diff options
Diffstat (limited to 'fuzz')
| -rw-r--r-- | fuzz/Makefile.am | 28 | ||||
| -rw-r--r-- | fuzz/fuzz_alg_memmem.cpp | 35 | ||||
| -rw-r--r-- | fuzz/fuzz_alg_strnstr.cpp | 18 | ||||
| -rw-r--r-- | fuzz/fuzz_ds_domain_classify.cpp | 3 |
4 files changed, 82 insertions, 2 deletions
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index 655a88cf2..2c7b227b5 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -1,6 +1,6 @@ bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader fuzz_ndpi_reader_alloc_fail fuzz_ndpi_reader_payload_analyzer fuzz_quic_get_crypto_data fuzz_config fuzz_community_id fuzz_serialization fuzz_tls_certificate fuzz_dga fuzz_is_stun_udp fuzz_is_stun_tcp #Alghoritms -bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_jitter fuzz_alg_ses_des fuzz_alg_crc32_md5 fuzz_alg_bytestream fuzz_alg_shoco +bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_jitter fuzz_alg_ses_des fuzz_alg_crc32_md5 fuzz_alg_bytestream fuzz_alg_shoco fuzz_alg_memmem fuzz_alg_strnstr #Data structures bin_PROGRAMS += fuzz_ds_patricia fuzz_ds_ahocorasick fuzz_ds_libcache fuzz_ds_tree fuzz_ds_ptree fuzz_ds_hash fuzz_ds_cmsketch fuzz_ds_bitmap64_fuse fuzz_ds_domain_classify #Third party @@ -223,6 +223,32 @@ fuzz_alg_shoco_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ $(fuzz_alg_shoco_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ +fuzz_alg_memmem_SOURCES = fuzz_alg_memmem.cpp +fuzz_alg_memmem_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) +fuzz_alg_memmem_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) +fuzz_alg_memmem_LDFLAGS = $(LIBS) +if HAS_FUZZLDFLAGS +fuzz_alg_memmem_CXXFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_alg_memmem_LDFLAGS += $(LIB_FUZZING_ENGINE) +endif +# force usage of CXX for linker +fuzz_alg_memmem_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ + $(fuzz_alg_memmem_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ + +fuzz_alg_strnstr_SOURCES = fuzz_alg_strnstr.cpp +fuzz_alg_strnstr_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) +fuzz_alg_strnstr_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) +fuzz_alg_strnstr_LDFLAGS = $(LIBS) +if HAS_FUZZLDFLAGS +fuzz_alg_strnstr_CXXFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_alg_strnstr_LDFLAGS += $(LIB_FUZZING_ENGINE) +endif +# force usage of CXX for linker +fuzz_alg_strnstr_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ + $(fuzz_alg_strnstr_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ + fuzz_alg_ses_des_SOURCES = fuzz_alg_ses_des.cpp fuzz_common_code.c fuzz_alg_ses_des_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) fuzz_alg_ses_des_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) diff --git a/fuzz/fuzz_alg_memmem.cpp b/fuzz/fuzz_alg_memmem.cpp new file mode 100644 index 000000000..c8e1e1661 --- /dev/null +++ b/fuzz/fuzz_alg_memmem.cpp @@ -0,0 +1,35 @@ +#include "ndpi_api.h" + +#include "fuzzer/FuzzedDataProvider.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + FuzzedDataProvider fuzzed_data(data, size); + char dst[256]; + uint8_t *h; + int h_len, needle_len = 0, needle_start = 0; + + /* No real memory allocations involved */ + + /* 1: needle is a subset of haystack */ + + std::vector<uint8_t>haystack = fuzzed_data.ConsumeBytes<uint8_t>(512); + h = haystack.data(); + h_len = haystack.size(); + + if(h_len > 1) { + needle_start = fuzzed_data.ConsumeIntegralInRange(0, h_len - 1); + needle_len = fuzzed_data.ConsumeIntegralInRange(0, h_len - needle_start - 1); + } + ndpi_memmem(h, h_len, &h[needle_start], needle_len); + + /* 2: fully random */ + + std::vector<uint8_t>needle = fuzzed_data.ConsumeBytes<uint8_t>(512); + ndpi_memmem(h, h_len, needle.data(), needle.size()); + + + /* Let use this fuzzer to check also this simple function... */ + ndpi_strlcpy(dst, (const char *)h, sizeof(dst), h_len); + + return 0; +} diff --git a/fuzz/fuzz_alg_strnstr.cpp b/fuzz/fuzz_alg_strnstr.cpp new file mode 100644 index 000000000..1a2bd3d2f --- /dev/null +++ b/fuzz/fuzz_alg_strnstr.cpp @@ -0,0 +1,18 @@ +#include "ndpi_api.h" + +#include "fuzzer/FuzzedDataProvider.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + FuzzedDataProvider fuzzed_data(data, size); + u_int16_t len; + + /* No real memory allocations involved */ + + len = fuzzed_data.ConsumeIntegral<u_int16_t>(); + std::string haystack = fuzzed_data.ConsumeRandomLengthString(); + std::string needle = fuzzed_data.ConsumeRandomLengthString(); + + ndpi_strnstr(haystack.c_str(), needle.c_str(), len); + + return 0; +} diff --git a/fuzz/fuzz_ds_domain_classify.cpp b/fuzz/fuzz_ds_domain_classify.cpp index a53c8d130..5e068a9fe 100644 --- a/fuzz/fuzz_ds_domain_classify.cpp +++ b/fuzz/fuzz_ds_domain_classify.cpp @@ -30,7 +30,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { for (i = 0; i < num_iteration; i++) { value = fuzzed_data.ConsumeBytesAsString(fuzzed_data.ConsumeIntegral<u_int8_t>()); class_id = fuzzed_data.ConsumeIntegral<u_int16_t>(); - rc = ndpi_domain_classify_add(ndpi_struct, d, class_id, (char*)value.c_str()); + rc = ndpi_domain_classify_add(fuzzed_data.ConsumeBool() ? ndpi_struct : NULL, + d, class_id, (char*)value.c_str()); /* Keep one random entry really added */ if (rc == true && is_added == 0 && fuzzed_data.ConsumeBool()) { |