From 77247ba07b0052e175dd60ae1db22e65007691eb Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Mon, 11 Oct 2021 02:24:09 +0200 Subject: Fix broken fuzz_process_packet fuzzer by adding a call to ndpi_finalize_initialization(). * fixed several memory errors (heap-overflow, unitialized memory, etc) * ability to build fuzz_process_packet with a main() allowing to replay crash data generated with fuzz_process_packet by LLVMs libfuzzer * temporarily disable fuzzing if `tests/do.sh` executed with env FUZZY_TESTING_ENABLED=1 Signed-off-by: Toni Uhlig --- src/lib/protocols/bittorrent.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'src/lib/protocols/bittorrent.c') diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index f49c7f31a..f78706195 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -477,8 +477,11 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st || (bt_proto = ndpi_strnstr((const char *)packet->payload, "BitTorrent protocol", packet->payload_packet_len)) ) { bittorrent_found: - if(bt_proto && (packet->payload_packet_len > 47)) - memcpy(flow->protos.bittorrent.hash, &bt_proto[27], 20); + if(bt_proto != NULL && ((u_int8_t *)&bt_proto[27] - packet->payload + + sizeof(flow->protos.bittorrent.hash)) < packet->payload_packet_len) + { + memcpy(flow->protos.bittorrent.hash, &bt_proto[27], sizeof(flow->protos.bittorrent.hash)); + } NDPI_LOG_INFO(ndpi_struct, "found BT: plain\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 0, -- cgit v1.2.3