From 09c84d0c26d58e4750ef2114699c9324b561bf4e Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Wed, 15 Dec 2021 20:48:47 +0100 Subject: [PATCH] fuzz: use fuzzing confyaml for protodetect target As is done for other targets, so that all app-layer protocols are enabled, even the ones disabled by default such as enip And resets protocol detection every time we try so that probing_parser_toserver_alproto_masks are fresh. --- src/tests/fuzz/fuzz_applayerprotodetectgetproto.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c b/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c index e9df4db8eb..b743ad3abf 100644 --- a/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c +++ b/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c @@ -10,13 +10,15 @@ #include "flow-util.h" #include "app-layer-parser.h" #include "util-unittest-helper.h" - +#include "conf-yaml-loader.h" #define HEADER_LEN 6 //rule of thumb constant, so as not to timeout target #define PROTO_DETECT_MAX_LEN 1024 +#include "confyaml.c" + int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); AppLayerProtoDetectThreadCtx *alpd_tctx = NULL; @@ -37,6 +39,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) //global init InitGlobal(); run_mode = RUNMODE_UNITTEST; + if (ConfYamlLoadString(configNoChecksum, strlen(configNoChecksum)) != 0) { + abort(); + } MpmTableSetup(); SpmTableSetup(); AppLayerProtoDetectSetup(); @@ -60,14 +65,15 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) } alproto = AppLayerProtoDetectGetProto( alpd_tctx, f, data + HEADER_LEN, size - HEADER_LEN, f->proto, flags, &reverse); - if (alproto != ALPROTO_UNKNOWN && alproto != ALPROTO_FAILED && f->proto == IPPROTO_TCP && - (data[0] & STREAM_MIDSTREAM) == 0) { + if (alproto != ALPROTO_UNKNOWN && alproto != ALPROTO_FAILED && f->proto == IPPROTO_TCP) { /* If we find a valid protocol at the start of a stream : * check that with smaller input * we find the same protocol or ALPROTO_UNKNOWN. * Otherwise, we have evasion with TCP splitting */ for (size_t i = 0; i < size-HEADER_LEN && i < PROTO_DETECT_MAX_LEN; i++) { + // reset detection at each try cf probing_parser_toserver_alproto_masks + AppLayerProtoDetectReset(f); alproto2 = AppLayerProtoDetectGetProto( alpd_tctx, f, data + HEADER_LEN, i, f->proto, flags, &reverse); if (alproto2 != ALPROTO_UNKNOWN && alproto2 != alproto) {