/src/ndpi/fuzz/fuzz_ds_address_cache.cpp

Source
#include "ndpi_api.h"
#include "ndpi_private.h"

#include "fuzz_common_code.h"

#include <stdint.h>
#include <stdio.h>
#include <assert.h>
#include "fuzzer/FuzzedDataProvider.h"


extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  FuzzedDataProvider fuzzed_data(data, size);
  u_int16_t i, num_iteration;
  int is_added = 0;
  struct ndpi_detection_module_struct ndpi_struct; /*Opaque; we don't really need to initialize it */
  ndpi_ip_addr_t ip_addr, ip_addr_added;
  char *hostname, *hostname2;
  u_int32_t epoch_now;
  u_int32_t ttl;
  bool rc;
  char path[] = "random.dump";


  /* Just to have some data */
  if (fuzzed_data.remaining_bytes() < 1024)
    return -1;

  /* To allow memory allocation failures */
  fuzz_set_alloc_callbacks_and_seed(size);


  memset(&ndpi_struct, '\0', sizeof(struct ndpi_detection_module_struct));
  ndpi_struct.cfg.address_cache_size = fuzzed_data.ConsumeIntegral<u_int8_t>();

  epoch_now = 1;

  /* Random insert */
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {
    if (fuzzed_data.ConsumeBool()) {
      if(fuzzed_data.remaining_bytes() > 16) {
        memcpy(&ip_addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16);
      } else {
        continue;
      }
    } else {
      memset(&ip_addr, '\0', sizeof(ip_addr));
      ip_addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>();
    }
    hostname = strdup(fuzzed_data.ConsumeRandomLengthString(32).c_str());
    ttl = fuzzed_data.ConsumeIntegral<u_int8_t>();
    epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>();

    rc = ndpi_cache_address(&ndpi_struct, ip_addr, hostname, epoch_now, ttl);
    if (rc == true) {
      if(is_added == 0 && fuzzed_data.ConsumeBool()) {
        /* Keep one random node really added */
        is_added = 1;
        ip_addr_added = ip_addr;
      } else if(fuzzed_data.ConsumeBool()) {
        /* Add also same ip with different hostname */
        hostname2 = ndpi_strdup(fuzzed_data.ConsumeRandomLengthString(32).c_str());
        ndpi_cache_address(&ndpi_struct, ip_addr, hostname2, epoch_now, ttl);
        ndpi_free(hostname2);
      }
    }
    ndpi_free(hostname);
  }

  /* "Random" search */
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {
    if (fuzzed_data.ConsumeBool()) {
      if(fuzzed_data.remaining_bytes() > 16) {
        memcpy(&ip_addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16);
      } else {
        continue;
      }
    } else {
      memset(&ip_addr, '\0', sizeof(ip_addr));
      ip_addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>();
    }

    ndpi_cache_address_find(&ndpi_struct, ip_addr);
  }
  /* Search of an added entry */
  if(is_added)
    ndpi_cache_address_find(&ndpi_struct, ip_addr_added);

  if(fuzzed_data.ConsumeBool()) {
    epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>();
    ndpi_cache_address_flush_expired(&ndpi_struct, epoch_now);
  }

  epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>();
  ndpi_cache_address_dump(&ndpi_struct, path, epoch_now);
  epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>();
  ndpi_cache_address_restore(&ndpi_struct, path, epoch_now);

  ndpi_cache_enable(&ndpi_struct);
  ndpi_cache_hostname_ip_swap(&ndpi_struct);
  ndpi_cache_hostname_ip_swap(&ndpi_struct);

  ndpi_term_address_cache(ndpi_struct.address_cache);
  ndpi_filter_free(ndpi_struct.dns_hostname.cache);
  ndpi_filter_free(ndpi_struct.dns_hostname.cache_shadow);

