From 77247ba07b0052e175dd60ae1db22e65007691eb Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Mon, 11 Oct 2021 02:24:09 +0200 Subject: Fix broken fuzz_process_packet fuzzer by adding a call to ndpi_finalize_initialization(). * fixed several memory errors (heap-overflow, unitialized memory, etc) * ability to build fuzz_process_packet with a main() allowing to replay crash data generated with fuzz_process_packet by LLVMs libfuzzer * temporarily disable fuzzing if `tests/do.sh` executed with env FUZZY_TESTING_ENABLED=1 Signed-off-by: Toni Uhlig --- example/reader_util.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'example') diff --git a/example/reader_util.c b/example/reader_util.c index 453660ce7..35632920e 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -980,7 +980,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo u_int8_t l4proto = iph6->ip6_hdr.ip6_un1_nxt; u_int16_t ip_len = ntohs(iph6->ip6_hdr.ip6_un1_plen); const u_int8_t *l4ptr = (((const u_int8_t *) iph6) + sizeof(struct ndpi_ipv6hdr)); - if(ndpi_handle_ipv6_extension_headers(NULL, &l4ptr, &ip_len, &l4proto) != 0) { + if(ndpi_handle_ipv6_extension_headers(ipsize - sizeof(struct ndpi_ipv6hdr), &l4ptr, &ip_len, &l4proto) != 0) { return(NULL); } iph.protocol = l4proto; @@ -1908,8 +1908,9 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, return(nproto); /* Too short for IPv6 payload*/ const u_int8_t *l4ptr = (((const u_int8_t *) iph6) + sizeof(struct ndpi_ipv6hdr)); + u_int16_t ipsize = header->caplen - ip_offset; - if(ndpi_handle_ipv6_extension_headers(NULL, &l4ptr, &ip_len, &proto) != 0) { + if(ndpi_handle_ipv6_extension_headers(ipsize - sizeof(struct ndpi_ipv6hdr), &l4ptr, &ip_len, &proto) != 0) { return(nproto); } -- cgit v1.2.3