3 * @author Philippe Antoine <contact@catenacyber.fr>
4 * fuzz target for AppLayerProtoDetectGetProto
8 #include "suricata-common.h"
9 #include "app-layer-detect-proto.h"
10 #include "flow-util.h"
11 #include "app-layer-parser.h"
12 #include "util-unittest-helper.h"
17 //rule of thumb constant, so as not to timeout target
18 #define PROTO_DETECT_MAX_LEN 1024
20 int LLVMFuzzerTestOneInput(const uint8_t *data
, size_t size
);
22 AppLayerProtoDetectThreadCtx
*alpd_tctx
= NULL
;
24 int LLVMFuzzerTestOneInput(const uint8_t *data
, size_t size
)
32 if (size
< HEADER_LEN
) {
36 if (alpd_tctx
== NULL
) {
39 run_mode
= RUNMODE_UNITTEST
;
42 AppLayerProtoDetectSetup();
43 AppLayerParserSetup();
44 AppLayerParserRegisterProtocolParsers();
45 alpd_tctx
= AppLayerProtoDetectGetCtxThread();
48 f
= TestHelperBuildFlow(AF_INET
, "1.2.3.4", "5.6.7.8", (data
[2] << 8) | data
[3], (data
[4] << 8) | data
[5]);
53 memset(&ssn
, 0, sizeof(TcpSession
));
55 f
->protomap
= FlowGetProtoMapping(f
->proto
);
57 uint8_t flags
= STREAM_TOCLIENT
;
58 if (data
[0] & STREAM_TOSERVER
) {
59 flags
= STREAM_TOSERVER
;
61 alproto
= AppLayerProtoDetectGetProto(
62 alpd_tctx
, f
, data
+ HEADER_LEN
, size
- HEADER_LEN
, f
->proto
, flags
, &reverse
);
63 if (alproto
!= ALPROTO_UNKNOWN
&& alproto
!= ALPROTO_FAILED
&& f
->proto
== IPPROTO_TCP
&&
64 (data
[0] & STREAM_MIDSTREAM
) == 0) {
65 /* If we find a valid protocol at the start of a stream :
66 * check that with smaller input
67 * we find the same protocol or ALPROTO_UNKNOWN.
68 * Otherwise, we have evasion with TCP splitting
70 for (size_t i
= 0; i
< size
-HEADER_LEN
&& i
< PROTO_DETECT_MAX_LEN
; i
++) {
71 alproto2
= AppLayerProtoDetectGetProto(
72 alpd_tctx
, f
, data
+ HEADER_LEN
, i
, f
->proto
, flags
, &reverse
);
73 if (alproto2
!= ALPROTO_UNKNOWN
&& alproto2
!= alproto
) {
74 printf("Failed with input length %" PRIuMAX
" versus %" PRIuMAX
75 ", found %s instead of %s\n",
76 (uintmax_t)i
, (uintmax_t)size
- HEADER_LEN
, AppProtoToString(alproto2
),
77 AppProtoToString(alproto
));
78 printf("Assertion failure: %s-%s\n", AppProtoToString(alproto2
),
79 AppProtoToString(alproto
));