3 * @author Philippe Antoine <contact@catenacyber.fr>
4 * fuzz target for AppLayerProtoDetectGetProto
8 #include "suricata-common.h"
9 #include "app-layer-detect-proto.h"
10 #include "flow-util.h"
11 #include "app-layer-parser.h"
12 #include "util-unittest-helper.h"
18 int LLVMFuzzerTestOneInput(const uint8_t *data
, size_t size
);
20 AppLayerProtoDetectThreadCtx
*alpd_tctx
= NULL
;
22 int LLVMFuzzerTestOneInput(const uint8_t *data
, size_t size
)
30 if (size
< HEADER_LEN
) {
34 if (alpd_tctx
== NULL
) {
37 run_mode
= RUNMODE_UNITTEST
;
40 AppLayerProtoDetectSetup();
41 AppLayerParserSetup();
42 AppLayerParserRegisterProtocolParsers();
43 alpd_tctx
= AppLayerProtoDetectGetCtxThread();
46 f
= UTHBuildFlow(AF_INET
, "1.2.3.4", "5.6.7.8", (data
[2] << 8) | data
[3], (data
[4] << 8) | data
[5]);
51 memset(&ssn
, 0, sizeof(TcpSession
));
53 f
->protomap
= FlowGetProtoMapping(f
->proto
);
55 alproto
= AppLayerProtoDetectGetProto(alpd_tctx
, f
, data
+HEADER_LEN
, size
-HEADER_LEN
, f
->proto
, data
[0], &reverse
);
56 if (alproto
!= ALPROTO_UNKNOWN
&& alproto
!= ALPROTO_FAILED
&& f
->proto
== IPPROTO_TCP
) {
57 /* If we find a valid protocol :
58 * check that with smaller input
59 * we find the same protocol or ALPROTO_UNKNOWN.
60 * Otherwise, we have evasion with TCP splitting
62 for (size_t i
= 0; i
< size
-HEADER_LEN
; i
++) {
63 alproto2
= AppLayerProtoDetectGetProto(alpd_tctx
, f
, data
+HEADER_LEN
, i
, f
->proto
, data
[0], &reverse
);
64 if (alproto2
!= ALPROTO_UNKNOWN
&& alproto2
!= alproto
) {
65 printf("Assertion failure : With input length %"PRIuMAX
", found %s instead of %s\n", (uintmax_t) i
, AppProtoToString(alproto2
), AppProtoToString(alproto
));