fuzz: extend fuzz coverage

.gitignore

@@ -60,6 +60,7 @@
 /fuzz/fuzz_alg_jitter
 /fuzz/fuzz_alg_crc32_md5
 /fuzz/fuzz_alg_ses_des
+/fuzz/fuzz_alg_bytestream
 /fuzz/fuzz_config
 /fuzz/fuzz_community_id
 /fuzz/fuzz_serialization
@@ -68,6 +69,7 @@
 /fuzz/fuzz_ds_tree
 /fuzz/fuzz_ds_ptree
 /fuzz/fuzz_ds_ahocorasick
+/fuzz/fuzz_libinjection
 /fuzz/fuzz_ndpi_reader_alloc_fail_seed_corpus.zip
 /fuzz/fuzz_ndpi_reader_seed_corpus.zip
 /fuzz/fuzz_quic_get_crypto_data_seed_corpus.zip
@@ -80,11 +82,13 @@
 /fuzz/fuzz_alg_jitter_seed_corpus.zip
 /fuzz/fuzz_alg_crc32_md5_seed_corpus.zip
 /fuzz/fuzz_alg_hw_rsi_outliers_da_seed_corpus.zip
+/fuzz/fuzz_alg_bytestream_seed_corpus.zip
 /fuzz/fuzz_ds_patricia_seed_corpus.zip
 /fuzz/fuzz_ds_libcache_seed_corpus.zip
 /fuzz/fuzz_ds_tree_seed_corpus.zip
 /fuzz/fuzz_ds_ptree_seed_corpus.zip
 /fuzz/fuzz_ds_ahocorasick_seed_corpus.zip
+/fuzz/fuzz_libinjection_seed_corpus.zip
 /fuzz/fuzz_*.dict
 /influxdb/Makefile
 /install-sh

fuzz/Makefile.am

@@ -1,8 +1,10 @@
 bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader fuzz_ndpi_reader_alloc_fail fuzz_quic_get_crypto_data fuzz_config fuzz_community_id fuzz_serialization
 #Alghoritms
-bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_jitter fuzz_alg_ses_des fuzz_alg_crc32_md5
+bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_jitter fuzz_alg_ses_des fuzz_alg_crc32_md5 fuzz_alg_bytestream
 #Data structures
 bin_PROGRAMS += fuzz_ds_patricia fuzz_ds_ahocorasick fuzz_ds_libcache fuzz_ds_tree fuzz_ds_ptree
+#Third party
+bin_PROGRAMS += fuzz_libinjection
 
 fuzz_process_packet_SOURCES = fuzz_process_packet.c fuzz_common_code.c
 fuzz_process_packet_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
@@ -174,6 +176,19 @@ fuzz_alg_crc32_md5_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \
     $(fuzz_alg_crc32_md5_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
+fuzz_alg_bytestream_SOURCES = fuzz_alg_bytestream.c
+fuzz_alg_bytestream_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_alg_bytestream_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
+fuzz_alg_bytestream_LDFLAGS = $(LIBS)
+if HAS_FUZZLDFLAGS
+fuzz_alg_bytestream_CFLAGS += $(LIB_FUZZING_ENGINE)
+fuzz_alg_bytestream_LDFLAGS += $(LIB_FUZZING_ENGINE)
+endif
+# force usage of CXX for linker
+fuzz_alg_bytestream_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+    $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \
+    $(fuzz_alg_bytestream_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
+
 fuzz_alg_ses_des_SOURCES = fuzz_alg_ses_des.cpp fuzz_common_code.c
 fuzz_alg_ses_des_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_alg_ses_des_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
@@ -264,6 +279,20 @@ fuzz_ds_ptree_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \
     $(fuzz_ds_ptree_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
+fuzz_libinjection_SOURCES = fuzz_libinjection.c
+fuzz_libinjection_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_libinjection_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
+fuzz_libinjection_LDFLAGS = $(LIBS)
+if HAS_FUZZLDFLAGS
+fuzz_libinjection_CFLAGS += $(LIB_FUZZING_ENGINE)
+fuzz_libinjection_LDFLAGS += $(LIB_FUZZING_ENGINE)
+endif
+# force usage of CXX for linker
+fuzz_libinjection_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+    $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \
+    $(fuzz_libinjection_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
+
+
 
