fuzz: fix memory allocation failure logic (#1867)

We *do* want to have some allocation errors. Fix some related bugs Fix: 29be01ef
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2023-01-20 14:27:33 +0100
committer: GitHub <noreply@github.com> 2023-01-20 14:27:33 +0100
commit: 5e8c1ebbb7f67033916ed4878cd6c2a662073898 (patch)
tree: f538977aa08015bffcf99ec9f6bb505c9143232c /src
parent: 496b284c9888c090696cc8e570d0b20c08dc3d63 (diff)
4 files changed, 68 insertions, 18 deletions
diff --git a/src/lib/ndpi_analyze.c b/src/lib/ndpi_analyze.c
index 0fe749050..8ded55718 100644
--- a/src/lib/ndpi_analyze.c
+++ b/src/lib/ndpi_analyze.c
@@ -145,8 +145,8 @@ u_int32_t ndpi_data_last(struct ndpi_analyze_struct *s) {
 }
 
 /* Return min/max on all values */
-u_int32_t ndpi_data_min(struct ndpi_analyze_struct *s) { return(s->min_val); }
-u_int32_t ndpi_data_max(struct ndpi_analyze_struct *s) { return(s->max_val); }
+u_int32_t ndpi_data_min(struct ndpi_analyze_struct *s) { return(s ? s->min_val : 0); }
+u_int32_t ndpi_data_max(struct ndpi_analyze_struct *s) { return(s ? s->max_val : 0); }
 
 /* ********************************************************************************* */
 
@@ -582,7 +582,7 @@ char* ndpi_print_bin(struct ndpi_bin *b, u_int8_t normalize_first, char *out_buf
   u_int16_t i;
   u_int len = 0;
 
-  if(!b || !out_buf) return(out_buf); else out_buf[0] = '\0';
+  if(!b || !b->u.bins8 || !out_buf) return(out_buf); else out_buf[0] = '\0';
 
   if(normalize_first)
     ndpi_normalize_bin(b);
@@ -592,7 +592,7 @@ char* ndpi_print_bin(struct ndpi_bin *b, u_int8_t normalize_first, char *out_buf
     for(i=0; i<b->num_bins; i++) {
       int rc = ndpi_snprintf(&out_buf[len], out_buf_len-len, "%s%u", (i > 0) ? "," : "", b->u.bins8[i]);
 
-      if(rc < 0) break;
+      if(rc < 0 || (u_int)rc >= out_buf_len-len) break;
       len += rc;
     }
     break;
@@ -601,7 +601,7 @@ char* ndpi_print_bin(struct ndpi_bin *b, u_int8_t normalize_first, char *out_buf
     for(i=0; i<b->num_bins; i++) {
       int rc = ndpi_snprintf(&out_buf[len], out_buf_len-len, "%s%u", (i > 0) ? "," : "", b->u.bins16[i]);
 
-      if(rc < 0) break;
+      if(rc < 0 || (u_int)rc >= out_buf_len-len) break;
       len += rc;
     }
     break;
@@ -610,7 +610,7 @@ char* ndpi_print_bin(struct ndpi_bin *b, u_int8_t normalize_first, char *out_buf
     for(i=0; i<b->num_bins; i++) {
       int rc = ndpi_snprintf(&out_buf[len], out_buf_len-len, "%s%u", (i > 0) ? "," : "", b->u.bins32[i]);
 
-      if(rc < 0) break;
+      if(rc < 0 || (u_int)rc >= out_buf_len-len) break;
       len += rc;
     }
     break;
@@ -619,7 +619,7 @@ char* ndpi_print_bin(struct ndpi_bin *b, u_int8_t normalize_first, char *out_buf
     for(i=0; i<b->num_bins; i++) {
       int rc = ndpi_snprintf(&out_buf[len], out_buf_len-len, "%s%llu", (i > 0) ? "," : "", (unsigned long long)b->u.bins64[i]);
 
-      if(rc < 0) break;
+      if(rc < 0 || (u_int)rc >= out_buf_len-len) break;
       len += rc;
     }
     break;
@@ -655,7 +655,10 @@ float ndpi_bin_similarity(struct ndpi_bin *b1, struct ndpi_bin *b2,
 			  u_int8_t normalize_first, float similarity_max_threshold) {
   u_int16_t i;
   float threshold = similarity_max_threshold*similarity_max_threshold;
-  
+
+  if(!b1 || !b2)
+    return(-1);
+
   if(
      // (b1->family != b2->family) ||
      (b1->num_bins != b2->num_bins))
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 10a479896..81eb5e277 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -2789,10 +2789,26 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs
   ndpi_str->ndpi_num_custom_protocols = 0;
 
