diff options
Diffstat (limited to 'fuzz')
| -rw-r--r-- | fuzz/Makefile.am | 22 | ||||
| -rw-r--r-- | fuzz/corpus/fuzz_filecfg_categories/domain.txt | 2 | ||||
| -rw-r--r-- | fuzz/corpus/fuzz_filecfg_categories/ipv4.txt | 1 | ||||
| -rw-r--r-- | fuzz/corpus/fuzz_filecfg_categories/ipv4_prefix.txt | 1 | ||||
| -rw-r--r-- | fuzz/corpus/fuzz_filecfg_categories/ipv6.txt | 1 | ||||
| -rw-r--r-- | fuzz/corpus/fuzz_filecfg_categories/ipv6_prefix.txt | 1 | ||||
| -rw-r--r-- | fuzz/fuzz_config.cpp | 2 | ||||
| -rw-r--r-- | fuzz/fuzz_filecfg_categories.c | 46 |
8 files changed, 74 insertions, 2 deletions
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index 5f6fbb71c..360b39a46 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -8,7 +8,7 @@ bin_PROGRAMS += fuzz_libinjection fuzz_binaryfusefilter #Internal crypto bin_PROGRAMS += fuzz_gcrypt_light fuzz_gcrypt_aes fuzz_gcrypt_gcm fuzz_gcrypt_cipher #Configuration files -bin_PROGRAMS += fuzz_filecfg_protocols +bin_PROGRAMS += fuzz_filecfg_protocols fuzz_filecfg_categories #Reader utils bin_PROGRAMS += fuzz_readerutils_workflow fuzz_readerutils_parseprotolist @@ -485,6 +485,19 @@ fuzz_filecfg_protocols_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ $(fuzz_filecfg_protocols_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ +fuzz_filecfg_categories_SOURCES = fuzz_filecfg_categories.c fuzz_common_code.c +fuzz_filecfg_categories_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) +fuzz_filecfg_categories_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) +fuzz_filecfg_categories_LDFLAGS = $(LIBS) +if HAS_FUZZLDFLAGS +fuzz_filecfg_categories_CFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_filecfg_categories_LDFLAGS += $(LIB_FUZZING_ENGINE) +endif +# force usage of CXX for linker +fuzz_filecfg_categories_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ + $(fuzz_filecfg_categories_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ + fuzz_readerutils_workflow_SOURCES = fuzz_readerutils_workflow.cpp fuzz_common_code.c ../example/reader_util.c fuzz_readerutils_workflow_CXXFLAGS = -I../example/ @NDPI_CFLAGS@ $(CXXFLAGS) -DDISABLE_CUSTOM_ALLOCATOR_ON_READERUTILS fuzz_readerutils_workflow_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DDISABLE_CUSTOM_ALLOCATOR_ON_READERUTILS @@ -606,6 +619,10 @@ files_corpus_fuzz_filecfg_protocols := $(wildcard corpus/fuzz_filecfg_protocols fuzz_filecfg_protocols_seed_corpus.zip: $(files_corpus_fuzz_filecfg_protocols) zip -j fuzz_filecfg_protocols_seed_corpus.zip $(files_corpus_fuzz_filecfg_protocols) +files_corpus_fuzz_filecfg_categories := $(wildcard corpus/fuzz_filecfg_categories/*) +fuzz_filecfg_categories_seed_corpus.zip: $(files_corpus_fuzz_filecfg_categories) + zip -j fuzz_filecfg_categories_seed_corpus.zip $(files_corpus_fuzz_filecfg_categories) + files_corpus_fuzz_readerutils_workflow := $(wildcard corpus/fuzz_readerutils_workflow/*) fuzz_readerutils_workflow_seed_corpus.zip: $(files_corpus_fuzz_readerutils_workflow) zip -j fuzz_readerutils_workflow_seed_corpus.zip $(files_corpus_fuzz_readerutils_workflow) @@ -622,7 +639,7 @@ files_corpus_fuzz_ds_domain_classify := $(wildcard corpus/fuzz_ds_domain_classi fuzz_ds_domain_classify_seed_corpus.zip: $(files_corpus_fuzz_ds_domain_classify) zip -j fuzz_ds_domain_classify_seed_corpus.zip $(files_corpus_fuzz_ds_domain_classify) -corpus: fuzz_ndpi_reader_seed_corpus.zip fuzz_ndpi_reader_alloc_fail_seed_corpus.zip fuzz_ndpi_reader_payload_analyzer_seed_corpus.zip fuzz_quic_get_crypto_data_seed_corpus.zip fuzz_config_seed_corpus.zip fuzz_ds_patricia_seed_corpus.zip fuzz_ds_ahocorasick_seed_corpus.zip fuzz_alg_ses_des_seed_corpus.zip fuzz_alg_hw_rsi_outliers_da_seed_corpus.zip fuzz_alg_bins_seed_corpus.zip fuzz_alg_hll_seed_corpus.zip fuzz_alg_jitter_seed_corpus.zip fuzz_ds_libcache_seed_corpus.zip fuzz_community_id_seed_corpus.zip fuzz_ds_tree_seed_corpus.zip fuzz_serialization_seed_corpus.zip fuzz_ds_ptree_seed_corpus.zip fuzz_alg_crc32_md5_seed_corpus.zip fuzz_alg_bytestream_seed_corpus.zip fuzz_libinjection_seed_corpus.zip fuzz_tls_certificate_seed_corpus.zip fuzz_filecfg_protocols_seed_corpus.zip fuzz_readerutils_workflow_seed_corpus.zip fuzz_readerutils_parseprotolist_seed_corpus.zip fuzz_ds_bitmap64_seed_corpus.zip fuzz_ds_domain_classify_seed_corpus.zip +corpus: fuzz_ndpi_reader_seed_corpus.zip fuzz_ndpi_reader_alloc_fail_seed_corpus.zip fuzz_ndpi_reader_payload_analyzer_seed_corpus.zip fuzz_quic_get_crypto_data_seed_corpus.zip fuzz_config_seed_corpus.zip fuzz_ds_patricia_seed_corpus.zip fuzz_ds_ahocorasick_seed_corpus.zip fuzz_alg_ses_des_seed_corpus.zip fuzz_alg_hw_rsi_outliers_da_seed_corpus.zip fuzz_alg_bins_seed_corpus.zip fuzz_alg_hll_seed_corpus.zip fuzz_alg_jitter_seed_corpus.zip fuzz_ds_libcache_seed_corpus.zip fuzz_community_id_seed_corpus.zip fuzz_ds_tree_seed_corpus.zip fuzz_serialization_seed_corpus.zip fuzz_ds_ptree_seed_corpus.zip fuzz_alg_crc32_md5_seed_corpus.zip fuzz_alg_bytestream_seed_corpus.zip fuzz_libinjection_seed_corpus.zip fuzz_tls_certificate_seed_corpus.zip fuzz_filecfg_protocols_seed_corpus.zip fuzz_readerutils_workflow_seed_corpus.zip fuzz_readerutils_parseprotolist_seed_corpus.zip fuzz_ds_bitmap64_seed_corpus.zip fuzz_ds_domain_classify_seed_corpus.zip fuzz_filecfg_protocols_seed_corpus.zip cp corpus/fuzz_*seed_corpus.zip . #Create dictionaries exactly as expected by oss-fuzz. @@ -651,6 +668,7 @@ distdir: -o -path './corpus/fuzz_*.zip' \ -o -path './corpus/fuzz_quic_get_crypto_data/*' \ -o -path './corpus/fuzz_filecfg_protocols/*' \ + -o -path './corpus/fuzz_filecfg_categories/*' \ -o -path './corpus/fuzz_readerutils_workflow/*' \ -o -path './corpus/fuzz_readerutils_parseprotolist/*' \ -o -path './corpus/fuzz_config/*' \ diff --git a/fuzz/corpus/fuzz_filecfg_categories/domain.txt b/fuzz/corpus/fuzz_filecfg_categories/domain.txt new file mode 100644 index 000000000..2598e8dc4 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_categories/domain.txt @@ -0,0 +1,2 @@ +# Format: name\tcategory_id +internetbadguys.com 100 diff --git a/fuzz/corpus/fuzz_filecfg_categories/ipv4.txt b/fuzz/corpus/fuzz_filecfg_categories/ipv4.txt new file mode 100644 index 