From c3ba65311e2cf4aba8b51cdb6800a5654ef1d060 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Fri, 12 Jul 2024 14:22:25 +0200
Subject: fuzzing: improve coverage (#2495)

Fix detection of WebDAV and Gnutella (over HTTP)
Fix detection of z3950

Add two fuzzers to test `ndpi_memmem()` and `ndpi_strnstr()`

Remove some dead code:
* RTP: the same exact check is performed at the very beginning of the
function
* MQTT: use a better helper to exclude the protocol
* Colletd: `ndpi_hostname_sni_set()` never fails

Update pl7m code (fix a Use-of-uninitialized-value error)
---
 fuzz/fuzz_alg_memmem.cpp | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 fuzz/fuzz_alg_memmem.cpp

(limited to 'fuzz/fuzz_alg_memmem.cpp')

diff --git a/fuzz/fuzz_alg_memmem.cpp b/fuzz/fuzz_alg_memmem.cpp
new file mode 100644
index 000000000..c8e1e1661
--- /dev/null
+++ b/fuzz/fuzz_alg_memmem.cpp
@@ -0,0 +1,35 @@
+#include "ndpi_api.h"
+
+#include "fuzzer/FuzzedDataProvider.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  FuzzedDataProvider fuzzed_data(data, size);
+  char dst[256];
+  uint8_t *h;
+  int h_len, needle_len = 0, needle_start = 0;
+
+  /* No real memory allocations involved */
+
+  /* 1: needle is a subset of haystack */
+
+  std::vector<uint8_t>haystack = fuzzed_data.ConsumeBytes<uint8_t>(512);
+  h = haystack.data();
+  h_len = haystack.size();
+
+  if(h_len > 1) {
+    needle_start = fuzzed_data.ConsumeIntegralInRange(0, h_len - 1);
+    needle_len = fuzzed_data.ConsumeIntegralInRange(0, h_len - needle_start - 1); 
+  }
+  ndpi_memmem(h, h_len, &h[needle_start], needle_len);
+
+  /* 2: fully random */
+
+  std::vector<uint8_t>needle = fuzzed_data.ConsumeBytes<uint8_t>(512);
+  ndpi_memmem(h, h_len, needle.data(), needle.size());
+
+
+  /* Let use this fuzzer to check also this simple function... */
+  ndpi_strlcpy(dst, (const char *)h, sizeof(dst), h_len);
+
+  return 0;
+}
-- 
cgit v1.2.3