New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fuzz tcpsplit v1 #4917
Fuzz tcpsplit v1 #4917
Conversation
Tries tcp stream parsing against rule detection. And tries it again with splitting byte by byte. And checks if we get the same alerts.
@@ -2739,7 +2739,12 @@ TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data) | |||
memset(det_ctx, 0, sizeof(DetectEngineThreadCtx)); | |||
|
|||
det_ctx->tv = tv; | |||
#if defined(FUZZ) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
inspired by unit tests mode a few lines below
@@ -2159,11 +2159,13 @@ static void SetupDelayedDetect(SCInstance *suri) | |||
|
|||
static int LoadSignatures(DetectEngineCtx *de_ctx, SCInstance *suri) | |||
{ | |||
#ifndef FUZZ | |||
if (SigLoadSignatures(de_ctx, suri->sig_file, suri->sig_file_exclusive) < 0) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure this is the best way
TcpReassemblyThreadCtx *ra_ctx = NULL; | ||
uint64_t forceLayer = 0; | ||
|
||
static Packet *TestHelperBuildPacketAndFlow(const char *src, const char *dst, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any good replacement ?
} | ||
|
||
static int TestHelperAddSegmentWithPayload(ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx, TcpStream *stream, uint32_t seq, const uint8_t *payload, uint16_t len, Packet *p) | ||
{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
inspired by StreamTcpUTAddSegmentWithPayload
The whole thing is inspired by tests such as DetectSshVersionTestDetect01
from ssh rust branch
goto end; | ||
} | ||
p->flow->protoctx = &ssn; | ||
psplit->flow->protoctx = &ssnsplit; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TODO : have these in the helper function
This is a follow up to generalize bug findings such as #4792 or https://redmine.openinfosecfoundation.org/issues/3631 |
This will need corpus generation to serialized format from rule and pcap (and use S-V directories). Are there rules who are meant to be sensitive to TCP splitting ? |
Link to redmine ticket:
None
Describe changes:
const
keyword for some function argumentsOpen questions :
Tested with input file
alert ssh any any -> any any (msg:"SSH"; ssh.protoversion:2_compat; sid:1;)%0A%00%05%00%124%00%16SSH-2.0-test%0A
abort
with dummy patch