 # required for Google oss-fuzz
 # see https://github.com/google/oss-fuzz/tree/master/projects/ndpi
@@ -350,8 +379,18 @@ files_corpus_fuzz_ds_ptree :=  $(wildcard corpus/fuzz_ds_ptree/*)
 fuzz_ds_ptree_seed_corpus.zip: $(files_corpus_fuzz_ds_ptree)
 	zip -j fuzz_ds_ptree_seed_corpus.zip $(files_corpus_fuzz_ds_ptree)
 
+files_corpus_fuzz_alg_bytestream :=  $(wildcard corpus/fuzz_alg_bytestream/*)
+
+fuzz_alg_bytestream_seed_corpus.zip: $(files_corpus_fuzz_alg_bytestream)
+	zip -j fuzz_alg_bytestream_seed_corpus.zip $(files_corpus_fuzz_alg_bytestream)
+
+files_corpus_fuzz_libinjection :=  $(wildcard corpus/fuzz_libinjection/*)
+
+fuzz_libinjection_seed_corpus.zip: $(files_corpus_fuzz_libinjection)
+	zip -j fuzz_libinjection_seed_corpus.zip $(files_corpus_fuzz_libinjection)
+
 
-corpus: fuzz_ndpi_reader_seed_corpus.zip fuzz_ndpi_reader_alloc_fail_seed_corpus.zip fuzz_quic_get_crypto_data_seed_corpus.zip fuzz_config_seed_corpus.zip fuzz_ds_patricia_seed_corpus.zip fuzz_ds_ahocorasick_seed_corpus.zip fuzz_alg_ses_des_seed_corpus.zip fuzz_alg_hw_rsi_outliers_da_seed_corpus.zip fuzz_alg_bins_seed_corpus.zip fuzz_alg_hll_seed_corpus.zip fuzz_alg_jitter_seed_corpus.zip fuzz_ds_libcache_seed_corpus.zip fuzz_community_id_seed_corpus.zip fuzz_ds_tree_seed_corpus.zip fuzz_serialization_seed_corpus.zip fuzz_ds_ptree_seed_corpus.zip fuzz_alg_crc32_md5_seed_corpus.zip
+corpus: fuzz_ndpi_reader_seed_corpus.zip fuzz_ndpi_reader_alloc_fail_seed_corpus.zip fuzz_quic_get_crypto_data_seed_corpus.zip fuzz_config_seed_corpus.zip fuzz_ds_patricia_seed_corpus.zip fuzz_ds_ahocorasick_seed_corpus.zip fuzz_alg_ses_des_seed_corpus.zip fuzz_alg_hw_rsi_outliers_da_seed_corpus.zip fuzz_alg_bins_seed_corpus.zip fuzz_alg_hll_seed_corpus.zip fuzz_alg_jitter_seed_corpus.zip fuzz_ds_libcache_seed_corpus.zip fuzz_community_id_seed_corpus.zip fuzz_ds_tree_seed_corpus.zip fuzz_serialization_seed_corpus.zip fuzz_ds_ptree_seed_corpus.zip fuzz_alg_crc32_md5_seed_corpus.zip fuzz_alg_bytestream_seed_corpus.zip fuzz_libinjection_seed_corpus.zip
 
 #Create dictionaries exactly as expected by oss-fuzz.
 #This way, if we need to change/update/add something,
@@ -368,16 +407,19 @@ distdir:
 		-o -name '*.h' \
 		-o -name '*.cpp' \
 		-o -name '*.dict' \
+		-o -name 'ipv4_addresses.txt' \
 		-o -path './corpus/fuzz_quic_get_crypto_data/*' \
 		-o -path './corpus/fuzz_config/*' \
 		-o -path './corpus/fuzz_serialization/*' \
 		-o -path './corpus/fuzz_community_id/*' \
+		-o -path './corpus/fuzz_libinjection/*' \
 		-o -path './corpus/fuzz_alg_ses_des/*' \
 		-o -path './corpus/fuzz_alg_bins/*' \
 		-o -path './corpus/fuzz_alg_hll/*' \
 		-o -path './corpus/fuzz_alg_jitter/*' \
 		-o -path './corpus/fuzz_alg_crc32_md5/*' \
 		-o -path './corpus/fuzz_alg_hw_rsi_outliers_da/*' \
+		-o -path './corpus/fuzz_alg_bytestream/*' \
 		-o -path './corpus/fuzz_ds_ahocorasick/*' \
 		-o -path './corpus/fuzz_ds_libcache/*' \
 		-o -path './corpus/fuzz_ds_tree/*' \

