aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fuzz/fuzz_alg_crc32_md5.c14
-rw-r--r--fuzz/fuzz_alg_memmem.cpp5
-rw-r--r--fuzz/fuzz_config.cpp7
-rw-r--r--fuzz/fuzz_ndpi_reader.c6
-rw-r--r--fuzz/fuzz_serialization.cpp2
5 files changed, 26 insertions, 8 deletions
diff --git a/fuzz/fuzz_alg_crc32_md5.c b/fuzz/fuzz_alg_crc32_md5.c
index 304d42dc2..31a9635a9 100644
--- a/fuzz/fuzz_alg_crc32_md5.c
+++ b/fuzz/fuzz_alg_crc32_md5.c
@@ -6,10 +6,15 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
ndpi_MD5_CTX ctx;
struct ndpi_popcount popcount;
char *str;
+ u_int len;
+ u_char out[2048], out2[2048];
+ int pseudo_bool;
/* No memory allocations involved */
- /* Used for crc32, md5, hash(es) and popcount algs */
+ /* Used for crc32, md5, hash(es), popcount and hex2bin algs */
+
+ pseudo_bool = (size % 2 == 0);
ndpi_crc16_ccit(data, size);
ndpi_crc16_ccit_false(data, size);
@@ -44,8 +49,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
}
- ndpi_popcount_init(&popcount);
- ndpi_popcount_count(&popcount, data, size);
+ ndpi_popcount_init(pseudo_bool ? &popcount : NULL);
+ ndpi_popcount_count(pseudo_bool ? &popcount : NULL, data, size);
+
+ len = ndpi_bin2hex(out, sizeof(out), (u_char *)data, size);
+ ndpi_hex2bin(out2, sizeof(out2), out, len);
return 0;
}
diff --git a/fuzz/fuzz_alg_memmem.cpp b/fuzz/fuzz_alg_memmem.cpp
index c8e1e1661..7bafb8554 100644
--- a/fuzz/fuzz_alg_memmem.cpp
+++ b/fuzz/fuzz_alg_memmem.cpp
@@ -29,7 +29,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
/* Let use this fuzzer to check also this simple function... */
- ndpi_strlcpy(dst, (const char *)h, sizeof(dst), h_len);
+ if(fuzzed_data.ConsumeBool())
+ ndpi_strlcpy(dst, (const char *)h, sizeof(dst), h_len);
+ else
+ ndpi_strlcpy(NULL, (const char *)h, 0, h_len);
return 0;
}
diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp
index 6ca213cce..0bed755f8 100644
--- a/fuzz/fuzz_config.cpp
+++ b/fuzz/fuzz_config.cpp
@@ -36,6 +36,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
char cfg_param[32];
u_int64_t cat_userdata = 0;
u_int16_t unused1, unused2;
+ ndpi_master_app_protocol proto1, proto2;
/* To allow memory allocation failures */
fuzz_set_alloc_callbacks_and_seed(size);
@@ -645,6 +646,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
ndpi_fpc_confidence_get_name(static_cast<ndpi_fpc_confidence_t>(fuzzed_data.ConsumeIntegral<u_int8_t>()));
ndpi_get_proto_breed_name(static_cast<ndpi_protocol_breed_t>(fuzzed_data.ConsumeIntegral<u_int8_t>()));
ndpi_get_l4_proto_name(static_cast<ndpi_l4_proto_info>(fuzzed_data.ConsumeIntegral<u_int8_t>()));
+ proto1.app_protocol = fuzzed_data.ConsumeIntegral<u_int16_t>();
+ proto1.master_protocol = fuzzed_data.ConsumeIntegral<u_int16_t>();
+ ndpi_is_proto_unknown(proto1);
+ proto2.app_protocol = fuzzed_data.ConsumeIntegral<u_int16_t>();
+ proto2.master_protocol = fuzzed_data.ConsumeIntegral<u_int16_t>();
+ ndpi_is_proto_equals(proto1, proto2, fuzzed_data.ConsumeBool());
char buf2[16];
ndpi_entropy2str(fuzzed_data.ConsumeFloatingPoint<float>(), fuzzed_data.ConsumeBool() ? buf2 : NULL, sizeof(buf2));
diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c
index 5399601e5..4e736909d 100644
--- a/fuzz/fuzz_ndpi_reader.c
+++ b/fuzz/fuzz_ndpi_reader.c
@@ -89,14 +89,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
ndpi_set_config(workflow->ndpi_struct, NULL, "flow.track_payload", "1");
ndpi_set_config(workflow->ndpi_struct, NULL, "tcp_ack_payload_heuristic", "1");
ndpi_set_config(workflow->ndpi_struct, "tls", "application_blocks_tracking", "1");
- ndpi_set_config(workflow->ndpi_struct, "stun", "max_packets_extra_dissection", "255");
+ ndpi_set_config(workflow->ndpi_struct, "stun", "max_packets_extra_dissection", "40");
ndpi_set_config(workflow->ndpi_struct, "zoom", "max_packets_extra_dissection", "255");
ndpi_set_config(workflow->ndpi_struct, "rtp", "search_for_stun", "1");
ndpi_set_config(workflow->ndpi_struct, "openvpn", "dpi.heuristics", "0x01");
- ndpi_set_config(workflow->ndpi_struct, "openvpn", "dpi.heuristics.num_messages", "255");
+ ndpi_set_config(workflow->ndpi_struct, "openvpn", "dpi.heuristics.num_messages", "20");
ndpi_set_config(workflow->ndpi_struct, "tls", "metadata.ja4r_fingerprint", "1");
ndpi_set_config(workflow->ndpi_struct, "tls", "dpi.heuristics", "0x07");
- ndpi_set_config(workflow->ndpi_struct, "tls", "dpi.heuristics.max_packets_extra_dissection", "255");
+ ndpi_set_config(workflow->ndpi_struct, "tls", "dpi.heuristics.max_packets_extra_dissection", "40");
ndpi_set_config(workflow->ndpi_struct, "stun", "monitoring", "1");
ndpi_finalize_initialization(workflow->ndpi_struct);
diff --git a/fuzz/fuzz_serialization.cpp b/fuzz/fuzz_serialization.cpp
index 5b5de9fe0..8d8120cd1 100644
--- a/fuzz/fuzz_serialization.cpp
+++ b/fuzz/fuzz_serialization.cpp
@@ -19,7 +19,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
/* To allow memory allocation failures */
fuzz_set_alloc_callbacks_and_seed(size);
- fmt = static_cast<ndpi_serialization_format>(fuzzed_data.ConsumeIntegralInRange(1, 4));
+ fmt = static_cast<ndpi_serialization_format>(fuzzed_data.ConsumeIntegralInRange(1, 5));
if (fuzzed_data.ConsumeBool())
rc = ndpi_init_serializer(&serializer, fmt);
Powered by cgit, Themed by Ted Yin.