fuzz: extend fuzzing coverage

ntop · Jan 23, 2025 · b89fccf · b89fccf
1 parent ab66aab
commit b89fccf
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 3 deletions.
diff --git a/example/reader_util.c b/example/reader_util.c
@@ -1418,6 +1418,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
     if(flow->ndpi_flow->protos.dns.geolocation_iata_code[0] != '\0')
       strcpy(flow->dns.geolocation_iata_code, flow->ndpi_flow->protos.dns.geolocation_iata_code);
 
+#if 0
     if(0) {
       u_int8_t i;
 
@@ -1433,6 +1434,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
 	printf("(%s) %s [ttl: %u]\n", flow->host_server_name, buf, flow->ndpi_flow->protos.dns.rsp_addr_ttl[i]);
       }
     }
+#endif
   }
   /* MDNS */
   else if(is_ndpi_proto(flow, NDPI_PROTOCOL_MDNS)) {

diff --git a/fuzz/fuzz_alg_strnstr.cpp b/fuzz/fuzz_alg_strnstr.cpp
@@ -14,5 +14,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 
   ndpi_strnstr(haystack.c_str(), needle.c_str(), len);
 
+  ndpi_str_endswith(haystack.c_str(), needle.c_str());
+
   return 0;
 }
diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp
@@ -750,6 +750,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     ndpi_get_lru_cache_stats(g_ctx, ndpi_info_mod, static_cast<lru_cache_type>(i), &lru_stats);
   for(i = 0; i < NDPI_PTREE_MAX + 1; i++) /* + 1 to test invalid type */
     ndpi_get_patricia_stats(ndpi_info_mod, static_cast<ptree_type>(i), &patricia_stats);
+  ndpi_patricia_get_stats(NULL, &patricia_stats);
   for(i = 0; i < NDPI_AUTOMA_MAX + 1; i++) /* + 1 to test invalid type */
     ndpi_get_automa_stats(ndpi_info_mod, static_cast<automa_type>(i), &automa_stats);
 

diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c
@@ -22,9 +22,9 @@ u_int8_t human_readeable_string_len = 5;
 u_int8_t max_num_udp_dissected_pkts = 0, max_num_tcp_dissected_pkts = 0; /* Disable limits at application layer */;
 int malloc_size_stats = 0;
 FILE *fingerprint_fp = NULL;
-bool do_load_lists = false;
+bool do_load_lists = true;
 char *addr_dump_path = NULL;
-int monitoring_enabled = 0;
+int monitoring_enabled = 1;
 
 extern void ndpi_report_payload_stats(FILE *out);
 
@@ -39,6 +39,26 @@ size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
 }
 #endif
 
+static void node_cleanup_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) {
+  struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node;
+
+  (void)depth;
+  (void)user_data;
+
+  if(flow == NULL) return;
+
+  if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */
+    if((!flow->detection_completed) && flow->ndpi_flow) {
+      u_int8_t proto_guessed;
+
+      flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct,
+                                                      flow->ndpi_flow, &proto_guessed);
+    }
+
+    process_ndpi_collected_info(workflow, flow);
+  }
+}
+
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   pcap_t * pkts;
   const u_char *pkt;
@@ -160,8 +180,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   pcap_close(pkts);
 
   /* Free flow trees */
-  for(i = 0; i < workflow->prefs.num_roots; i++)
+  for(i = 0; i < workflow->prefs.num_roots; i++) {
+    ndpi_twalk(workflow->ndpi_flows_root[i], node_cleanup_walker, NULL);
     ndpi_tdestroy(workflow->ndpi_flows_root[i], ndpi_flow_info_freer);
+  }
   ndpi_free(workflow->ndpi_flows_root);
   /* Free payload analyzer data */
   if(enable_payload_analyzer)