fuzz/corpus/fuzz_alg_bytestream/00f699c111a4216c827906dddc7e53d2676c436c

@@ -0,0 +1 @@
+5�70

fuzz/corpus/fuzz_alg_bytestream/1

@@ -0,0 +1 @@
+59708719594136008472212676481906

fuzz/corpus/fuzz_alg_bytestream/1c45e235b337db8b9e98bf2aa0ee02dde9384efa

@@ -0,0 +1 @@
+5�705�(770(777

fuzz/corpus/fuzz_alg_bytestream/2

@@ -0,0 +1 @@
+2Bba5a7FEEcfced4fbbBfFEe16bfcaA4

fuzz/corpus/fuzz_alg_bytestream/7f6a3512755b96414b7dfe5a21d2952a9cc70333

@@ -0,0 +1 @@
+5�70(77247�906:

fuzz/corpus/fuzz_alg_bytestream/b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

@@ -0,0 +1 @@
+0

fuzz/corpus/fuzz_alg_bytestream/b7103ca278a75cad8f7d065acda0c2e80da0b7dc

@@ -0,0 +1 @@
+70

fuzz/corpus/fuzz_alg_bytestream/d2418811df5936bdb530e9c66aca38f4fc6da70c

@@ -0,0 +1 @@
+5�700772212676481906:

fuzz/corpus/fuzz_ds_ahocorasick/1e17f87333b37b4009f70119882d8ab2d665166d

@@ -0,0 +1 @@
+����������""""""""""""""""""""""""""""""����������������"""��������������������������������������������������������������������������������������������������""""�b�Mn1y���<���u����������������h�a����������������������������������rrrrrrrr������������������������������������CCCCCCCCCCC�����������������������"""""""""""""""""""""""""""""""""rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr�������������������������������������������������������������������������������������������������������������������������"������������������������������������������������������������������������������������������������������?�CCCCCCCCCSCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC��������������������������������������������������������������������������������������������������������������������CCCCCCCCCCC�����������������������"""""""""""""""""""""""""""""""""��������������&�����������?������xp5�l���q3]��F	,�.����e^!������

fuzz/corpus/fuzz_libinjection/10

@@ -0,0 +1 @@
+205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1%23&Submit=Submit

fuzz/corpus/fuzz_libinjection/11

@@ -0,0 +1 @@
+92.168.3.107/DVWA-master/vulnerabilities/sqli/?id=%3Fid%3Da%27+UNION+SELECT+%22text1%22%2C%22text2%22%3B--+-%26Submit%3DSubmit&Submit=Submit

fuzz/corpus/fuzz_libinjection/15b476de3caa02284e485d66b68081608ae4faf5

@@ -0,0 +1 @@
+20���̻1%23&i

fuzz/corpus/fuzz_libinjection/1a38ab89c73b1bb6a4d06294c94b413f9ad0822e

@@ -0,0 +1 @@
+2--

fuzz/corpus/fuzz_libinjection/2

@@ -0,0 +1 @@
+192.168.3.107/DVWA-master/vulnerabilities/xss_d/?default=English%3Cscript%3Ealert(1)%3C/script%3E

fuzz/corpus/fuzz_libinjection/20

@@ -0,0 +1 @@
+/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E

fuzz/corpus/fuzz_libinjection/21

@@ -0,0 +1 @@
+/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit

fuzz/corpus/fuzz_libinjection/22

@@ -0,0 +1 @@
+/ntop/nDPI/actions/runs/4161701848/jobs/7199989034

fuzz/corpus/fuzz_libinjection/3

@@ -0,0 +1 @@
+205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1%23&Submit=Submit

fuzz/corpus/fuzz_libinjection/30

@@ -0,0 +1 @@
+foo' + 1

fuzz/corpus/fuzz_libinjection/31

@@ -0,0 +1 @@
+'foo' + 1

fuzz/corpus/fuzz_libinjection/32

@@ -0,0 +1 @@
+1" UNION ALL SELECT * FROM FOO

fuzz/corpus/fuzz_libinjection/33

@@ -0,0 +1 @@
+1" INCH

fuzz/corpus/fuzz_libinjection/34

@@ -0,0 +1 @@
+1' INCH

fuzz/corpus/fuzz_libinjection/3450506a01feb1c676c383da2351d81c95e361b9

@@ -0,0 +1 @@
+21%23&i;

