Fix broken fuzz_process_packet fuzzer by adding a call to ndpi_finalize_initialization(). (#1334)

 * fixed several memory errors (heap-overflow, unitialized memory, etc)
 * ability to build fuzz_process_packet with a main()
   allowing to replay crash data generated with fuzz_process_packet
   by LLVMs libfuzzer
 * temporarily disable fuzzing if `tests/do.sh`
   executed with env FUZZY_TESTING_ENABLED=1

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

1 files changed, 12 insertions, 6 deletions

diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c
index bb1b65929..92a1f57da 100644
--- a/src/lib/protocols/irc.c
+++ b/src/lib/protocols/irc.c
@@ -635,14 +635,20 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
 	      NDPI_LOG_DBG2(ndpi_struct, "xdcc should match.");
 	    }
 	    j += 2;
-	    if (memcmp(&packet->line[i].ptr[j], "DCC ", 4) == 0) {
+	    if (j + 4 < packet->line[i].len &&
+            memcmp(&packet->line[i].ptr[j], "DCC ", 4) == 0) {
 	      j += 4;
 	      NDPI_LOG_DBG2(ndpi_struct, "found DCC.");
-	      if (memcmp(&packet->line[i].ptr[j], "SEND ", 5) == 0
-		  || (memcmp(&packet->line[i].ptr[j], "CHAT", 4) == 0)
-		  || (memcmp(&packet->line[i].ptr[j], "chat", 4) == 0)
-		  || (j+7 < packet->line[i].len && memcmp(&packet->line[i].ptr[j], "sslchat", 7) == 0)
-		  || (memcmp(&packet->line[i].ptr[j], "TSEND", 5) == 0)) {
+		  if ((j + 5 < packet->line[i].len &&
+		       memcmp(&packet->line[i].ptr[j], "SEND ", 5) == 0) ||
+		      (j + 4 < packet->line[i].len &&
+		       memcmp(&packet->line[i].ptr[j], "CHAT", 4) == 0) ||
+		      (j + 4 < packet->line[i].len &&
+		       memcmp(&packet->line[i].ptr[j], "chat", 4) == 0) ||
+		      (j + 7 < packet->line[i].len &&
+		       memcmp(&packet->line[i].ptr[j], "sslchat", 7) == 0) ||
+		      (j + 5 < packet->line[i].len &&
+		       memcmp(&packet->line[i].ptr[j], "TSEND", 5) == 0)) {
 		NDPI_LOG_DBG2(ndpi_struct, "found CHAT,chat,sslchat,TSEND.");
 		j += 4;