diff options
Diffstat (limited to 'fuzz')
| -rw-r--r-- | fuzz/Makefile.am | 17 | ||||
| -rw-r--r-- | fuzz/fuzz_ds_address_cache.cpp | 106 |
2 files changed, 122 insertions, 1 deletions
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index 30ce2d969..273464d29 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -2,7 +2,7 @@ bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader fuzz_ndpi_reader_alloc_fail #Alghoritms bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_jitter fuzz_alg_ses_des fuzz_alg_crc32_md5 fuzz_alg_bytestream fuzz_alg_shoco fuzz_alg_memmem fuzz_alg_strnstr fuzz_alg_quick_encryption #Data structures -bin_PROGRAMS += fuzz_ds_patricia fuzz_ds_ahocorasick fuzz_ds_libcache fuzz_ds_tree fuzz_ds_ptree fuzz_ds_hash fuzz_ds_cmsketch fuzz_ds_bitmap64_fuse fuzz_ds_domain_classify fuzz_ds_kdtree fuzz_ds_btree +bin_PROGRAMS += fuzz_ds_patricia fuzz_ds_ahocorasick fuzz_ds_libcache fuzz_ds_tree fuzz_ds_ptree fuzz_ds_hash fuzz_ds_cmsketch fuzz_ds_bitmap64_fuse fuzz_ds_domain_classify fuzz_ds_kdtree fuzz_ds_btree fuzz_ds_address_cache #Third party bin_PROGRAMS += fuzz_libinjection fuzz_binaryfusefilter #Internal crypto @@ -444,6 +444,21 @@ fuzz_ds_btree_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ $(fuzz_ds_btree_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ +fuzz_ds_address_cache_SOURCES = fuzz_ds_address_cache.cpp fuzz_common_code.c +fuzz_ds_address_cache_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DNDPI_LIB_COMPILATION +fuzz_ds_address_cache_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DNDPI_LIB_COMPILATION +fuzz_ds_address_cache_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) +fuzz_ds_address_cache_LDFLAGS = $(LIBS) +if HAS_FUZZLDFLAGS +fuzz_ds_address_cache_CXXFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_ds_address_cache_CFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_ds_address_cache_LDFLAGS += $(LIB_FUZZING_ENGINE) +endif +# force usage of CXX for linker +fuzz_ds_address_cache_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ + $(fuzz_ds_address_cache_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ + fuzz_libinjection_SOURCES = fuzz_libinjection.c fuzz_libinjection_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) fuzz_libinjection_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) diff --git a/fuzz/fuzz_ds_address_cache.cpp b/fuzz/fuzz_ds_address_cache.cpp new file mode 100644 index 000000000..4bef64fe9 --- /dev/null +++ b/fuzz/fuzz_ds_address_cache.cpp @@ -0,0 +1,106 @@ +#include "ndpi_api.h" +#include "ndpi_private.h" + +#include "fuzz_common_code.h" + +#include <stdint.h> +#include <stdio.h> +#include <assert.h> +#include "fuzzer/FuzzedDataProvider.h" + + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + FuzzedDataProvider fuzzed_data(data, size); + u_int16_t i, num_iteration; + int is_added = 0; + struct ndpi_detection_module_struct ndpi_struct; /*Opaque; we don't really need to initialize it */ + ndpi_ip_addr_t ip_addr, ip_addr_added; + char *hostname, *hostname2; + u_int32_t epoch_now; + u_int32_t ttl; + bool rc; + char path[] = "random.dump"; + + + /* Just to have some data */ + if (fuzzed_data.remaining_bytes() < 1024) + return -1; + + /* To allow memory allocation failures */ + fuzz_set_alloc_callbacks_and_seed(size); + + + memset(&ndpi_struct, '\0', sizeof(struct ndpi_detection_module_struct)); + ndpi_struct.cfg.address_cache_size = fuzzed_data.ConsumeIntegral<u_int8_t>(); + + epoch_now = 1; + + /* Random insert */ + num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>(); + for (i = 0; i < num_iteration; i++) { + if (fuzzed_data.ConsumeBool()) { + if(fuzzed_data.remaining_bytes() > 16) { + memcpy(&ip_addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16); + } else { + continue; + } + } else { + memset(&ip_addr, '\0', sizeof(ip_addr)); + ip_addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>(); + } + hostname = strdup(fuzzed_data.ConsumeRandomLengthString(32).c_str()); + ttl = fuzzed_data.ConsumeIntegral<u_int8_t>(); + epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>(); + + rc = ndpi_cache_address(&ndpi_struct, ip_addr, hostname, epoch_now, ttl); + if (rc == true) { + if(is_added == 0 && fuzzed_data.ConsumeBool()) { + /* Keep one random node really added */ + is_added = 1; + ip_addr_added = ip_addr; + } else if(fuzzed_data.ConsumeBool()) { + /* Add also same ip with different hostname */ + hostname2 = ndpi_strdup(fuzzed_data.ConsumeRandomLengthString(32).c_str()); + ndpi_cache_address(&ndpi_struct, ip_addr, hostname2, epoch_now, ttl); + ndpi_free(hostname2); + } + } + ndpi_free(hostname); + } + + /* "Random" search */ + num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>(); + for (i = 0; i < num_iteration; i++) { + if (fuzzed_data.ConsumeBool()) { + if(fuzzed_data.remaining_bytes() > 16) { + memcpy(&ip_addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16); + } else { + continue; + } + } else { + memset(&ip_addr, '\0', sizeof(ip_addr)); + ip_addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>(); + } + + ndpi_cache_address_find(&ndpi_struct, ip_addr); + } + /* Search of an added entry */ + if(is_added) + ndpi_cache_address_find(&ndpi_struct, ip_addr_added); + + if(fuzzed_data.ConsumeBool()) { + epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>(); + ndpi_cache_address_flush_expired(&ndpi_struct, epoch_now); + } + + epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>(); + rc = ndpi_cache_address_dump(&ndpi_struct, path, epoch_now); + if(rc) { + epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>(); + ndpi_cache_address_restore(&ndpi_struct, path, epoch_now); + } + + ndpi_term_address_cache(ndpi_struct.address_cache); + + return 0; +} |