Coverage Report

Created: 2025-06-13 07:05

/src/ndpi/fuzz/fuzz_ds_address_cache.cpp
Line
Count
Source
1
#include "ndpi_api.h"
2
#include "ndpi_private.h"
3
4
#include "fuzz_common_code.h"
5
6
#include <stdint.h>
7
#include <stdio.h>
8
#include <assert.h>
9
#include "fuzzer/FuzzedDataProvider.h"
10
11
12
516
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
13
516
  FuzzedDataProvider fuzzed_data(data, size);
14
516
  u_int16_t i, num_iteration;
15
516
  int is_added = 0;
16
516
  struct ndpi_detection_module_struct ndpi_struct; /*Opaque; we don't really need to initialize it */
17
516
  ndpi_ip_addr_t ip_addr, ip_addr_added;
18
516
  char *hostname, *hostname2;
19
516
  u_int32_t epoch_now;
20
516
  u_int32_t ttl;
21
516
  bool rc;
22
516
  char path[] = "random.dump";
23
24
25
  /* Just to have some data */
26
516
  if (fuzzed_data.remaining_bytes() < 1024)
27
18
    return -1;
28
29
  /* To allow memory allocation failures */
30
498
  fuzz_set_alloc_callbacks_and_seed(size);
31
32
33
498
  memset(&ndpi_struct, '\0', sizeof(struct ndpi_detection_module_struct));
34
498
  ndpi_struct.cfg.address_cache_size = fuzzed_data.ConsumeIntegral<u_int8_t>();
35
36
498
  epoch_now = 1;
37
38
  /* Random insert */
39
498
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
40
50.4k
  for (i = 0; i < num_iteration; i++) {
41
49.9k
    if (fuzzed_data.ConsumeBool()) {
42
10.1k
      if(fuzzed_data.remaining_bytes() > 16) {
43
10.0k
        memcpy(&ip_addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16);
44
10.0k
      } else {
45
150
        continue;
46
150
      }
47
39.7k
    } else {
48
39.7k
      memset(&ip_addr, '\0', sizeof(ip_addr));
49
39.7k
      ip_addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>();
50
39.7k
    }
51
49.7k
    hostname = strdup(fuzzed_data.ConsumeRandomLengthString(32).c_str());
52
49.7k
    ttl = fuzzed_data.ConsumeIntegral<u_int8_t>();
53
49.7k
    epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>();
54
55
49.7k
    rc = ndpi_cache_address(&ndpi_struct, ip_addr, hostname, epoch_now, ttl);
56
49.7k
    if (rc == true) {
57
45.7k
      if(is_added == 0 && fuzzed_data.ConsumeBool()) {
58
        /* Keep one random node really added */
59
351
        is_added = 1;
60
351
        ip_addr_added = ip_addr;
61
45.4k
      } else if(fuzzed_data.ConsumeBool()) {
62
        /* Add also same ip with different hostname */
63
11.0k
        hostname2 = ndpi_strdup(fuzzed_data.ConsumeRandomLengthString(32).c_str());
64
11.0k
        ndpi_cache_address(&ndpi_struct, ip_addr, hostname2, epoch_now, ttl);
65
11.0k
        ndpi_free(hostname2);
66
11.0k
      }
67
45.7k
    }
68
49.7k
    ndpi_free(hostname);
69
49.7k
  }
70
71
  /* "Random" search */
72
498
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
73
30.5k
  for (i = 0; i < num_iteration; i++) {
74
30.0k
    if (fuzzed_data.ConsumeBool()) {
75
11.1k
      if(fuzzed_data.remaining_bytes() > 16) {
76
10.8k
        memcpy(&ip_addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16);
77
10.8k
      } else {
78
333
        continue;
79
333
      }
80
18.9k
    } else {
81
18.9k
      memset(&ip_addr, '\0', sizeof(ip_addr));
82
18.9k
      ip_addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>();
83
18.9k
    }
84
85
29.7k
    ndpi_cache_address_find(&ndpi_struct, ip_addr);
86
29.7k
  }
87
  /* Search of an added entry */
88
498
  if(is_added)
89
351
    ndpi_cache_address_find(&ndpi_struct, ip_addr_added);
90
91
498
  if(fuzzed_data.ConsumeBool()) {
92
122
    epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>();
93
122
    ndpi_cache_address_flush_expired(&ndpi_struct, epoch_now);
94
122
  }
95
96
498
  epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>();
97
498
  ndpi_cache_address_dump(&ndpi_struct, path, epoch_now);
98
498
  epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>();
99
498
  ndpi_cache_address_restore(&ndpi_struct, path, epoch_now);
100
101
498
  ndpi_term_address_cache(ndpi_struct.address_cache);
102
103
498
  return 0;
104
516
}