fuzz: extend fuzz coverage (#1888)

5 files changed, 30 insertions, 36 deletions

diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
index a63e29c7f..dd065783d 100644
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@@ -896,7 +896,7 @@ extern "C" {
    * @par     The automata initialized with ndpi_init_automa();
    * @par     The (sub)string to search (malloc'ed memory)
    * @par     The number associated with this string
-   * @return  0 in case of no error, or -1 if an error occurred.
+   * @return  0 in case of no error, or -2 if the string has been already addeed, or -1 if an error occurred.
    *
    */
   int ndpi_add_string_value_to_automa(void *_automa, char *str, u_int32_t num);
diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h
index 1337cc63f..4fd47d96c 100644
--- a/src/include/ndpi_main.h
+++ b/src/include/ndpi_main.h
@@ -95,7 +95,7 @@ extern "C" {
 					      struct ndpi_flow_struct *flow);
 
   extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct,
-						struct ndpi_flow_struct *flow, u_int16_t counter);
+						u_int16_t counter);
 
   extern void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct,
 				       struct ndpi_flow_struct *flow,
@@ -104,8 +104,6 @@ extern "C" {
   extern void ndpi_set_proto_subprotocols(struct ndpi_detection_module_struct *ndpi_mod,
 				      int protoId, ...);
 
-  extern void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow);
-
   extern int ndpi_packet_src_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip);
   extern int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip);
   extern void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip);
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 2df9dd0cc..89b9a585e 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -185,6 +185,13 @@ static ndpi_risk_info ndpi_known_risks[] = {
   /* Leave this as last member */
   { NDPI_MAX_RISK,                              NDPI_RISK_LOW,    CLIENT_FAIR_RISK_PERCENTAGE, NDPI_NO_ACCOUNTABILITY   }
 };
+#if !defined(NDPI_CFFI_PREPROCESSING) && defined(__linux__)
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+_Static_assert(sizeof(ndpi_known_risks) / sizeof(ndpi_risk_info) == NDPI_MAX_RISK + 1,
+               "Invalid risks length. Do you need to update 'ndpi_known_risks' array?");
+#endif
+#endif
+
 
 /* ****************************************** */
 
@@ -998,7 +1005,7 @@ int ndpi_set_detection_preferences(struct ndpi_detection_module_struct *ndpi_str
 /* ******************************************************************** */
 
 static void ndpi_validate_protocol_initialization(struct ndpi_detection_module_struct *ndpi_str) {
-  u_int i, val;
+  u_int i;
 
   for(i = 0; i < ndpi_str->ndpi_num_supported_protocols; i++) {
     if(ndpi_str->proto_defaults[i].protoName == NULL) {
@@ -1013,13 +1020,6 @@ static void ndpi_validate_protocol_initialization(struct ndpi_detection_module_s
       }
     }
   }
-
-  /* Sanity check for risks initialization */
-  val = (sizeof(ndpi_known_risks) / sizeof(ndpi_risk_info)) - 1;
-  if(val != NDPI_MAX_RISK) {
-    NDPI_LOG_ERR(ndpi_str,  "[NDPI] INTERNAL ERROR Invalid ndpi_known_risks[] initialization [%u != %u]\n", val, NDPI_MAX_RISK);
-    exit(0);
-  }
 }
 
 /* ******************************************************************** */
@@ -2094,7 +2094,7 @@ int ac_domain_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, AC_REP_t *match) {
   AC_PATTERN_t *pattern = m->patterns;
   int i,start,end = m->position;
 
-  for(i=0; i < m->match_num; i++,pattern++) {
+  for(i=0; i < m->match_num && i < 32; i++,pattern++) {
     /*
      * See ac_automata_exact_match()
      * The bit is set if the pattern exactly matches AND
@@ -2385,6 +2385,9 @@ int ndpi_load_ipv4_ptree(struct ndpi_detection_module_struct *ndpi_str,
   int len;
   u_int num_loaded = 0;
 
+  if(!ndpi_str || !path || !ndpi_str->protocols_ptree)
+    return(-1);
+
   fd = fopen(path, "r");
 
   if(fd == NULL) {
@@ -3062,7 +3065,7 @@ int ndpi_add_string_value_to_automa(void *_automa, char *str, u_int32_t num) {
   ac_pattern.length     = strlen(ac_pattern.astring);
 
   rc = ac_automata_add(automa, &ac_pattern);
-  return(rc == ACERR_SUCCESS || rc == ACERR_DUPLICATE_PATTERN ? 0 : -1);
+  return(rc == ACERR_SUCCESS ? 0 : (rc == ACERR_DUPLICATE_PATTERN ? -2 : -1));
 }
 
 /* ****************************************************** */
@@ -3139,7 +3142,9 @@ static int ndpi_match_string_common(AC_AUTOMATA_t *automa, char *string_to_match
   }
 
   if(automa->automata_open) {
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
     printf("[%s:%d] [NDPI] Internal error: please call ndpi_finalize_initialization()\n", __FILE__, __LINE__);
+#endif
     return(-1);
   }
 
@@ -6306,13 +6311,13 @@ void* ndpi_find_ipv4_category_userdata(struct ndpi_detection_module_struct *ndpi
 				       u_int32_t saddr) {
   ndpi_patricia_node_t *node;
 
