fuzz: some improvements and add two new fuzzers (#1881)

Remove `FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION` define from `fuzz/Makefile.am`; it is already included by the main configure script (when fuzzing). Add a knob to force disabling of AESNI optimizations: this way we can fuzz also no-aesni crypto code. Move CRC32 algorithm into the library. Add some fake traces to extend fuzzing coverage. Note that these traces are hand-made (via scapy/curl) and must not be used as "proof" that the dissectors are really able to identify this kind of traffic. Some small updates to some dissectors: CSGO: remove a wrong rule (never triggered, BTW). Any UDP packet starting with "VS01" will be classified as STEAM (see steam.c around line 111). Googling it, it seems right so. XBOX: XBOX only analyses UDP flows while HTTP only TCP ones; therefore that condition is false. RTP, STUN: removed useless "break"s Zattoo: `flow->zattoo_stage` is never set to any values greater or equal to 5, so these checks are never true. PPStream: `flow->l4.udp.ppstream_stage` is never read. Delete it. TeamSpeak: we check for `flow->packet_counter == 3` just above, so the following check `flow->packet_counter >= 3` is always false.
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2023-02-09 20:02:12 +0100
committer: GitHub <noreply@github.com> 2023-02-09 20:02:12 +0100
commit: b51a2ac72a3cbd1b470890d0151a46da28e6754e (patch)
tree: 694a86ec7690962b21fb2c1bcf12df9f842d5957 /src/lib/protocols
parent: 4bb851384efb2a321def0bdb5e93786fac1cc02b (diff)
9 files changed, 6 insertions, 63 deletions
diff --git a/src/lib/protocols/csgo.c b/src/lib/protocols/csgo.c
index a7d0cd130..fc298e781 100644
--- a/src/lib/protocols/csgo.c
+++ b/src/lib/protocols/csgo.c
@@ -62,12 +62,6 @@ static void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, s
       return;
     }
 
-    if(packet->payload_packet_len >= 36 && w == 0x56533031ul) {
-      NDPI_LOG_INFO( ndpi_struct, "found csgo udp\n");
-      ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-      return;
-    }
-
     if(packet->payload_packet_len >= 36 && w == 0x01007364) {
       uint32_t w2 = htonl(get_u_int32_t(packet->payload, 4));
       if(w2 == 0x70696e67) {
diff --git a/src/lib/protocols/ppstream.c b/src/lib/protocols/ppstream.c
index 78dc25393..dad801ff4 100644
--- a/src/lib/protocols/ppstream.c
+++ b/src/lib/protocols/ppstream.c
@@ -68,9 +68,6 @@ static void ndpi_search_ppstream(struct ndpi_detection_module_struct
 	       packet->payload[13] == 0x00 &&
 	       packet->payload[14] == 0x00) {
 
-	    /* increase count pkt ppstream over udp */
-	    flow->l4.udp.ppstream_stage++;
-	    
 	    ndpi_int_ppstream_add_connection(ndpi_struct, flow);
 	    return;
 	    }       
@@ -92,9 +89,6 @@ static void ndpi_search_ppstream(struct ndpi_detection_module_struct
 		     packet->payload[19] == 0x00 &&
 		     packet->payload[20] == 0x00) {
 
-		    /* increase count pkt ppstream over udp */
-		    flow->l4.udp.ppstream_stage++;
-
 		    ndpi_int_ppstream_add_connection(ndpi_struct, flow);
 		    return;
 		  }
@@ -105,9 +99,6 @@ static void ndpi_search_ppstream(struct ndpi_detection_module_struct
 		     packet->payload[19] == 0xff &&
 		     packet->payload[20] == 0xff) {
 
-		    /* increase count pkt ppstream over udp */
-		    flow->l4.udp.ppstream_stage++;
-		  
 		    ndpi_int_ppstream_add_connection(ndpi_struct, flow);
 		    return;
 		  }
@@ -128,9 +119,6 @@ static void ndpi_search_ppstream(struct ndpi_detection_module_struct
 		 packet->payload[19] == 0x00 &&
 		 packet->payload[20] == 0x00) {
 
