From 33905b0910e93eeaceeacd21ee1671694a79cd74 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 19 Nov 2020 14:10:08 +0100 Subject: [PATCH] fuzz: check PacketCopyData return value before processing packet --- src/tests/fuzz/fuzz_sigpcap.c | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/src/tests/fuzz/fuzz_sigpcap.c b/src/tests/fuzz/fuzz_sigpcap.c index f3e8ae1f21..d2c2f30f3d 100644 --- a/src/tests/fuzz/fuzz_sigpcap.c +++ b/src/tests/fuzz/fuzz_sigpcap.c @@ -143,22 +143,23 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) p->ts.tv_usec = header->ts.tv_usec; p->datalink = pcap_datalink(pkts); while (r > 0) { - PacketCopyData(p, pkt, header->caplen); - //DecodePcapFile - TmEcode ecode = tmm_modules[TMM_DECODEPCAPFILE].Func(&tv, p, dtv); - if (ecode == TM_ECODE_FAILED) { - break; - } - Packet *extra_p = PacketDequeueNoLock(&tv.decode_pq); - while (extra_p != NULL) { - PacketFree(extra_p); - extra_p = PacketDequeueNoLock(&tv.decode_pq); - } - tmm_modules[TMM_FLOWWORKER].Func(&tv, p, fwd); - extra_p = PacketDequeueNoLock(&tv.decode_pq); - while (extra_p != NULL) { - PacketFree(extra_p); + if (PacketCopyData(p, pkt, header->caplen) == 0) { + // DecodePcapFile + TmEcode ecode = tmm_modules[TMM_DECODEPCAPFILE].Func(&tv, p, dtv); + if (ecode == TM_ECODE_FAILED) { + break; + } + Packet *extra_p = PacketDequeueNoLock(&tv.decode_pq); + while (extra_p != NULL) { + PacketFree(extra_p); + extra_p = PacketDequeueNoLock(&tv.decode_pq); + } + tmm_modules[TMM_FLOWWORKER].Func(&tv, p, fwd); extra_p = PacketDequeueNoLock(&tv.decode_pq); + while (extra_p != NULL) { + PacketFree(extra_p); + extra_p = PacketDequeueNoLock(&tv.decode_pq); + } } r = pcap_next_ex(pkts, &header, &pkt); PACKET_RECYCLE(p); -- 2.47.2