   ndpi_str->host_automa.ac_automa = ac_automata_init(ac_domain_match_handler);
+  if(!ndpi_str->host_automa.ac_automa) {
+    ndpi_exit_detection_module(ndpi_str);
+    return(NULL);
+  }
   ndpi_str->host_risk_mask_automa.ac_automa = ac_automata_init(ac_domain_match_handler);
+  if(!ndpi_str->host_risk_mask_automa.ac_automa) {
+    ndpi_exit_detection_module(ndpi_str);
+    return(NULL);
+  }
   ndpi_str->common_alpns_automa.ac_automa = ac_automata_init(ac_domain_match_handler);
+  if(!ndpi_str->common_alpns_automa.ac_automa) {
+    ndpi_exit_detection_module(ndpi_str);
+    return(NULL);
+  }
   load_common_alpns(ndpi_str);
   ndpi_str->tls_cert_subject_automa.ac_automa = ac_automata_init(NULL);
+  if(!ndpi_str->tls_cert_subject_automa.ac_automa) {
+    ndpi_exit_detection_module(ndpi_str);
+    return(NULL);
+  }
   ndpi_str->malicious_ja3_hashmap = NULL; /* Initialized on demand */
   ndpi_str->malicious_sha1_hashmap = NULL; /* Initialized on demand */
   ndpi_str->risky_domain_automa.ac_automa = NULL; /* Initialized on demand */
@@ -2806,7 +2822,15 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs
   }
 
   ndpi_str->custom_categories.hostnames.ac_automa = ac_automata_init(ac_domain_match_handler);
+  if(!ndpi_str->custom_categories.hostnames.ac_automa) {
+    ndpi_exit_detection_module(ndpi_str);
+    return(NULL);
+  }
   ndpi_str->custom_categories.hostnames_shadow.ac_automa = ac_automata_init(ac_domain_match_handler);
+  if(!ndpi_str->custom_categories.hostnames_shadow.ac_automa) {
+    ndpi_exit_detection_module(ndpi_str);
+    return(NULL);
+  }
 
   ndpi_str->custom_categories.ipAddresses = ndpi_patricia_new(32 /* IPv4 */);
   ndpi_str->custom_categories.ipAddresses_shadow = ndpi_patricia_new(32 /* IPv4 */);
@@ -3859,6 +3883,9 @@ int ndpi_load_categories_file(struct ndpi_detection_module_struct *ndpi_str,
   FILE *fd;
   int len, num = 0;
 
+  if(!ndpi_str || !path)
+    return(-1);
+
   fd = fopen(path, "r");
 
   if(fd == NULL) {
@@ -3933,6 +3960,9 @@ int ndpi_load_risk_domain_file(struct ndpi_detection_module_struct *ndpi_str, co
   FILE *fd;
   int len, num = 0;
 
+  if(!ndpi_str || !path)
+    return(-1);
+
   fd = fopen(path, "r");
 
   if(fd == NULL) {
@@ -3978,7 +4008,7 @@ int ndpi_load_malicious_ja3_file(struct ndpi_detection_module_struct *ndpi_str,
   FILE *fd;
   int len, num = 0;
 
-  if(!ndpi_str)
+  if(!ndpi_str || !path)
     return(-1);
   if(ndpi_str->malicious_ja3_hashmap == NULL && ndpi_hash_init(&ndpi_str->malicious_ja3_hashmap) != 0)
     return(-1);
@@ -4042,7 +4072,7 @@ int ndpi_load_malicious_sha1_file(struct ndpi_detection_module_struct *ndpi_str,
   size_t i, len;
   int num = 0;
 
-  if(!ndpi_str)
+  if(!ndpi_str || !path)
     return(-1);
   if(ndpi_str->malicious_sha1_hashmap == NULL && ndpi_hash_init(&ndpi_str->malicious_sha1_hashmap) != 0)
     return(-1);
@@ -4113,6 +4143,9 @@ int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_str, cons
   int chunk_len = 1024, buffer_len = chunk_len, old_buffer_len;
   int i, rc = -1;
 
+  if(!ndpi_str || !path)
+    return(-1);
+
   fd = fopen(path, "r");
 
   if(fd == NULL) {
@@ -7945,7 +7978,8 @@ int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_str, char *pr
   int i;
 
   for(i = 0; i < (int) ndpi_str->ndpi_num_supported_protocols; i++)
-    if(strcasecmp(proto, ndpi_str->proto_defaults[i].protoName) == 0)
+    if(ndpi_str->proto_defaults[i].protoName &&
+       strcasecmp(proto, ndpi_str->proto_defaults[i].protoName) == 0)
       return(i);
 
   return(-1);
diff --git a/src/lib/third_party/src/ahocorasick.c b/src/lib/third_party/src/ahocorasick.c
index 34ca51dac..cade82bab 100644
--- a/src/lib/third_party/src/ahocorasick.c
+++ b/src/lib/third_party/src/ahocorasick.c
@@ -259,7 +259,7 @@ AC_ERROR_t ac_automata_add (AC_AUTOMATA_t * thiz, AC_PATTERN_t * patt)
   if(thiz->max_str_len < patt->length)
      thiz->max_str_len = patt->length;
 