fuzz/corpus/fuzz_libinjection/35

@@ -0,0 +1 @@
+--1 UNION ALL SELECT * FROM FOO

fuzz/corpus/fuzz_libinjection/36

@@ -0,0 +1 @@
+1' == --1 OR 1

fuzz/corpus/fuzz_libinjection/37

@@ -0,0 +1 @@
+1" UNION ALL SELECT --1 FROM FOO

fuzz/corpus/fuzz_libinjection/38

@@ -0,0 +1 @@
+foo'--'bar'

fuzz/corpus/fuzz_libinjection/39

@@ -0,0 +1 @@
+--blah

fuzz/corpus/fuzz_libinjection/39a9b3ad3544180f4614c356bec4305a940c27bc

@@ -0,0 +1 @@
+31i22;

fuzz/corpus/fuzz_libinjection/4

@@ -0,0 +1 @@
+205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit

fuzz/corpus/fuzz_libinjection/40

@@ -0,0 +1 @@
+1--sp_password

fuzz/corpus/fuzz_libinjection/41

@@ -0,0 +1 @@
+x'--sp_password

fuzz/corpus/fuzz_libinjection/42

@@ -0,0 +1 @@
+1*1--

fuzz/corpus/fuzz_libinjection/43

@@ -0,0 +1 @@
+1 /*!anything*/

fuzz/corpus/fuzz_libinjection/44

@@ -0,0 +1 @@
+1--0000000000111111111122222222223333333333 sp_password

fuzz/corpus/fuzz_libinjection/45

@@ -0,0 +1 @@
+foo" and 1=1 `

fuzz/corpus/fuzz_libinjection/46

@@ -0,0 +1 @@
+foo" and 1=1 `

fuzz/corpus/fuzz_libinjection/47

@@ -0,0 +1 @@
+1 and @version

fuzz/corpus/fuzz_libinjection/48

@@ -0,0 +1 @@
+1 and @version < 1

fuzz/corpus/fuzz_libinjection/49

@@ -0,0 +1 @@
+1 and "a" < "b"

fuzz/corpus/fuzz_libinjection/5

@@ -0,0 +1 @@
+205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit

fuzz/corpus/fuzz_libinjection/50

@@ -0,0 +1 @@
+1 and "a"

fuzz/corpus/fuzz_libinjection/51

@@ -0,0 +1 @@
+1 TOP 'foo'

fuzz/corpus/fuzz_libinjection/52

@@ -0,0 +1 @@
+1 UNION

fuzz/corpus/fuzz_libinjection/5202e03fa50b3bc1b55fb03faa3c26659e6fcee8

@@ -0,0 +1 @@
+</`

fuzz/corpus/fuzz_libinjection/53

@@ -0,0 +1 @@
+1 ANALYZE 'foo'

fuzz/corpus/fuzz_libinjection/54

@@ -0,0 +1 @@
+1 /* junk */ UNION

fuzz/corpus/fuzz_libinjection/55

@@ -0,0 +1 @@
+1),(1)) UNION SELECT 1;

fuzz/corpus/fuzz_libinjection/56

@@ -0,0 +1 @@
+foo - (bar) UNION SELECT 1

fuzz/corpus/fuzz_libinjection/57

@@ -0,0 +1 @@
+foo - (1) UNION SELECT 1

fuzz/corpus/fuzz_libinjection/58

@@ -0,0 +1 @@
+1, -sin(1)) UNION SELECT 1

fuzz/corpus/fuzz_libinjection/59

@@ -0,0 +1 @@
+{``.``.id} UNION SELECT table_name from information_schemas LIMIT 1

fuzz/corpus/fuzz_libinjection/6

@@ -0,0 +1 @@
+205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit

fuzz/corpus/fuzz_libinjection/7

@@ -0,0 +1 @@
+205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit

fuzz/corpus/fuzz_libinjection/8

@@ -0,0 +1 @@
+205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit

fuzz/corpus/fuzz_libinjection/85e53271e14006f0265921d02d4d736cdc580b0b

@@ -0,0 +1 @@
+�

fuzz/corpus/fuzz_libinjection/9

@@ -0,0 +1 @@
+205.174.165.68/dv/vulnerabilities/sqli/?id=1%27+and+1%3D1%23&Submit=Submit

fuzz/corpus/fuzz_libinjection/9d1de8279add3b6d037aa2a801da30d45f91cf8d

@@ -0,0 +1 @@
+��

fuzz/corpus/fuzz_libinjection/cc7ddbb1c7ce7d7181615313b0c6ac81575c7668

@@ -0,0 +1,2 @@
+
+2