OISF · catenacyber · Sep 2, 2024 · Sep 2, 2024 · Sep 2, 2024 · Sep 2, 2024
diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c
@@ -158,8 +158,15 @@ typedef struct AppLayerProtoDetectCtx_ {
 
     /* Indicates the protocols that have registered themselves
      * for protocol detection.  This table is independent of the
-     * ipproto. */
-    const char *alproto_names[ALPROTO_MAX];
+     * ipproto. It should be allocated to contain ALPROTO_MAX
+     * protocols. */
+    const char **alproto_names;
+
+    /* Protocol expectations, like ftp-data on tcp.
+     * It should be allocated to contain ALPROTO_MAX
+     * app-layer protocols. For each protocol, an iptype
+     * is referenced (or 0 if there is no expectation). */
+    uint8_t *expectation_proto;
 } AppLayerProtoDetectCtx;
 
 typedef struct AppLayerProtoDetectAliases_ {
@@ -1718,6 +1725,15 @@ int AppLayerProtoDetectSetup(void)
         }
     }
 
+    alpd_ctx.alproto_names = SCCalloc(ALPROTO_MAX, sizeof(char *));
+    if (unlikely(alpd_ctx.alproto_names == NULL)) {
+        FatalError("Unable to alloc alproto_names.");
+    }
+    // to realloc when dynamic protos are added
+    alpd_ctx.expectation_proto = SCCalloc(ALPROTO_MAX, sizeof(uint8_t));
+    if (unlikely(alpd_ctx.expectation_proto == NULL)) {
+        FatalError("Unable to alloc expectation_proto.");
+    }
     AppLayerExpectationSetup();
 
     SCReturnInt(0);
@@ -1749,6 +1765,11 @@ int AppLayerProtoDetectDeSetup(void)
         }
     }
 
+    SCFree(alpd_ctx.alproto_names);
+    alpd_ctx.alproto_names = NULL;
+    SCFree(alpd_ctx.expectation_proto);
+    alpd_ctx.expectation_proto = NULL;
+
     SpmDestroyGlobalThreadCtx(alpd_ctx.spm_global_thread_ctx);
 
     AppLayerProtoDetectFreeAliases();
@@ -1762,6 +1783,7 @@ void AppLayerProtoDetectRegisterProtocol(AppProto alproto, const char *alproto_n
 {
     SCEnter();
 
+    // should have just been realloced when dynamic protos is added
     if (alpd_ctx.alproto_names[alproto] == NULL)
         alpd_ctx.alproto_names[alproto] = alproto_name;
 
@@ -2111,27 +2133,25 @@ void AppLayerProtoDetectSupportedAppProtocols(AppProto *alprotos)
     SCReturn;
 }
 
-uint8_t expectation_proto[ALPROTO_MAX];
-
 static void AppLayerProtoDetectPEGetIpprotos(AppProto alproto,
                                              uint8_t *ipprotos)
 {
-    if (expectation_proto[alproto] == IPPROTO_TCP) {
+    if (alpd_ctx.expectation_proto[alproto] == IPPROTO_TCP) {
         ipprotos[IPPROTO_TCP / 8] |= 1 << (IPPROTO_TCP % 8);
     }
-    if (expectation_proto[alproto] == IPPROTO_UDP) {
+    if (alpd_ctx.expectation_proto[alproto] == IPPROTO_UDP) {
         ipprotos[IPPROTO_UDP / 8] |= 1 << (IPPROTO_UDP % 8);
     }
 }
 
 void AppLayerRegisterExpectationProto(uint8_t proto, AppProto alproto)
 {
-    if (expectation_proto[alproto]) {
-        if (proto != expectation_proto[alproto]) {
+    if (alpd_ctx.expectation_proto[alproto]) {
+        if (proto != alpd_ctx.expectation_proto[alproto]) {
             SCLogError("Expectation on 2 IP protocols are not supported");
         }
     }
-    expectation_proto[alproto] = proto;
+    alpd_ctx.expectation_proto[alproto] = proto;
 }
 
 /***** Unittests *****/

diff --git a/src/app-layer-frames.c b/src/app-layer-frames.c
@@ -33,15 +33,25 @@
 struct FrameConfig {
     SC_ATOMIC_DECLARE(uint64_t, types);
 };
-static struct FrameConfig frame_config[ALPROTO_MAX];
+/* This array should be allocated to contain ALPROTO_MAX protocols. */
+static struct FrameConfig *frame_config;
 
 void FrameConfigInit(void)
 {
+    frame_config = SCCalloc(ALPROTO_MAX, sizeof(struct FrameConfig));
+    if (unlikely(frame_config == NULL)) {
+        FatalError("Unable to alloc frame_config.");
+    }
     for (AppProto p = 0; p < ALPROTO_MAX; p++) {
         SC_ATOMIC_INIT(frame_config[p].types);
     }
 }
 
