From b2d32d9a5205105f58b4422148d600f932662f55 Mon Sep 17 00:00:00 2001 From: Ivan Nardi Date: Fri, 1 Nov 2024 16:01:12 +0100 Subject: [PATCH] fuzz: improve coverage Add fuzzer to test `ndpi_quick_encrypt()` and `ndpi_quick_decrypt()` --- .gitignore | 1 + fuzz/Makefile.am | 17 ++++++++++++++++- fuzz/fuzz_alg_quick_encryption.cpp | 30 ++++++++++++++++++++++++++++++ src/lib/ndpi_utils.c | 7 +++++-- 4 files changed, 52 insertions(+), 3 deletions(-) create mode 100644 fuzz/fuzz_alg_quick_encryption.cpp diff --git a/.gitignore b/.gitignore index 63f6dc7c9be..baa2a26dcc6 100644 --- a/.gitignore +++ b/.gitignore @@ -68,6 +68,7 @@ /fuzz/fuzz_alg_shoco /fuzz/fuzz_alg_memmem /fuzz/fuzz_alg_strnstr +/fuzz/fuzz_alg_quick_encryption /fuzz/fuzz_config /fuzz/fuzz_community_id /fuzz/fuzz_serialization diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index 198091c881b..c2210289233 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -1,6 +1,6 @@ bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader fuzz_ndpi_reader_alloc_fail fuzz_ndpi_reader_payload_analyzer fuzz_quic_get_crypto_data fuzz_config fuzz_community_id fuzz_serialization fuzz_tls_certificate fuzz_dga fuzz_is_stun_udp fuzz_is_stun_tcp #Alghoritms -bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_jitter fuzz_alg_ses_des fuzz_alg_crc32_md5 fuzz_alg_bytestream fuzz_alg_shoco fuzz_alg_memmem fuzz_alg_strnstr +bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_jitter fuzz_alg_ses_des fuzz_alg_crc32_md5 fuzz_alg_bytestream fuzz_alg_shoco fuzz_alg_memmem fuzz_alg_strnstr fuzz_alg_quick_encryption #Data structures bin_PROGRAMS += fuzz_ds_patricia fuzz_ds_ahocorasick fuzz_ds_libcache fuzz_ds_tree fuzz_ds_ptree fuzz_ds_hash fuzz_ds_cmsketch fuzz_ds_bitmap64_fuse fuzz_ds_domain_classify #Third party @@ -249,6 +249,21 @@ fuzz_alg_strnstr_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ $(fuzz_alg_strnstr_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ +fuzz_alg_quick_encryption_SOURCES = fuzz_alg_quick_encryption.cpp fuzz_common_code.c +fuzz_alg_quick_encryption_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) +fuzz_alg_quick_encryption_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) +fuzz_alg_quick_encryption_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) +fuzz_alg_quick_encryption_LDFLAGS = $(LIBS) +if HAS_FUZZLDFLAGS +fuzz_alg_quick_encryption_CXXFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_alg_quick_encryption_CFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_alg_quick_encryption_LDFLAGS += $(LIB_FUZZING_ENGINE) +endif +# force usage of CXX for linker +fuzz_alg_quick_encryption_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ + $(fuzz_alg_quick_encryption_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ + fuzz_alg_ses_des_SOURCES = fuzz_alg_ses_des.cpp fuzz_common_code.c fuzz_alg_ses_des_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) fuzz_alg_ses_des_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) diff --git a/fuzz/fuzz_alg_quick_encryption.cpp b/fuzz/fuzz_alg_quick_encryption.cpp new file mode 100644 index 00000000000..6bf65bdd721 --- /dev/null +++ b/fuzz/fuzz_alg_quick_encryption.cpp @@ -0,0 +1,30 @@ +#include "ndpi_api.h" +#include "fuzz_common_code.h" + +#include +#include +#include "fuzzer/FuzzedDataProvider.h" + + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + FuzzedDataProvider fuzzed_data(data, size); + char *enc_buffer, *dec_buffer; + u_int16_t encrypted_msg_len, decrypted_msg_len; + + if(fuzzed_data.remaining_bytes() <= 64) /* Some data */ + return -1; + + /* To allow memory allocation failures */ + fuzz_set_alloc_callbacks_and_seed(size); + + std::vectorkey = fuzzed_data.ConsumeBytes(64); + std::vectorcleartext_msg = fuzzed_data.ConsumeRemainingBytes(); + + enc_buffer = ndpi_quick_encrypt(cleartext_msg.data(), cleartext_msg.size(), &encrypted_msg_len, key.data()); + if(enc_buffer) { + dec_buffer = ndpi_quick_decrypt(enc_buffer, encrypted_msg_len, &decrypted_msg_len, key.data()); + ndpi_free(enc_buffer); + ndpi_free(dec_buffer); + } + return 0; +} diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index a51f6c059f8..6aefc20e28d 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -3810,7 +3810,8 @@ char* ndpi_quick_encrypt(const char *cleartext_msg, encoded = ndpi_base64_encode((const unsigned char *)encoded_buf, encoded_len); ndpi_free(encoded_buf); - *encrypted_msg_len = strlen(encoded); + if(encoded) + *encrypted_msg_len = strlen(encoded); return(encoded); } @@ -3842,13 +3843,15 @@ char* ndpi_quick_decrypt(const char *encrypted_msg, if((content == NULL) || (content_len == 0)) { /* Base64 decoding error */ + ndpi_free(decoded_string); ndpi_free(content); return(NULL); } if(allocated_decoded_string < (content_len+1)) { /* Buffer size failure */ - free(content); + ndpi_free(decoded_string); + ndpi_free(content); return(NULL); }