OISF · victorjulien · Apr 6, 2020 · Apr 6, 2020 · Apr 6, 2020 · Apr 6, 2020
@@ -645,12 +645,10 @@ static uint32_t AppLayerProtoDetectProbingParserGetMask(AppProto alproto)
     SCEnter();
 
     if (!(alproto > ALPROTO_UNKNOWN && alproto < ALPROTO_FAILED)) {
-        SCLogError(SC_ERR_ALPARSER, "Unknown protocol detected - %"PRIu16,
-                   alproto);
-        exit(EXIT_FAILURE);
+        FatalError(SC_ERR_ALPARSER, "Unknown protocol detected - %u", alproto);
     }
 
-    SCReturnUInt(1 << alproto);
+    SCReturnUInt(1UL << (uint32_t)alproto);
 }
 
 static AppLayerProtoDetectProbingParserElement *AppLayerProtoDetectProbingParserElementAlloc(void)

@@ -6482,6 +6482,8 @@ static int HTPParserTest16(void)
         goto end;
     }
 
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+//these events are disabled during fuzzing as they are too noisy and consume much resource
     FLOWLOCK_WRLOCK(f);
     void *txtmp = AppLayerParserGetTx(IPPROTO_TCP, ALPROTO_HTTP,f->alstate, 0);
     AppLayerDecoderEvents *decoder_events = AppLayerParserGetEventsByTx(IPPROTO_TCP, ALPROTO_HTTP, txtmp);
@@ -6501,6 +6503,7 @@ static int HTPParserTest16(void)
         printf("HTTP_DECODER_EVENT_URI_DELIM_NON_COMPLIANT not set: ");
         goto end;
     }
+#endif
 
     result = 1;
 end:

@@ -42,13 +42,14 @@ static DetectParseRegex parse_regex;
 static int DetectPktvarMatch (DetectEngineThreadCtx *, Packet *,
         const Signature *, const SigMatchCtx *);
 static int DetectPktvarSetup (DetectEngineCtx *, Signature *, const char *);
+static void DetectPktvarFree(void *data);
 
 void DetectPktvarRegister (void)
 {
     sigmatch_table[DETECT_PKTVAR].name = "pktvar";
     sigmatch_table[DETECT_PKTVAR].Match = DetectPktvarMatch;
     sigmatch_table[DETECT_PKTVAR].Setup = DetectPktvarSetup;
-    sigmatch_table[DETECT_PKTVAR].Free  = NULL;
+    sigmatch_table[DETECT_PKTVAR].Free  = DetectPktvarFree;
     sigmatch_table[DETECT_PKTVAR].RegisterTests  = NULL;
 
     DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
@@ -76,6 +77,15 @@ static int DetectPktvarMatch (DetectEngineThreadCtx *det_ctx, Packet *p,
     return ret;
 }
 
+static void DetectPktvarFree(void *ptr)
+{
+    DetectPktvarData *data = ptr;
+    if (data != NULL) {
+        SCFree(data->content);
+        SCFree(data);
+    }
+}
+
 static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
 {
     char *varname = NULL, *varcontent = NULL;
@@ -100,6 +110,7 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
 
     res = pcre_get_substring((char *)rawstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
     if (res < 0) {
+        pcre_free(varname);
         SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
         return -1;
     }
@@ -123,11 +134,11 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
         pcre_free(varcontent);
         return -1;
     }
+    pcre_free(varcontent);
 
     DetectPktvarData *cd = SCCalloc(1, sizeof(DetectPktvarData));
     if (unlikely(cd == NULL)) {
         pcre_free(varname);
-        pcre_free(varcontent);
         SCFree(content);
         return -1;
     }
@@ -136,14 +147,12 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
     cd->content_len = len;
     cd->id = VarNameStoreSetupAdd(varname, VAR_TYPE_PKT_VAR);
     pcre_free(varname);
-    pcre_free(varcontent);
 