000000000..5f4450957 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_categories/ipv4.txt @@ -0,0 +1 @@ +144.139.247.220 100 diff --git a/fuzz/corpus/fuzz_filecfg_categories/ipv4_prefix.txt b/fuzz/corpus/fuzz_filecfg_categories/ipv4_prefix.txt new file mode 100644 index 000000000..40758d9e5 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_categories/ipv4_prefix.txt @@ -0,0 +1 @@ +144.139.247.220/24 100 diff --git a/fuzz/corpus/fuzz_filecfg_categories/ipv6.txt b/fuzz/corpus/fuzz_filecfg_categories/ipv6.txt new file mode 100644 index 000000000..4a638c09a --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_categories/ipv6.txt @@ -0,0 +1 @@ +[3ffe:507:0:1:200:86ff:fe05:80da] 100 diff --git a/fuzz/corpus/fuzz_filecfg_categories/ipv6_prefix.txt b/fuzz/corpus/fuzz_filecfg_categories/ipv6_prefix.txt new file mode 100644 index 000000000..05adf1602 --- /dev/null +++ b/fuzz/corpus/fuzz_filecfg_categories/ipv6_prefix.txt @@ -0,0 +1 @@ +[3ffe:507:0:1:200:86ff:fe05:80da]/64 100 diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp index 53d5c2fd8..53df3a8c3 100644 --- a/fuzz/fuzz_config.cpp +++ b/fuzz/fuzz_config.cpp @@ -220,6 +220,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { flow.l4_proto, flow.c_address.v4, flow.c_port, flow.s_address.v4, flow.s_port); + } else { + ndpi_find_ipv6_category_userdata(ndpi_info_mod, (struct in6_addr *)flow.c_address.v6); } /* Another "strange" function: fuzz it here, for lack of a better alternative */ ndpi_search_tcp_or_udp(ndpi_info_mod, &flow); diff --git a/fuzz/fuzz_filecfg_categories.c b/fuzz/fuzz_filecfg_categories.c new file mode 100644 index 000000000..d2e43c99c --- /dev/null +++ b/fuzz/fuzz_filecfg_categories.c @@ -0,0 +1,46 @@ +#include "ndpi_api.h" +#include "fuzz_common_code.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + struct ndpi_detection_module_struct *ndpi_struct; + FILE *fd; + /* Try to be fast */ + ndpi_init_prefs prefs = ndpi_dont_load_tor_list | + ndpi_dont_load_azure_list | + ndpi_dont_load_whatsapp_list | + ndpi_dont_load_amazon_aws_list | + ndpi_dont_load_ethereum_list | + ndpi_dont_load_zoom_list | + ndpi_dont_load_cloudflare_list | + ndpi_dont_load_microsoft_list | + ndpi_dont_load_google_list | + ndpi_dont_load_google_cloud_list | + ndpi_dont_load_asn_lists | + ndpi_dont_init_risk_ptree | + ndpi_dont_load_cachefly_list | + ndpi_dont_load_protonvpn_list | + ndpi_dont_load_mullvad_list; + NDPI_PROTOCOL_BITMASK all; + NDPI_PROTOCOL_BITMASK debug_bitmask; + + /* To allow memory allocation failures */ + fuzz_set_alloc_callbacks_and_seed(size); + + ndpi_struct = ndpi_init_detection_module(prefs); + NDPI_BITMASK_SET_ALL(all); + ndpi_set_protocol_detection_bitmask2(ndpi_struct, &all); + + NDPI_BITMASK_SET_ALL(debug_bitmask); + ndpi_set_log_level(ndpi_struct, 4); + ndpi_set_debug_bitmask(ndpi_struct, debug_bitmask); + + fd = buffer_to_file(data, size); + ndpi_load_categories_file2(ndpi_struct, fd, NULL); + if(fd) + fclose(fd); + + /* We don't really need to call ndpi_finalize_initialization */ + + ndpi_exit_detection_module(ndpi_struct); + return 0; +} |