+void FrameConfigDeInit(void)
+{
+    SCFree(frame_config);
+}
+
 void FrameConfigEnableAll(void)
 {
     const uint64_t bits = UINT64_MAX;

diff --git a/src/app-layer-frames.h b/src/app-layer-frames.h
@@ -106,6 +106,7 @@ FramesContainer *AppLayerFramesGetContainer(Flow *f);
 FramesContainer *AppLayerFramesSetupContainer(Flow *f);
 
 void FrameConfigInit(void);
+void FrameConfigDeInit(void);
 void FrameConfigEnableAll(void);
 void FrameConfigEnable(const AppProto p, const uint8_t type);
 

diff --git a/src/app-layer.c b/src/app-layer.c
diff --git a/src/flow-private.h b/src/flow-private.h
@@ -74,7 +74,7 @@ enum {
     FLOW_PROTO_MAX,
 };
 /* max used in app-layer (counters) */
-#define FLOW_PROTO_APPLAYER_MAX FLOW_PROTO_UDP + 1
+#define FLOW_PROTO_APPLAYER_MAX (FLOW_PROTO_UDP + 1)
 
 /*
  * Variables

diff --git a/src/suricata.c b/src/suricata.c
@@ -361,7 +361,6 @@ void GlobalsInitPreConfig(void)
     SupportFastPatternForSigMatchTypes();
     SCThresholdConfGlobalInit();
     SCProtoNameInit();
-    FrameConfigInit();
 }
 
 void GlobalsDestroy(void)

diff --git a/src/tests/fuzz/fuzz_applayerparserparse.c b/src/tests/fuzz/fuzz_applayerparserparse.c
@@ -36,32 +36,15 @@ extern const char *configNoChecksum;
 const uint8_t separator[] = {0x01, 0xD5, 0xCA, 0x7A};
 SCInstance surifuzz;
 AppProto forceLayer = 0;
+char *target_suffix = NULL;
 SC_ATOMIC_EXTERN(unsigned int, engine_stage);
 
 int LLVMFuzzerInitialize(int *argc, char ***argv)
 {
-    char *target_suffix = strrchr((*argv)[0], '_');
-    if (target_suffix != NULL) {
-        AppProto applayer = StringToAppProto(target_suffix + 1);
-        if (applayer != ALPROTO_UNKNOWN) {
-            forceLayer = applayer;
-            printf("Forcing %s=%" PRIu16 "\n", AppProtoToString(forceLayer), forceLayer);
-            return 0;
-        }
-    }
+    target_suffix = strrchr((*argv)[0], '_');
     // else
-    const char *forceLayerStr = getenv("FUZZ_APPLAYER");
-    if (forceLayerStr) {
-        if (ByteExtractStringUint16(&forceLayer, 10, 0, forceLayerStr) < 0) {
-            forceLayer = 0;
-            printf("Invalid numeric value for FUZZ_APPLAYER environment variable");
-        } else {
-            printf("Forcing %s\n", AppProtoToString(forceLayer));
-        }
-    }
-    // http is the output name, but we want to fuzz HTTP1
-    if (forceLayer == ALPROTO_HTTP) {
-        forceLayer = ALPROTO_HTTP1;
+    if (!target_suffix) {
+        target_suffix = getenv("FUZZ_APPLAYER");
     }
     return 0;
 }
@@ -96,6 +79,17 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         PostConfLoadedSetup(&surifuzz);
         alp_tctx = AppLayerParserThreadCtxAlloc();
         SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
+        if (target_suffix != NULL) {
+            AppProto applayer = StringToAppProto(target_suffix + 1);
+            if (applayer != ALPROTO_UNKNOWN) {
+                forceLayer = applayer;
+                printf("Forcing %s=%" PRIu16 "\n", AppProtoToString(forceLayer), forceLayer);
+            }
+        }
+        // http is the output name, but we want to fuzz HTTP1
+        if (forceLayer == ALPROTO_HTTP) {
+            forceLayer = ALPROTO_HTTP1;
+        }
     }
 
     if (size < HEADER_LEN) {

diff --git a/src/util-exception-policy-types.h b/src/util-exception-policy-types.h
@@ -33,7 +33,7 @@ enum ExceptionPolicy {
     EXCEPTION_POLICY_REJECT,
 };
 
-#define EXCEPTION_POLICY_MAX EXCEPTION_POLICY_REJECT + 1
+#define EXCEPTION_POLICY_MAX (EXCEPTION_POLICY_REJECT + 1)
 
 /* Max length = possible exception policy scenarios + counter names
  * + exception policy type. E.g.: