Fix broken fuzz_process_packet fuzzer by adding a call to ndpi_finalize_initialization().fix/memory-errors-and-packet-fuzzer

 * fixed several memory errors (heap-overflow, unitialized memory, etc)
 * ability to build fuzz_process_packet with a main()
   allowing to replay crash data generated with fuzz_process_packet
   by LLVMs libfuzzer
 * temporarily disable fuzzing if `tests/do.sh`
   executed with env FUZZY_TESTING_ENABLED=1

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

1 files changed, 5 insertions, 2 deletions

diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c
index f49c7f31a..f78706195 100644
--- a/src/lib/protocols/bittorrent.c
+++ b/src/lib/protocols/bittorrent.c
@@ -477,8 +477,11 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st
 	       || (bt_proto = ndpi_strnstr((const char *)packet->payload, "BitTorrent protocol", packet->payload_packet_len))
 	       ) {
 	    bittorrent_found:
-	      if(bt_proto && (packet->payload_packet_len > 47))
-		memcpy(flow->protos.bittorrent.hash, &bt_proto[27], 20);
+	      if(bt_proto != NULL && ((u_int8_t *)&bt_proto[27] - packet->payload +
+	         sizeof(flow->protos.bittorrent.hash)) < packet->payload_packet_len)
+	      {
+	        memcpy(flow->protos.bittorrent.hash, &bt_proto[27], sizeof(flow->protos.bittorrent.hash));
+	      }
 
 	      NDPI_LOG_INFO(ndpi_struct, "found BT: plain\n");
 	      ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 0,