-  if(n->final) {
+  if(n->final && n->matched_patterns) {
     patt->rep.number = n->matched_patterns->patterns[0].rep.number;
     return ACERR_DUPLICATE_PATTERN;
   }
@@ -372,7 +372,7 @@ static AC_ERROR_t ac_finalize_node(AC_AUTOMATA_t * thiz,AC_NODE_t * n, int idx,
 AC_ERROR_t ac_automata_finalize (AC_AUTOMATA_t * thiz) {
 
     AC_ERROR_t r = ACERR_SUCCESS;
-    if(!thiz->automata_open) return r;
+    if(!thiz || !thiz->automata_open) return r;
 
     ac_automata_traverse_setfailure (thiz);
     thiz->id=0;
@@ -439,6 +439,8 @@ int ac_automata_search (AC_AUTOMATA_t * thiz,
   AC_NODE_t *next;
   AC_ALPHABET_t *apos;
 
+  if(!thiz || !txt) return -1;
+
   thiz->stats.n_search++;
 
   if(thiz->automata_open)
@@ -688,6 +690,8 @@ static void dump_node_str(AC_AUTOMATA_t * thiz, AC_NODE_t * node,
 void ac_automata_dump(AC_AUTOMATA_t * thiz, FILE *file) {
   struct aho_dump_info ai;
 
+  if(!thiz) return;
+
   memset((char *)&ai,0,sizeof(ai));
   ai.file = file ? file : stdout;
   fprintf(ai.file,"---DUMP- all nodes %u - max strlen %u -%s---\n",
diff --git a/src/lib/third_party/src/ndpi_patricia.c b/src/lib/third_party/src/ndpi_patricia.c
index 5f2aefd89..996af7e88 100644
--- a/src/lib/third_party/src/ndpi_patricia.c
+++ b/src/lib/third_party/src/ndpi_patricia.c
@@ -321,7 +321,9 @@ ndpi_patricia_new (u_int16_t maxbits)
 void
 ndpi_Clear_Patricia (ndpi_patricia_tree_t *patricia, ndpi_void_fn_t func)
 {
-  assert (patricia);
+  if(!patricia)
+    return;
+
   if(patricia->head) {
 
     ndpi_patricia_node_t *Xstack[PATRICIA_MAXBITS+1];
@@ -377,6 +379,9 @@ void
 ndpi_patricia_process (ndpi_patricia_tree_t *patricia, ndpi_void_fn2_t func)
 {
   ndpi_patricia_node_t *node;
+
+  if (!patricia)
+    return;
   assert (func);
 
   PATRICIA_WALK (patricia->head, node) {
@@ -451,7 +456,7 @@ ndpi_patricia_walk_inorder(ndpi_patricia_node_t *node, ndpi_void_fn3_t func, voi
 
 size_t
 ndpi_patricia_walk_tree_inorder(ndpi_patricia_tree_t *patricia, ndpi_void_fn3_t func, void *data) {
-  if (patricia->head == NULL)
+  if (patricia == NULL || patricia->head == NULL)
     return 0;
 
   return ndpi_patricia_walk_inorder(patricia->head, func, data);
@@ -464,7 +469,8 @@ ndpi_patricia_search_exact (ndpi_patricia_tree_t *patricia, ndpi_prefix_t *prefi
   u_char *addr;
   u_int16_t bitlen;
 
-  assert (patricia);
+  if (!patricia)
+    return (NULL);
   assert (prefix);
   assert (prefix->bitlen <= patricia->maxbits);
 
@@ -650,12 +656,14 @@ ndpi_patricia_lookup (ndpi_patricia_tree_t *patricia, ndpi_prefix_t *prefix)
   u_int16_t bitlen, check_bit, differ_bit;
   int i, j;
 
+  if(!patricia)
+    return (NULL);
+
 #ifdef PATRICIA_DEBUG
   fprintf (stderr, "patricia_lookup() %s/%d (head)\n", 
 	   ndpi_prefix_toa (prefix), prefix->bitlen);
 #endif /* PATRICIA_DEBUG */
 
-    assert (patricia);
   assert (prefix);
   assert (prefix->bitlen <= patricia->maxbits);
 
@@ -888,7 +896,8 @@ ndpi_patricia_remove (ndpi_patricia_tree_t *patricia, ndpi_patricia_node_t *node
 {
   ndpi_patricia_node_t *parent, *child;
 
-  assert (patricia);
+  if(!patricia)
+    return;
   assert (node);
 
   if(node->r && node->l) {
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2023-01-20 14:27:33 +0100
committer	GitHub <noreply@github.com>	2023-01-20 14:27:33 +0100
commit	5e8c1ebbb7f67033916ed4878cd6c2a662073898 (patch)
tree	f538977aa08015bffcf99ec9f6bb505c9143232c /src
parent	496b284c9888c090696cc8e570d0b20c08dc3d63 (diff)