fuzz: more precise assertion for protocol detection

author Philippe Antoine <contact@catenacyber.fr>

Tue, 2 Feb 2021 13:44:43 +0000 (14:44 +0100)

committer Victor Julien <victor@inliniac.net>

Fri, 26 Feb 2021 12:33:39 +0000 (13:33 +0100)
author Philippe Antoine <contact@catenacyber.fr>
Tue, 2 Feb 2021 13:44:43 +0000 (14:44 +0100)
committer Victor Julien <victor@inliniac.net>
Fri, 26 Feb 2021 12:33:39 +0000 (13:33 +0100)
diff --git a/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c b/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c

index bca53e14887db8c857c4d7c9cacd47b4f9fe7070..0a8095c8ae194c51d5faa24657693e50e87befc9 100644 (file)
--- a/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c
+++ b/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c
@@ -55,8 +55,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
      f->protomap = FlowGetProtoMapping(f->proto);
  
      alproto = AppLayerProtoDetectGetProto(alpd_tctx, f, data+HEADER_LEN, size-HEADER_LEN, f->proto, data[0], &reverse);
-    if (alproto != ALPROTO_UNKNOWN && alproto != ALPROTO_FAILED && f->proto == IPPROTO_TCP) {
-        /* If we find a valid protocol :
+    if (alproto != ALPROTO_UNKNOWN && alproto != ALPROTO_FAILED && f->proto == IPPROTO_TCP &&
+            (data[0] & STREAM_MIDSTREAM) == 0) {
+        /* If we find a valid protocol at the start of a stream :
           * check that with smaller input
           * we find the same protocol or ALPROTO_UNKNOWN.
           * Otherwise, we have evasion with TCP splitting
author	Philippe Antoine <contact@catenacyber.fr>
	Tue, 2 Feb 2021 13:44:43 +0000 (14:44 +0100)
committer	Victor Julien <victor@inliniac.net>
	Fri, 26 Feb 2021 12:33:39 +0000 (13:33 +0100)