  return 0;
}

Line	Count	Source
1		#include "ndpi_api.h"
2		#include "ndpi_private.h"
3
4		#include "fuzz_common_code.h"
5
6		#include <stdint.h>
7		#include <stdio.h>
8		#include <assert.h>
9		#include "fuzzer/FuzzedDataProvider.h"
10
11
12	581	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
13	581	FuzzedDataProvider fuzzed_data(data, size);
14	581	u_int16_t i, num_iteration;
15	581	int is_added = 0;
16	581	struct ndpi_detection_module_struct ndpi_struct; /Opaque; we don't really need to initialize it /
17	581	ndpi_ip_addr_t ip_addr, ip_addr_added;
18	581	char hostname, hostname2;
19	581	u_int32_t epoch_now;
20	581	u_int32_t ttl;
21	581	bool rc;
22	581	char path[] = "random.dump";
23
24
25		/* Just to have some data */
26	581	if (fuzzed_data.remaining_bytes() < 1024)
27	18	return -1;
28
29		/* To allow memory allocation failures */
30	563	fuzz_set_alloc_callbacks_and_seed(size);
31
32
33	563	memset(&ndpi_struct, '\0', sizeof(struct ndpi_detection_module_struct));
34	563	ndpi_struct.cfg.address_cache_size = fuzzed_data.ConsumeIntegral<u_int8_t>();
35
36	563	epoch_now = 1;
37
38		/* Random insert */
39	563	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
40	60.5k	for (i = 0; i < num_iteration; i++) {
41	60.0k	if (fuzzed_data.ConsumeBool()) {
42	12.7k	if(fuzzed_data.remaining_bytes() > 16) {
43	12.5k	memcpy(&ip_addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16);
44	12.5k	} else {
45	200	continue;
46	200	}
47	47.2k	} else {
48	47.2k	memset(&ip_addr, '\0', sizeof(ip_addr));
49	47.2k	ip_addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>();
50	47.2k	}
51	59.8k	hostname = strdup(fuzzed_data.ConsumeRandomLengthString(32).c_str());
52	59.8k	ttl = fuzzed_data.ConsumeIntegral<u_int8_t>();
53	59.8k	epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>();
54
55	59.8k	rc = ndpi_cache_address(&ndpi_struct, ip_addr, hostname, epoch_now, ttl);
56	59.8k	if (rc == true) {
57	49.5k	if(is_added == 0 && fuzzed_data.ConsumeBool()) {
58		/* Keep one random node really added */
59	407	is_added = 1;
60	407	ip_addr_added = ip_addr;
61	49.1k	} else if(fuzzed_data.ConsumeBool()) {
62		/* Add also same ip with different hostname */
63	12.7k	hostname2 = ndpi_strdup(fuzzed_data.ConsumeRandomLengthString(32).c_str());
64	12.7k	ndpi_cache_address(&ndpi_struct, ip_addr, hostname2, epoch_now, ttl);
65	12.7k	ndpi_free(hostname2);
66	12.7k	}
67	49.5k	}
68	59.8k	ndpi_free(hostname);
69	59.8k	}
70
71		/* "Random" search */
72	563	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
73	31.0k	for (i = 0; i < num_iteration; i++) {
74	30.4k	if (fuzzed_data.ConsumeBool()) {
75	11.4k	if(fuzzed_data.remaining_bytes() > 16) {
76	11.1k	memcpy(&ip_addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16);
77	11.1k	} else {
78	340	continue;
79	340	}
80	19.0k	} else {
81	19.0k	memset(&ip_addr, '\0', sizeof(ip_addr));
82	19.0k	ip_addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>();
83	19.0k	}
84
85	30.1k	ndpi_cache_address_find(&ndpi_struct, ip_addr);
86	30.1k	}
87		/* Search of an added entry */
88	563	if(is_added)
89	407	ndpi_cache_address_find(&ndpi_struct, ip_addr_added);
90
91	563	if(fuzzed_data.ConsumeBool()) {
92	130	epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>();
93	130	ndpi_cache_address_flush_expired(&ndpi_struct, epoch_now);
94	130	}
95
96	563	epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>();
97	563	ndpi_cache_address_dump(&ndpi_struct, path, epoch_now);
98	563	epoch_now += fuzzed_data.ConsumeIntegral<u_int8_t>();
99	563	ndpi_cache_address_restore(&ndpi_struct, path, epoch_now);
100
101	563	ndpi_cache_enable(&ndpi_struct);
102	563	ndpi_cache_hostname_ip_swap(&ndpi_struct);
103	563	ndpi_cache_hostname_ip_swap(&ndpi_struct);
104
105	563	ndpi_term_address_cache(ndpi_struct.address_cache);
106	563	ndpi_filter_free(ndpi_struct.dns_hostname.cache);
107	563	ndpi_filter_free(ndpi_struct.dns_hostname.cache_shadow);
108
109	563	return 0;
110	581	}

Coverage Report

Created: 2025-10-12 06:49