From 3edfad01a1bb22b33bd5bafa0ceeb13e27f03e67 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Tue, 18 Jul 2023 07:41:56 +0200
Subject: fuzz: extend fuzzing coverage (#2052)

Added/merged some traces.
Improved Socks identification
---
 src/lib/protocols/socks45.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/lib/protocols')

diff --git a/src/lib/protocols/socks45.c b/src/lib/protocols/socks45.c
index 6845ecaf2..6cdac93d1 100644
--- a/src/lib/protocols/socks45.c
+++ b/src/lib/protocols/socks45.c
@@ -90,7 +90,8 @@ static void ndpi_check_socks5(struct ndpi_detection_module_struct *ndpi_struct,
   if(flow->socks5_stage == 0) {
     NDPI_LOG_DBG2(ndpi_struct, "SOCKS5 stage 0: \n");
 
-    if((payload_len == 3) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00)) {
+    if(((payload_len == 3) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00)) ||
+       ((payload_len == 4) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x02) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x01))) {
       NDPI_LOG_DBG2(ndpi_struct, "Possible SOCKS5 request detected, we will look further for the response\n");
 
       /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */
-- 
cgit v1.2.3