From: Philippe Antoine <pantoine@oisf.net>
Date: Mon, 5 Dec 2022 10:42:53 +0000 (+0100)
Subject: fuzz: do not use timestamps at the end of times
X-Git-Tag: suricata-7.0.0-rc1~272
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a58ffe5b3ecbe4762ba6352d0280edcdced6675f;p=thirdparty%2Fsuricata.git

fuzz: do not use timestamps at the end of times

so as not to have integer overflows
---

diff --git a/src/tests/fuzz/fuzz_predefpcap_aware.c b/src/tests/fuzz/fuzz_predefpcap_aware.c
index 49b2a5d9ce..0095e249e9 100644
--- a/src/tests/fuzz/fuzz_predefpcap_aware.c
+++ b/src/tests/fuzz/fuzz_predefpcap_aware.c
@@ -117,6 +117,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     // loop over packets
     r = FPC_next(&pkts, &header, &pkt);
     p = PacketGetFromAlloc();
+    if (header.ts.tv_sec >= INT_MAX - 3600) {
+        goto bail;
+    }
     p->ts.tv_sec = header.ts.tv_sec;
     p->ts.tv_usec = header.ts.tv_usec % 1000000;
     p->datalink = pkts.datalink;
@@ -140,6 +143,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
             }
         }
         r = FPC_next(&pkts, &header, &pkt);
+        if (header.ts.tv_sec >= INT_MAX - 3600) {
+            goto bail;
+        }
         PacketRecycle(p);
         p->ts.tv_sec = header.ts.tv_sec;
         p->ts.tv_usec = header.ts.tv_usec % 1000000;
@@ -147,6 +153,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         pcap_cnt++;
         p->pcap_cnt = pcap_cnt;
     }
+bail:
     PacketFree(p);
     FlowReset();
 
diff --git a/src/tests/fuzz/fuzz_sigpcap.c b/src/tests/fuzz/fuzz_sigpcap.c
index f169ad1366..1560691fbe 100644
--- a/src/tests/fuzz/fuzz_sigpcap.c
+++ b/src/tests/fuzz/fuzz_sigpcap.c
@@ -160,6 +160,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     //loop over packets
     r = pcap_next_ex(pkts, &header, &pkt);
     p = PacketGetFromAlloc();
+    if (header->ts.tv_sec >= INT_MAX - 3600) {
+        goto bail;
+    }
     p->ts.tv_sec = header->ts.tv_sec;
     p->ts.tv_usec = header->ts.tv_usec % 1000000;
     p->datalink = pcap_datalink(pkts);
@@ -184,6 +187,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
             }
         }
         r = pcap_next_ex(pkts, &header, &pkt);
+        if (header->ts.tv_sec >= INT_MAX - 3600) {
+            goto bail;
+        }
         PacketRecycle(p);
         p->ts.tv_sec = header->ts.tv_sec;
         p->ts.tv_usec = header->ts.tv_usec % 1000000;
@@ -192,6 +198,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         pcap_cnt++;
         p->pcap_cnt = pcap_cnt;
     }
+bail:
     //close structure
     pcap_close(pkts);
     PacketFree(p);
diff --git a/src/tests/fuzz/fuzz_sigpcap_aware.c b/src/tests/fuzz/fuzz_sigpcap_aware.c
index 4518725b87..c03ecd840a 100644
--- a/src/tests/fuzz/fuzz_sigpcap_aware.c
+++ b/src/tests/fuzz/fuzz_sigpcap_aware.c
@@ -157,6 +157,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     // loop over packets
     r = FPC_next(&pkts, &header, &pkt);
     p = PacketGetFromAlloc();
+    if (header.ts.tv_sec >= INT_MAX - 3600) {
+        goto bail;
+    }
     p->pkt_src = PKT_SRC_WIRE;
     p->ts.tv_sec = header.ts.tv_sec;
     p->ts.tv_usec = header.ts.tv_usec % 1000000;
@@ -181,6 +184,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
             }
         }
         r = FPC_next(&pkts, &header, &pkt);
+        if (header.ts.tv_sec >= INT_MAX - 3600) {
+            goto bail;
+        }
         PacketRecycle(p);
         p->pkt_src = PKT_SRC_WIRE;
         p->ts.tv_sec = header.ts.tv_sec;
@@ -189,6 +195,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         pcap_cnt++;
         p->pcap_cnt = pcap_cnt;
     }
+bail:
     PacketFree(p);
     FlowReset();