-		/* increase count pkt ppstream over udp */
-		flow->l4.udp.ppstream_stage++;
-
 		ndpi_int_ppstream_add_connection(ndpi_struct, flow);
 		return;
 	      }
@@ -147,9 +135,6 @@ static void ndpi_search_ppstream(struct ndpi_detection_module_struct
 		 packet->payload[100] == 0x61 &&
 		 packet->payload[101] == 0x6d) {
 
-		/* increase count pkt ppstream over udp */
-		flow->l4.udp.ppstream_stage++;
-	      
 		ndpi_int_ppstream_add_connection(ndpi_struct, flow);
 		return;
 	      }
@@ -166,9 +151,6 @@ static void ndpi_search_ppstream(struct ndpi_detection_module_struct
 						 packet->payload[19] == 0x00 &&
 						 packet->payload[20] == 0x00 )) {
 
-	    /* increase count pkt ppstream over udp */
-	    flow->l4.udp.ppstream_stage++;
-
 	    ndpi_int_ppstream_add_connection(ndpi_struct, flow);
 	    return;
 	  }
@@ -187,9 +169,6 @@ static void ndpi_search_ppstream(struct ndpi_detection_module_struct
 		   packet->payload[19] == 0x00 &&
 		   packet->payload[20] == 0x00 )) {
 
-	    /* increase count pkt ppstream over udp */
-	    flow->l4.udp.ppstream_stage++;
-	  
 	    ndpi_int_ppstream_add_connection(ndpi_struct, flow);
 	    return;
 	  }
@@ -200,9 +179,6 @@ static void ndpi_search_ppstream(struct ndpi_detection_module_struct
 	if(packet->payload[1] == 0x80 || packet->payload[1] == 0x84 ) {
 	  if(packet->payload[3] == packet->payload[4]) {
 
-	    /* increase count pkt ppstream over udp */
-	    flow->l4.udp.ppstream_stage++;
-	  
 	    ndpi_int_ppstream_add_connection(ndpi_struct, flow);
 	    return;
 	  }
@@ -211,9 +187,6 @@ static void ndpi_search_ppstream(struct ndpi_detection_module_struct
 	else if(packet->payload[1] == 0x53 && packet->payload[3] == 0x00 &&
 		(packet->payload[0] == 0x08 || packet->payload[0] == 0x0c)) {
 
-	  /* increase count pkt ppstream over udp */
-	  flow->l4.udp.ppstream_stage++;
-	
 	  ndpi_int_ppstream_add_connection(ndpi_struct, flow);
 	  return;
 	}
diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c
index ae7a97465..c095550ab 100644
--- a/src/lib/protocols/quic.c
+++ b/src/lib/protocols/quic.c
@@ -246,6 +246,7 @@ static uint16_t gquic_get_u16(const uint8_t *buf, uint32_t version)
 }
 
 
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
 static char *__gcry_err(gpg_error_t err, char *buf, size_t buflen)
 {
   gpg_strerror_r(err, buf, buflen);
@@ -255,6 +256,7 @@ static char *__gcry_err(gpg_error_t err, char *buf, size_t buflen)
     buf[buflen - 1] = '\0';
   return buf;
 }
+#endif
 
 static uint64_t pntoh64(const void *p)
 {
diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c
index 779c6b9f8..b90941bbb 100644
--- a/src/lib/protocols/rtp.c
+++ b/src/lib/protocols/rtp.c
@@ -54,7 +54,6 @@ static u_int8_t isValidMSRTPType(u_int8_t payloadType, enum ndpi_rtp_stream_type
   case 118: /* Comfort Noise Wideband */
     *s_type = rtp_audio;
     return(1 /* RTP */);
-    break;
     
   case 34: /* H.263 [MS-H26XPF] */
   case 121: /* RT Video */
@@ -63,7 +62,6 @@ static u_int8_t isValidMSRTPType(u_int8_t payloadType, enum ndpi_rtp_stream_type
   case 127: /* x-data */
     *s_type = rtp_video;
     return(1 /* RTP */);
-    break;
 
   case 200: /* RTCP PACKET SENDER */
   case 201: /* RTCP PACKET RECEIVER */
@@ -71,7 +69,6 @@ static u_int8_t isValidMSRTPType(u_int8_t payloadType, enum ndpi_rtp_stream_type
   case 203: /* RTCP Bye */
     *s_type = rtp_unknown;
     return(2 /* RTCP */);
-    break;
 
