Skip to content

Commit

Permalink
fuzz: simplify target for protocol detection
Browse files Browse the repository at this point in the history
As too many cases are found when splitting tcp payload
  • Loading branch information
catenacyber committed Dec 5, 2024
1 parent 647f92d commit 029bf34
Showing 1 changed file with 1 addition and 26 deletions.
27 changes: 1 addition & 26 deletions src/tests/fuzz/fuzz_applayerprotodetectgetproto.c
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
Flow *f;
TcpSession ssn;
bool reverse;
AppProto alproto;
AppProto alproto2;

if (alpd_tctx == NULL) {
//global init
Expand Down Expand Up @@ -66,31 +64,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
if (data[0] & STREAM_TOSERVER) {
flags = STREAM_TOSERVER;
}
alproto = AppLayerProtoDetectGetProto(
AppLayerProtoDetectGetProto(
alpd_tctx, f, data + HEADER_LEN, size - HEADER_LEN, f->proto, flags, &reverse);
if (alproto != ALPROTO_UNKNOWN && alproto != ALPROTO_FAILED && f->proto == IPPROTO_TCP) {
/* If we find a valid protocol at the start of a stream :
* check that with smaller input
* we find the same protocol or ALPROTO_UNKNOWN.
* Otherwise, we have evasion with TCP splitting
*/
for (size_t i = 0; i < size-HEADER_LEN && i < PROTO_DETECT_MAX_LEN; i++) {
// reset detection at each try cf probing_parser_toserver_alproto_masks
AppLayerProtoDetectReset(f);
alproto2 = AppLayerProtoDetectGetProto(
alpd_tctx, f, data + HEADER_LEN, i, f->proto, flags, &reverse);
if (alproto2 != ALPROTO_UNKNOWN && alproto2 != alproto) {
printf("Failed with input length %" PRIuMAX " versus %" PRIuMAX
", found %s instead of %s\n",
(uintmax_t)i, (uintmax_t)size - HEADER_LEN, AppProtoToString(alproto2),
AppProtoToString(alproto));
printf("Assertion failure: %s-%s\n", AppProtoToString(alproto2),
AppProtoToString(alproto));
fflush(stdout);
abort();
}
}
}
FlowFree(f);

return 0;
Expand Down

0 comments on commit 029bf34

Please sign in to comment.