Fuzz dnp3 fixes v1 #5093

catenacyber · 2020-06-23T07:09:36Z

Does not proceed final chunk if we got an error previously
Flips the direction for last chunk as usual

Link to redmine tickets:
https://redmine.openinfosecfoundation.org/issues/3772
https://redmine.openinfosecfoundation.org/issues/3773
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22832

Describe changes:

Fixes fuzz target fuzz_applayerparserparse by not processing a last chunk if we had an error previously
Improves DNP3 fuzzing by not checking CRC while fuzzing
Improves DNP3 probing parser by fixing direction based on header field
Fixes DNP3 response parsing, as reported in dnp3: added sanity checks to avoid crashes in a case of malformed data #5063

So, this is a mix of DNP3 and fuzzing, and can be split between different Pull Requests

Should I make a S-V test for the probing parser ?

#suricata-verify-pr:
#suricata-verify-repo:
#suricata-verify-branch:
#suricata-update-pr:
#suricata-update-repo:
#suricata-update-branch:
#libhtp-pr:
#libhtp-repo:
#libhtp-branch:

Does not proceed final chunk if we got an error previously Flips the direction for last chunk as usual

catenacyber · 2020-06-23T07:10:00Z

Follows #5084 by adding dnp3 fix

jasonish · 2020-06-26T13:52:25Z

Should I make a S-V test for the probing parser ?

Yes, please. DNP3 lacks test coverage on imperfect input I believe.

catenacyber · 2020-06-30T07:02:22Z

Yes, please. DNP3 lacks test coverage on imperfect input I believe.

OISF/suricata-verify#261

victorjulien · 2020-07-07T12:52:37Z

Merged in #5139, thanks!

catenacyber added 4 commits June 19, 2020 11:34

fuzz: improves fuzz target applayerparserparse

7c92e3c

Does not proceed final chunk if we got an error previously Flips the direction for last chunk as usual

fuzz: disable DNP3 checksums while fuzzing

8a61f75

dnp3: probing parser fixes direction based on dnp3 header

182ae51

dnp3: fix buffer over read in responses parsing

9673d2a

catenacyber requested a review from a team as a code owner June 23, 2020 07:09

catenacyber mentioned this pull request Jun 23, 2020

dnp3: added sanity checks to avoid crashes in a case of malformed data #5063

Closed

3 tasks

catenacyber force-pushed the fuzz-dnp3-fixes-v1 branch from 114c9cf to 5f71b22 Compare June 23, 2020 07:52

dnp3: adds unit test against previous bug

0ffa1c6

catenacyber force-pushed the fuzz-dnp3-fixes-v1 branch from 5f71b22 to 0ffa1c6 Compare June 23, 2020 07:53

victorjulien assigned jasonish Jun 26, 2020

catenacyber mentioned this pull request Jun 30, 2020

Adds dnp3 midstream direction probing parser test OISF/suricata-verify#261

Closed

catenacyber mentioned this pull request Jun 30, 2020

MQTT parser - v4 #5098

Closed

victorjulien mentioned this pull request Jul 7, 2020

Next/20200707/v5 #5139

Merged

victorjulien closed this Jul 7, 2020

catenacyber mentioned this pull request Aug 26, 2020

dnp3: test of dnp3 flow direction fix OISF/suricata-verify#304

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fuzz dnp3 fixes v1 #5093

Fuzz dnp3 fixes v1 #5093

catenacyber commented Jun 23, 2020

catenacyber commented Jun 23, 2020

jasonish commented Jun 26, 2020

catenacyber commented Jun 30, 2020

victorjulien commented Jul 7, 2020

Navigation Menu

Fuzz dnp3 fixes v1 #5093

Fuzz dnp3 fixes v1 #5093

Conversation

catenacyber commented Jun 23, 2020

catenacyber commented Jun 23, 2020

jasonish commented Jun 26, 2020

catenacyber commented Jun 30, 2020

victorjulien commented Jul 7, 2020