     /* Okay so far so good, lets get this into a SigMatch
      * and put it in the Signature. */
     SigMatch *sm = SigMatchAlloc();
     if (unlikely(sm == NULL)) {
-        SCFree(cd->content);
-        SCFree(cd);
+        DetectPktvarFree(cd);
         return -1;
     }
     sm->type = DETECT_PKTVAR;
@@ -152,5 +161,3 @@ static int DetectPktvarSetup (DetectEngineCtx *de_ctx, Signature *s, const char
     SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH);
     return 0;
 }
-
-
@@ -204,8 +204,6 @@ static DetectSslVersionData *DetectSslVersionParse(const char *str)
     }
 
     if (ret > 1) {
-        const char *str_ptr;
-        char *orig;
         uint8_t found = 0, neg = 0;
         char *tmp_str;
 
@@ -216,19 +214,16 @@ static DetectSslVersionData *DetectSslVersionParse(const char *str)
 
         int i;
         for (i = 1; i < ret; i++) {
-            res = pcre_get_substring((char *) str, ov, MAX_SUBSTRINGS, i, &str_ptr);
+            char ver_ptr[64];
+            res = pcre_copy_substring((char *) str, ov, MAX_SUBSTRINGS, i, ver_ptr, sizeof(ver_ptr));
             if (res < 0) {
                 SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
                 if (found == 0)
                     goto error;
                 break;
             }
 
-            orig = SCStrdup((char*) str_ptr);
-            if (unlikely(orig == NULL)) {
-                goto error;
-            }
-            tmp_str = orig;
+            tmp_str = ver_ptr;
 
             /* Let's see if we need to scape "'s */
             if (tmp_str[0] == '"') {
@@ -267,20 +262,16 @@ static DetectSslVersionData *DetectSslVersionParse(const char *str)
                 if (neg == 1)
                     ssl->data[TLS13].flags |= DETECT_SSL_VERSION_NEGATED;
             }  else if (strcmp(tmp_str, "") == 0) {
-                SCFree(orig);
                 if (found == 0)
                     goto error;
                 break;
             } else {
                 SCLogError(SC_ERR_INVALID_VALUE, "Invalid value");
-                SCFree(orig);
                 goto error;
             }
 
             found = 1;
             neg = 0;
-            SCFree(orig);
-            pcre_free_substring(str_ptr);
         }
     }
 

@@ -281,6 +281,7 @@ int RunmodeGetCurrent(void)
  *  construction, etc.
  */
 
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 static void SignalHandlerSigint(/*@unused@*/ int sig)
 {
     sigint_count = 1;
@@ -289,6 +290,8 @@ static void SignalHandlerSigterm(/*@unused@*/ int sig)
 {
     sigterm_count = 1;
 }
+#endif
+
 #ifndef OS_WIN32
 /**
  * SIGUSR2 handler.  Just set sigusr2_count.  The main loop will act on

@@ -14,6 +14,8 @@
 
 #define HEADER_LEN 6
 
+//rule of thumb constant, so as not to timeout target
+#define PROTO_DETECT_MAX_LEN 1024
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
 
@@ -59,7 +61,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
          * we find the same protocol or ALPROTO_UNKNOWN.
          * Otherwise, we have evasion with TCP splitting
          */
-        for (size_t i = 0; i < size-HEADER_LEN; i++) {
+        for (size_t i = 0; i < size-HEADER_LEN && i < PROTO_DETECT_MAX_LEN; i++) {
             alproto2 = AppLayerProtoDetectGetProto(alpd_tctx, f, data+HEADER_LEN, i, f->proto, data[0], &reverse);
             if (alproto2 != ALPROTO_UNKNOWN && alproto2 != alproto) {
                 printf("Assertion failure : With input length %"PRIuMAX", found %s instead of %s\n", (uintmax_t) i, AppProtoToString(alproto2), AppProtoToString(alproto));