From b51a2ac72a3cbd1b470890d0151a46da28e6754e Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Thu, 9 Feb 2023 20:02:12 +0100
Subject: fuzz: some improvements and add two new fuzzers (#1881)

Remove `FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION` define from
`fuzz/Makefile.am`; it is already included by the main configure script
(when fuzzing).

Add a knob to force disabling of AESNI optimizations: this way we can
fuzz also no-aesni crypto code.

Move CRC32 algorithm into the library.

Add some fake traces to extend fuzzing coverage. Note that these traces
are hand-made (via scapy/curl) and must not be used as "proof" that the
dissectors are really able to identify this kind of traffic.

Some small updates to some dissectors:

CSGO: remove a wrong rule (never triggered, BTW). Any UDP packet starting
with "VS01" will be classified as STEAM (see steam.c around line 111).
Googling it, it seems right so.

XBOX: XBOX only analyses UDP flows while HTTP only TCP ones; therefore
that condition is false.

RTP, STUN: removed useless "break"s

Zattoo: `flow->zattoo_stage` is never set to any values greater or equal
to 5, so these checks are never true.

PPStream: `flow->l4.udp.ppstream_stage` is never read. Delete it.

TeamSpeak: we check for `flow->packet_counter == 3` just above, so the
following check `flow->packet_counter >= 3` is always false.
---
 fuzz/fuzz_alg_crc32_md5.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 fuzz/fuzz_alg_crc32_md5.c

(limited to 'fuzz/fuzz_alg_crc32_md5.c')

diff --git a/fuzz/fuzz_alg_crc32_md5.c b/fuzz/fuzz_alg_crc32_md5.c
new file mode 100644
index 000000000..ad8c5d2ff
--- /dev/null
+++ b/fuzz/fuzz_alg_crc32_md5.c
@@ -0,0 +1,12 @@
+#include "ndpi_api.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  u_char hash[16];
+
+  /* No memory allocations involved */
+
+  ndpi_crc32(data, size);
+  ndpi_md5(data, size, hash);
+
+  return 0;
+}
-- 
cgit v1.2.3