From: Philippe Antoine Date: Thu, 6 Jan 2022 14:51:00 +0000 (+0100) Subject: fuzz: test for too many open txs in a flow X-Git-Tag: suricata-7.0.0-beta1~900 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5fe9188a95b67caf71c299d6204bb2de6b06a790;p=thirdparty%2Fsuricata.git fuzz: test for too many open txs in a flow so as to avoid performance problems coming from this. --- diff --git a/src/tests/fuzz/fuzz_applayerparserparse.c b/src/tests/fuzz/fuzz_applayerparserparse.c index 945cb32c35..cf397a72ad 100644 --- a/src/tests/fuzz/fuzz_applayerparserparse.c +++ b/src/tests/fuzz/fuzz_applayerparserparse.c @@ -59,6 +59,9 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) return 0; } +// arbitrary value +#define ALPROTO_MAXTX 4096 + int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { Flow * f; @@ -166,6 +169,31 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) } AppLayerParserTransactionsCleanup(f); + + if (f->alstate && f->alparser) { + // check if we have too many open transactions + const uint64_t total_txs = AppLayerParserGetTxCnt(f, f->alstate); + uint64_t min = 0; + AppLayerGetTxIterState state; + memset(&state, 0, sizeof(state)); + uint64_t nbtx = 0; + AppLayerGetTxIteratorFunc IterFunc = AppLayerGetTxIterator(f->proto, f->alproto); + while (1) { + AppLayerGetTxIterTuple ires = + IterFunc(f->proto, f->alproto, f->alstate, min, total_txs, &state); + if (ires.tx_ptr == NULL) + break; + min = ires.tx_id + 1; + nbtx++; + if (nbtx > ALPROTO_MAXTX) { + printf("Too many open transactions for protocol %s\n", + AppProtoToString(f->alproto)); + printf("Assertion failure: %s\n", AppProtoToString(f->alproto)); + fflush(stdout); + abort(); + } + } + } } alsize -= alnext - albuffer + 4; albuffer = alnext + 4;