz_ds_tree_seed_corpus.zip fuzz_serialization_seed_corpus.zip fuzz_ds_ptree_seed_corpus.zip fuzz_alg_crc32_md5_seed_corpus.zip fuzz_alg_bytestream_seed_corpus.zip fuzz_libinjection_seed_corpus.zip fuzz_tls_certificate_seed_corpus.zip +corpus: fuzz_ndpi_reader_seed_corpus.zip fuzz_ndpi_reader_alloc_fail_seed_corpus.zip fuzz_ndpi_reader_payload_analyzer_seed_corpus.zip fuzz_quic_get_crypto_data_seed_corpus.zip fuzz_config_seed_corpus.zip fuzz_ds_patricia_seed_corpus.zip fuzz_ds_ahocorasick_seed_corpus.zip fuzz_alg_ses_des_seed_corpus.zip fuzz_alg_hw_rsi_outliers_da_seed_corpus.zip fuzz_alg_bins_seed_corpus.zip fuzz_alg_hll_seed_corpus.zip fuzz_alg_jitter_seed_corpus.zip fuzz_ds_libcache_seed_corpus.zip fuzz_community_id_seed_corpus.zip fuzz_ds_tree_seed_corpus.zip fuzz_serialization_seed_corpus.zip fuzz_ds_ptree_seed_corpus.zip fuzz_alg_crc32_md5_seed_corpus.zip fuzz_alg_bytestream_seed_corpus.zip fuzz_libinjection_seed_corpus.zip fuzz_tls_certificate_seed_corpus.zip #Create dictionaries exactly as expected by oss-fuzz. #This way, if we need to change/update/add something, @@ -430,6 +446,7 @@ corpus: fuzz_ndpi_reader_seed_corpus.zip fuzz_ndpi_reader_alloc_fail_seed_corpus dictionaries: cp dictionary.dict fuzz_ndpi_reader.dict cp dictionary.dict fuzz_ndpi_reader_alloc_fail.dict + cp dictionary.dict fuzz_ndpi_reader_payload_analyzer.dict cp dictionary.dict fuzz_process_packet.dict cp dictionary_tls_certificate.dict fuzz_tls_certificate.dict diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c index 5f08220bc..252503d63 100644 --- a/fuzz/fuzz_ndpi_reader.c +++ b/fuzz/fuzz_ndpi_reader.c @@ -19,11 +19,13 @@ u_int8_t enable_flow_stats = 1; u_int8_t human_readeable_string_len = 5; u_int8_t max_num_udp_dissected_pkts = 16 /* 8 is enough for most protocols, Signal requires more */, max_num_tcp_dissected_pkts = 80 /* due to telnet */; ndpi_init_prefs init_prefs = ndpi_track_flow_payload | ndpi_enable_ja3_plus; -int enable_malloc_bins = 0; +int enable_malloc_bins = 1; int malloc_size_stats = 0; int max_malloc_bins = 0; struct ndpi_bin malloc_bins; /* unused */ +extern void ndpi_report_payload_stats(int print); + #ifdef CRYPT_FORCE_NO_AESNI extern int force_no_aesni; #endif @@ -91,6 +93,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { #ifdef CRYPT_FORCE_NO_AESNI force_no_aesni = 1; #endif + +#ifdef ENABLE_PAYLOAD_ANALYZER + enable_payload_analyzer = 1; +#endif } #ifdef ENABLE_MEM_ALLOC_FAILURES @@ -144,6 +150,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { for(i = 0; i < workflow->prefs.num_roots; i++) ndpi_tdestroy(workflow->ndpi_flows_root[i], ndpi_flow_info_freer); ndpi_free(workflow->ndpi_flows_root); + /* Free payload analyzer data, without printing */ + if(enable_payload_analyzer) + ndpi_report_payload_stats(0); return 0; } |