git:master:1cd2fc19: misc/fuzz: add checks on input size - sr-dev

5 Oct 2022

Module: kamailio
Branch: master
Commit: 1cd2fc1977bfa5e362cef0199e4643085c66d3d1
URL: https://github.com/kamailio/kamailio/commit/1cd2fc1977bfa5e362cef0199e464308...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2022-10-05T10:34:43+02:00
misc/fuzz: add checks on input size
- test with larger messages than core accepts
---
Modified: misc/fuzz/fuzz_parse_msg.c
Modified: misc/fuzz/fuzz_uri.c
---
Diff:  https://github.com/kamailio/kamailio/commit/1cd2fc1977bfa5e362cef0199e464308...
Patch: https://github.com/kamailio/kamailio/commit/1cd2fc1977bfa5e362cef0199e464308...
---

diff --git a/misc/fuzz/fuzz_parse_msg.c b/misc/fuzz/fuzz_parse_msg.c
index e20c2e64f3a..80fe75a226b 100644
--- a/misc/fuzz/fuzz_parse_msg.c
+++ b/misc/fuzz/fuzz_parse_msg.c
@@ -1,3 +1,4 @@
+#include "../config.h"
 #include "../parser/sdp/sdp.h"
 #include "../parser/parse_uri.c"
 #include "../parser/parse_hname2.h"
@@ -23,6 +24,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     orig_inv.buf = (char*)data;
     orig_inv.len = size;
+    if(size >= 4*BUF_SIZE) {
+        /* test with larger message than core accepts, but not indefinitely large */
+        return 0;
+    }
+
     if (parse_msg(orig_inv.buf, orig_inv.len, &orig_inv) < 0) {
         goto cleanup;
     }
diff --git a/misc/fuzz/fuzz_uri.c b/misc/fuzz/fuzz_uri.c
index 9418d6eed4d..3cc6dec061f 100644
--- a/misc/fuzz/fuzz_uri.c
+++ b/misc/fuzz/fuzz_uri.c
@@ -1,8 +1,14 @@
+
+#include "../config.h"
 #include "../parser/parse_uri.c"
int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     struct sip_uri uri;
+    if(size >= BUF_SIZE) {
+        /* test with larger message than core accepts, but not indefinitely large */
+        return 0;
+    }
     parse_uri(data, size, &uri);
     return 0;
 }

    