   default:
     return(0);
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c
index 80e577ab1..22b4c7097 100644
--- a/src/lib/protocols/stun.c
+++ b/src/lib/protocols/stun.c
@@ -326,7 +326,6 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
 	case 0x0103:
           *app_proto = NDPI_PROTOCOL_ZOOM;
           return(NDPI_IS_STUN);
-	  break;
 	  
         case 0x4000:
         case 0x4001:
@@ -334,7 +333,6 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
           /* These are the only messages apparently whatsapp voice can use */
           *app_proto = NDPI_PROTOCOL_WHATSAPP_CALL;
           return(NDPI_IS_STUN);
-          break;
 
         case 0x0014: /* Realm */
 	  {
@@ -406,7 +404,6 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
 
           *app_proto = NDPI_PROTOCOL_SKYPE_TEAMS_CALL;
           return(NDPI_IS_STUN);
-          break;
 
         case 0x8070: /* Implementation Version */
           if(len == 4 && ((offset+7) < payload_length)
@@ -424,7 +421,6 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
         case 0xFF03:
           *app_proto = NDPI_PROTOCOL_HANGOUT_DUO;
           return(NDPI_IS_STUN);
-          break;
 
         default:
 #ifdef DEBUG_STUN
diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c
index 9aa0349f0..ec49e63ba 100644
--- a/src/lib/protocols/tcp_udp.c
+++ b/src/lib/protocols/tcp_udp.c
@@ -53,11 +53,13 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st
 {
   u_int16_t sport, dport;
   u_int proto;
-  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
+  struct ndpi_packet_struct *packet;
 
-  if(flow->host_server_name[0] != '\0')
+  if(!ndpi_struct || !flow || flow->host_server_name[0] != '\0')
     return;
 
+  packet = &ndpi_struct->packet;
+
   if(packet->udp) sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest);
   else if(packet->tcp) sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest);
   else sport = dport = 0;
diff --git a/src/lib/protocols/teamspeak.c b/src/lib/protocols/teamspeak.c
index f38962b31..9184e16e5 100644
--- a/src/lib/protocols/teamspeak.c
+++ b/src/lib/protocols/teamspeak.c
@@ -90,10 +90,6 @@ ts3_license_weblist:
     ndpi_int_teamspeak_add_connection(ndpi_struct, flow);
     return;
   }
-  if (flow->packet_counter >= 3)
-  {
-    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-  }
 }
 
 void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
diff --git a/src/lib/protocols/xbox.c b/src/lib/protocols/xbox.c
index f47018a06..d63d8d787 100644
--- a/src/lib/protocols/xbox.c
+++ b/src/lib/protocols/xbox.c
@@ -91,13 +91,7 @@ static void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, s
 	return;
     }
 #endif
-
-    /* exclude here all non matched udp traffic, exclude here tcp only if http has been excluded, because xbox could use http */
-    if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP) != 0) {
-      NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-    }
   }
-  /* to not exclude tcp traffic here, done by http code... */
 }
 
 
diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c
index 04e5431a5..cf67a82c5 100644
--- a/src/lib/protocols/zattoo.c
+++ b/src/lib/protocols/zattoo.c
@@ -170,17 +170,6 @@ static void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct,
       ZATTOO_DETECTED;
       return;
       
-    } else if(flow->zattoo_stage == 5 + packet->packet_direction && (packet->payload_packet_len == 125)) {
-
-      NDPI_LOG_INFO(ndpi_struct, "found zattoo\n");
-      ZATTOO_DETECTED;
-      return;
-      
-    } else if(flow->zattoo_stage == 6 - packet->packet_direction && packet->payload_packet_len == 1412) {
-
-      NDPI_LOG_INFO(ndpi_struct, "found zattoo\n");
-      ZATTOO_DETECTED;
-      return;
     }
     
     NDPI_LOG_DBG2(ndpi_struct,
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2023-02-09 20:02:12 +0100
committer	GitHub <noreply@github.com>	2023-02-09 20:02:12 +0100
commit	b51a2ac72a3cbd1b470890d0151a46da28e6754e (patch)
tree	694a86ec7690962b21fb2c1bcf12df9f842d5957 /src/lib/protocols
parent	4bb851384efb2a321def0bdb5e93786fac1cc02b (diff)