fuzz: purge old sessions (ntop#1451)

IvanNardi · web-flow · commit fbb9700086ef · 2022-02-21T20:32:50.000+01:00
At every fuzz iteration (i.e for every trace file):
* keep the same ndpi context (`ndpi_init_detection_module` is very
slow);
* reset the flow table, otherwise it grows indefinitely.

This change should fix the "out-of-memory" errors reported by oss-fuzz.
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
@@ -2062,7 +2062,7 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) {
   prefs.ignore_vlanid = ignore_vlanid;
 
   memset(&ndpi_thread_info[thread_id], 0, sizeof(ndpi_thread_info[thread_id]));
-  ndpi_thread_info[thread_id].workflow = ndpi_workflow_init(&prefs, pcap_handle);
+  ndpi_thread_info[thread_id].workflow = ndpi_workflow_init(&prefs, pcap_handle, 1);
 
   /* Preferences */
   ndpi_workflow_set_flow_detected_callback(ndpi_thread_info[thread_id].workflow,
diff --git a/example/reader_util.c b/example/reader_util.c
@@ -391,7 +391,7 @@ extern char *_debug_protocols;
 static int _debug_protocols_ok = 0;
 
 struct ndpi_workflow* ndpi_workflow_init(const struct ndpi_workflow_prefs * prefs,
-					 pcap_t * pcap_handle) {
+					 pcap_t * pcap_handle, int do_init_flows_root) {
   struct ndpi_detection_module_struct * module;
   struct ndpi_workflow * workflow;
 
@@ -427,7 +427,8 @@ struct ndpi_workflow* ndpi_workflow_init(const struct ndpi_workflow_prefs * pref
   if(_debug_protocols_ok)
     ndpi_set_debug_bitmask(module, debug_bitmask);
 
-  workflow->ndpi_flows_root = ndpi_calloc(workflow->prefs.num_roots, sizeof(void *));
+  if(do_init_flows_root)
+    workflow->ndpi_flows_root = ndpi_calloc(workflow->prefs.num_roots, sizeof(void *));
 
   return workflow;
 }
diff --git a/example/reader_util.h b/example/reader_util.h
@@ -306,7 +306,7 @@ typedef struct ndpi_workflow {
 
 
 /* TODO: remove wrappers parameters and use ndpi global, when their initialization will be fixed... */
-struct ndpi_workflow * ndpi_workflow_init(const struct ndpi_workflow_prefs * prefs, pcap_t * pcap_handle);
+struct ndpi_workflow * ndpi_workflow_init(const struct ndpi_workflow_prefs * prefs, pcap_t * pcap_handle, int do_init_flows_root);
 
 
 /* workflow main free function */
diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c
@@ -47,6 +47,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   char errbuf[PCAP_ERRBUF_SIZE];
   NDPI_PROTOCOL_BITMASK all;
   char * pcap_path = tempnam("/tmp", "fuzz-ndpi-reader");
+  u_int i;
 
   if (prefs == NULL) {
     prefs = calloc(sizeof(struct ndpi_workflow_prefs), 1);
@@ -59,7 +60,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     prefs->max_ndpi_flows = 1024 * 1024;
     prefs->quiet_mode = 0;
 
-    workflow = ndpi_workflow_init(prefs, NULL /* pcap handler will be set later */);
+    workflow = ndpi_workflow_init(prefs, NULL /* pcap handler will be set later */, 0);
     // enable all protocols
     NDPI_BITMASK_SET_ALL(all);
     ndpi_set_protocol_detection_bitmask2(workflow->ndpi_struct, &all);
@@ -90,6 +91,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   }
 
   workflow->pcap_handle = pkts;
+  /* Init flow tree */
+  workflow->ndpi_flows_root = ndpi_calloc(workflow->prefs.num_roots, sizeof(void *));
 
   header = NULL;
   r = pcap_next_ex(pkts, &header, &pkt);
@@ -109,6 +112,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   }
   pcap_close(pkts);
 
+  /* Free flow trees */
+  for(i = 0; i < workflow->prefs.num_roots; i++)
+    ndpi_tdestroy(workflow->ndpi_flows_root[i], ndpi_flow_info_freer);
+  ndpi_free(workflow->ndpi_flows_root);
+
   remove(pcap_path);
   free(pcap_path);
 