-  if(saddr == 0)
+  if(saddr == 0 || !ndpi_str || !ndpi_str->custom_categories.ipAddresses)
     node = NULL;
   else {
     ndpi_prefix_t prefix;
 
     ndpi_fill_prefix_v4(&prefix, (struct in_addr *) &saddr, 32,
-			((ndpi_patricia_tree_t *) ndpi_str->protocols_ptree)->maxbits);
+			((ndpi_patricia_tree_t *) ndpi_str->custom_categories.ipAddresses)->maxbits);
     node = ndpi_patricia_search_best(ndpi_str->custom_categories.ipAddresses, &prefix);
   }
 
@@ -6816,7 +6821,7 @@ u_int32_t ndpi_bytestream_to_number(const u_int8_t *str, u_int16_t max_chars_to_
   val = 0;
 
   // cancel if eof, ' ' or line end chars are reached
-  while(*str >= '0' && *str <= '9' && max_chars_to_read > 0) {
+  while(max_chars_to_read > 0 && *str >= '0' && *str <= '9') {
     val *= 10;
     val += *str - '0';
     str++;
@@ -7302,7 +7307,7 @@ void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_s
 
 /* ********************************************************************************* */
 
-u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow,
+u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_str,
 				       u_int16_t counter) {
   struct ndpi_packet_struct *packet = &ndpi_str->packet;
 
@@ -7499,18 +7504,6 @@ void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_str, str
 
 /* ********************************************************************************* */
 
-void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow) {
-  if(flow) {
-    int a;
-
-    for(a = 0; a < NDPI_PROTOCOL_SIZE; a++)
-      flow->detected_protocol_stack[a] = NDPI_PROTOCOL_UNKNOWN;
-    flow->confidence = NDPI_CONFIDENCE_UNKNOWN;
-  }
-}
-
-/* ********************************************************************************* */
-
 void NDPI_PROTOCOL_IP_clear(ndpi_ip_addr_t *ip) {
   memset(ip, 0, sizeof(ndpi_ip_addr_t));
 }
@@ -8331,7 +8324,7 @@ u_int16_t ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_
   }
 
   /* Add punycode check */
-  if(ndpi_strnstr(string_to_match, "xn--", string_to_match_len)) {
+  if(ndpi_check_punycode_string(string_to_match, string_to_match_len)) {
     char str[64] = { '\0' };
 
     strncpy(str, string_to_match, ndpi_min(string_to_match_len, sizeof(str)-1));
@@ -8452,15 +8445,15 @@ const char *ndpi_get_gcrypt_version(void) {
 }
 
 ndpi_proto_defaults_t *ndpi_get_proto_defaults(struct ndpi_detection_module_struct *ndpi_str) {
-  return(ndpi_str->proto_defaults);
+  return(ndpi_str ? ndpi_str->proto_defaults : NULL);
 }
 
 u_int ndpi_get_ndpi_num_supported_protocols(struct ndpi_detection_module_struct *ndpi_str) {
-  return(ndpi_str->ndpi_num_supported_protocols);
+  return(ndpi_str ? ndpi_str->ndpi_num_supported_protocols : 0);
 }
 
 u_int ndpi_get_ndpi_num_custom_protocols(struct ndpi_detection_module_struct *ndpi_str) {
-  return(ndpi_str->ndpi_num_custom_protocols);
+  return(ndpi_str ? ndpi_str->ndpi_num_custom_protocols : 0);
 }
 
 u_int ndpi_get_ndpi_detection_module_size() {
diff --git a/src/lib/ndpi_serializer.c b/src/lib/ndpi_serializer.c
index 17231a83b..efae73b05 100644
--- a/src/lib/ndpi_serializer.c
+++ b/src/lib/ndpi_serializer.c
@@ -1650,6 +1650,7 @@ int ndpi_serialize_binary_uint32(ndpi_serializer *_serializer,
     if(ndpi_serialize_json_post(_serializer) != 0)
       return(-1);
   } else if(serializer->fmt == ndpi_serialization_format_csv) {
+#ifndef OPTIMIZE_CSV_SERIALIZATION
     if (ndpi_serializer_header_string(serializer, key, klen) < 0) return(-1);
     ndpi_serialize_csv_pre(serializer);
     buff_diff = serializer->buffer.size - serializer->status.buffer.size_used;
@@ -1659,6 +1660,7 @@ int ndpi_serialize_binary_uint32(ndpi_serializer *_serializer,
     if(rc < 0 || (u_int)rc >= buff_diff)
       return(-1);
     serializer->status.buffer.size_used += rc;
+#endif
   } else {
     if(value <= 0xff) {
       serializer->buffer.data[serializer->status.buffer.size_used++] = (ndpi_serialization_string << 4) | ndpi_serialization_uint8;
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 27a197d0f..53ed95939 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -91,7 +91,7 @@ _Static_assert(sizeof(struct ndpi_str_hash) == sizeof(struct ndpi_str_hash_priva
 int ndpi_check_punycode_string(char * buffer , int len) {
   int i = 0;
 
-  while(i++ < len) {
+  while(i++ < len - 3) {
     if((buffer[i] == 'x')
        && (buffer[i+1] == 'n')
        && (buffer[i+2] == '-')
@@ -2717,7 +2717,8 @@ u_int8_t ndpi_is_encrypted_proto(struct ndpi_detection_module_struct *ndpi_str,
 
 void ndpi_set_tls_cert_expire_days(struct ndpi_detection_module_struct *ndpi_str,
 				   u_int8_t num_days) {
-  ndpi_str->tls_certificate_expire_in_x_days = num_days;
+  if(ndpi_str)
+    ndpi_str->tls_certificate_expire_in_x_days = num_days;
 }
 
 /* ******************************************* */