Hi everyone,
I am trying to search for bugs in bro file parser using libfuzzer. I found the old branch where you tried to fuzz HTTP protocol. So, I have implemented everything on top this branch. I was able to easily make it work for DNP3 protocol but file analyzers are different. The problem is that I can’t reach the actual PE parser code from my LLVMFuzzerTestOneInput.
The actual code is :
analyzer::file::File_Analyzer *filea = new analyzer::file::File_Analyzer(“TCP”,conn);
filea->DeliverStream(DataSize, Data, true);
I had problems with file handler which I solved by adding the following line in the Manager.cc
— a/src/file_analysis/Manager.cc
+++ b/src/file_analysis/Manager.cc
@@ -427,6 +427,7 @@ string Manager::GetFileID(analyzer::Tag tag, Connection* c, bool is_orig)
mgr.QueueEvent(get_file_handle, vl);
mgr.Drain(); // need file handle immediately so we don’t have to buffer data
- file_mgr->SetHandle(“random_str”);
return current_file_id;
}
In this case, Bro will call “hash” analyzer and ignore PE. It looks like the PE file analyzer is not loaded/initialized, the debug log reports only the following modules being loaded:
[FjjsZfY8GArx2E0Ih] Add analyzer MD5
[FjjsZfY8GArx2E0Ih] Add analyzer SHA1
Probably, I am on completely wrong way to make it work. it would be great if you can suggest me some other ways to make it work without significant modification of bro source code.
Thank you in advance.