Module: kamailio Branch: master Commit: 1cd2fc1977bfa5e362cef0199e4643085c66d3d1 URL: https://github.com/kamailio/kamailio/commit/1cd2fc1977bfa5e362cef0199e46430… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2022-10-05T10:34:43+02:00 misc/fuzz: add checks on input size - test with larger messages than core accepts --- Modified: misc/fuzz/fuzz_parse_msg.c Modified: misc/fuzz/fuzz_uri.c --- Diff: https://github.com/kamailio/kamailio/commit/1cd2fc1977bfa5e362cef0199e46430… Patch: https://github.com/kamailio/kamailio/commit/1cd2fc1977bfa5e362cef0199e46430… --- diff --git a/misc/fuzz/fuzz_parse_msg.c b/misc/fuzz/fuzz_parse_msg.c index e20c2e64f3a..80fe75a226b 100644 --- a/misc/fuzz/fuzz_parse_msg.c +++ b/misc/fuzz/fuzz_parse_msg.c @@ -1,3 +1,4 @@ +#include "../config.h" #include "../parser/sdp/sdp.h" #include "../parser/parse_uri.c" #include "../parser/parse_hname2.h" @@ -23,6 +24,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { orig_inv.buf = (char*)data; orig_inv.len = size; + if(size >= 4*BUF_SIZE) { + /* test with larger message than core accepts, but not indefinitely large */ + return 0; + } + if (parse_msg(orig_inv.buf, orig_inv.len, &orig_inv) < 0) { goto cleanup; } diff --git a/misc/fuzz/fuzz_uri.c b/misc/fuzz/fuzz_uri.c index 9418d6eed4d..3cc6dec061f 100644 --- a/misc/fuzz/fuzz_uri.c +++ b/misc/fuzz/fuzz_uri.c @@ -1,8 +1,14 @@ + +#include "../config.h" #include "../parser/parse_uri.c" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { struct sip_uri uri; + if(size >= BUF_SIZE) { + /* test with larger message than core accepts, but not indefinitely large */ + return 0; + } parse_uri(data, size, &uri); return 0; }