diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-10-11 02:24:09 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2021-10-18 22:53:30 +0200 |
| commit | 77247ba07b0052e175dd60ae1db22e65007691eb (patch) | |
| tree | f06fde161f64c97a9c8463ba14144f12fd88eaeb /src/lib/protocols/irc.c | |
| parent | b97dc6baa497b5c2d64e342108237ced6bf34b2c (diff) | |
Fix broken fuzz_process_packet fuzzer by adding a call to ndpi_finalize_initialization().fix/memory-errors-and-packet-fuzzer
* fixed several memory errors (heap-overflow, unitialized memory, etc)
* ability to build fuzz_process_packet with a main()
allowing to replay crash data generated with fuzz_process_packet
by LLVMs libfuzzer
* temporarily disable fuzzing if `tests/do.sh`
executed with env FUZZY_TESTING_ENABLED=1
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src/lib/protocols/irc.c')
| -rw-r--r-- | src/lib/protocols/irc.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c index bb1b65929..92a1f57da 100644 --- a/src/lib/protocols/irc.c +++ b/src/lib/protocols/irc.c @@ -635,14 +635,20 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG_DBG2(ndpi_struct, "xdcc should match."); } j += 2; - if (memcmp(&packet->line[i].ptr[j], "DCC ", 4) == 0) { + if (j + 4 < packet->line[i].len && + memcmp(&packet->line[i].ptr[j], "DCC ", 4) == 0) { j += 4; NDPI_LOG_DBG2(ndpi_struct, "found DCC."); - if (memcmp(&packet->line[i].ptr[j], "SEND ", 5) == 0 - || (memcmp(&packet->line[i].ptr[j], "CHAT", 4) == 0) - || (memcmp(&packet->line[i].ptr[j], "chat", 4) == 0) - || (j+7 < packet->line[i].len && memcmp(&packet->line[i].ptr[j], "sslchat", 7) == 0) - || (memcmp(&packet->line[i].ptr[j], "TSEND", 5) == 0)) { + if ((j + 5 < packet->line[i].len && + memcmp(&packet->line[i].ptr[j], "SEND ", 5) == 0) || + (j + 4 < packet->line[i].len && + memcmp(&packet->line[i].ptr[j], "CHAT", 4) == 0) || + (j + 4 < packet->line[i].len && + memcmp(&packet->line[i].ptr[j], "chat", 4) == 0) || + (j + 7 < packet->line[i].len && + memcmp(&packet->line[i].ptr[j], "sslchat", 7) == 0) || + (j + 5 < packet->line[i].len && + memcmp(&packet->line[i].ptr[j], "TSEND", 5) == 0)) { NDPI_LOG_DBG2(ndpi_struct, "found CHAT,chat,sslchat,TSEND."); j += 4; |