fuzzshark: disable reassembly for few protocols

Reassembly (or in general being stateful) doesn't help when fuzzing, even if wireshark will crash oss-fuzz will try to reproduce the crash with just single sample. Single sample will not reproduce the crash, so being stateful makes wireshark 'buggy target'. I hope change will also make IP corpus a little bit smaller. Change-Id: I01ba8177a653d220c4cfe8a56a5836c96010c6fe Reviewed-on: https://code.wireshark.org/review/25799 Reviewed-by: Jakub Zawadzki <darkjames-ws@darkjames.pl>
2018-02-15 00:39:53 +01:00 · 2018-02-15 00:39:53 +01:00 · a660215dea
parent 010c73daa6
commit a660215dea
1 changed files with 30 additions and 4 deletions
--- a/tools/oss-fuzzshark/fuzzshark.c
+++ b/tools/oss-fuzzshark/fuzzshark.c
@ -99,6 +99,22 @@ failure_message_cont(const char *msg_format, va_list ap)
 	fprintf(stderr, "\n");
 }

+static int
+fuzzshark_pref_set(const char *name, const char *value)
+{
+	char pref[4096];
+	char *errmsg = NULL;
+
+	prefs_set_pref_e ret;
+
+	g_snprintf(pref, sizeof(pref), "%s:%s", name, value);
+
+	ret = prefs_set_pref(pref, &errmsg);
+	g_free(errmsg);
+
+	return (ret == PREFS_SET_OK);
+}
+
 static const nstime_t *
 fuzzshark_get_frame_ts(struct packet_provider_data *prov _U_, guint32 frame_num _U_)
 {
@ -147,6 +163,19 @@ get_dissector_handle(const char *table, const char *target)
 	return fuzz_handle;
 }

+static void
+fuzz_prefs_apply(void)
+{
+	/* Turn off fragmentation for some protocols */
+	fuzzshark_pref_set("ip.defragment", "FALSE");
+	fuzzshark_pref_set("ipv6.defragment", "FALSE");
+	fuzzshark_pref_set("wlan.defragment", "FALSE");
+	fuzzshark_pref_set("tcp.desegment_tcp_streams", "FALSE");
+
+	/* Notify all registered modules that have had any of their preferences changed. */
+	prefs_apply_all();
+}
+
 static int
 fuzz_init(int argc _U_, char **argv)
 {
@ -267,10 +296,7 @@ fuzz_init(int argc _U_, char **argv)
 		}
 	}

-	/* Notify all registered modules that have had any of their preferences
-	   changed either from one of the preferences file or from the command
-	   line that their preferences have changed. */
-	prefs_apply_all();
+	fuzz_prefs_apply();

 	/* Build the column format array */
 	build_column_format_array(&fuzz_cinfo, prefs_p->num_cols, TRUE);