Coverage Report

Created: 2025-07-02 06:28

/src/ndpi/fuzz/fuzz_ds_address_cache.cpp
Line
Count
Source
1
#include "ndpi_api.h"
2
#include "ndpi_private.h"
3
4
#include "fuzz_common_code.h"
5
6
#include <stdint.h>
7
#include <stdio.h>
8
#include <assert.h>
9
#include "fuzzer/FuzzedDataProvider.h"
10
11
12
691
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
13
691
  FuzzedDataProvider fuzzed_data(data, size);
14
691
  u_int16_t i, num_iteration;
15
691
  int is_added = 0;
16
691
  struct ndpi_detection_module_struct ndpi_struct; /*Opaque; we don't really need to initialize it */
17
691
  ndpi_ip_addr_t ip_addr, ip_addr_added;
18
691
  char *hostname, *hostname2;
19
691
  u_int32_t epoch_now;
20
691
  u_int32_t ttl;
21
691
  bool rc;
22
691
  char path[] = "random.dump";
23
24
25
  /* Just to have some data */
26
691
  if (fuzzed_data.remaining_bytes() < 1024)
27
18
    return -1;
28
29
  /* To allow memory allocation failures */
30
673
  fuzz_set_alloc_callbacks_and_seed(size);
31
32
33
673
  memset(&ndpi_struct, '\0', sizeof(struct ndpi_detection_module_struct));
34
673
  ndpi_struct.cfg.address_cache_size = fuzzed_data.ConsumeIntegral<u_int8_t>();
35
36
673
  epoch_now = 1;
37
38
  /* Random insert */
39
673
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
40
67.9k
  for (i = 0; i < num_iteration; i++) {
41
67.3k
    if (fuzzed_data.ConsumeBool()) {
42
10.8k
      if(fuzzed_data.remaining_bytes() > 16) {
43
10.6k
        memcpy(&ip_addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16);
44
10.6k
      } else {
45
268
        continue;
46
268
      }
47
56.4k
    } else {
48
56.4k
      memset(&ip_addr, '\0', sizeof(ip_addr));
49
56.4k
      ip_addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>();
50
56.4k
    }
51
67.0k
    hostname = strdup(fuzzed_data.ConsumeRandomLengthString(32).c_str());
52
67.0k
    ttl = fuzzed_data.ConsumeIntegral<u_int8_t>();
53
67.0k
    epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>();
54
55
67.0k
    rc = ndpi_cache_address(&ndpi_struct, ip_addr, hostname, epoch_now, ttl);
56
67.0k
    if (rc == true) {
57
58.0k
      if(is_added == 0 && fuzzed_data.ConsumeBool()) {
58
        /* Keep one random node really added */
59
464
        is_added = 1;
60
464
        ip_addr_added = ip_addr;
61
57.5k
      } else if(fuzzed_data.ConsumeBool()) {
62
        /* Add also same ip with different hostname */
63
9.77k
        hostname2 = ndpi_strdup(fuzzed_data.ConsumeRandomLengthString(32).c_str());
64
9.77k
        ndpi_cache_address(&ndpi_struct, ip_addr, hostname2, epoch_now, ttl);
65
9.77k
        ndpi_free(hostname2);
66
9.77k
      }
67
58.0k
    }
68
67.0k
    ndpi_free(hostname);
69
67.0k
  }
70
71
  /* "Random" search */
72
673
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
73
30.1k
  for (i = 0; i < num_iteration; i++) {
74
29.4k
    if (fuzzed_data.ConsumeBool()) {
75
11.1k
      if(fuzzed_data.remaining_bytes() > 16) {
76
10.7k
        memcpy(&ip_addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16);
77
10.7k
      } else {
78
473
        continue;
79
473
      }
80
18.2k
    } else {
81
18.2k
      memset(&ip_addr, '\0', sizeof(ip_addr));
82
18.2k
      ip_addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>();
83
18.2k
    }
84
85
28.9k
    ndpi_cache_address_find(&ndpi_struct, ip_addr);
86
28.9k
  }
87
  /* Search of an added entry */
88
673
  if(is_added)
89
464
    ndpi_cache_address_find(&ndpi_struct, ip_addr_added);
90
91
673
  if(fuzzed_data.ConsumeBool()) {
92
135
    epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>();
93
135
    ndpi_cache_address_flush_expired(&ndpi_struct, epoch_now);
94
135
  }
95
96
673
  epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>();
97
673
  ndpi_cache_address_dump(&ndpi_struct, path, epoch_now);
98
673
  epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>();
99
673
  ndpi_cache_address_restore(&ndpi_struct, path, epoch_now);
100
101
673
  ndpi_term_address_cache(ndpi_struct.address_cache);
102
103
673
  return 0;
104
691
}