projects / thirdparty / pdns.git / blame
| Commit | Line | Data |
|---|---|---|
| 164ccdcd RG |
1 | Fuzzing the PowerDNS products |
| 2 | ----------------------------- | |
| 3 | ||
| 4 | This repository contains several fuzzing targets that can be used with generic | |
| 5 | fuzzing engines like AFL and libFuzzer. | |
| 6 | ||
| 7 | These targets are built by passing the --enable-fuzz-targets option to the | |
| 8 | configure, then building as usual. You can also build only these targets | |
| 9 | by going into the pdns/ directory and issuing a 'make fuzz_targets' command. | |
| 10 | ||
| 11 | The current targets cover: | |
| 12 | - the auth, dnsdist and rec packet caches (fuzz_target_packetcache and | |
| 13 | fuzz_target_dnsdistcache) ; | |
| 14 | - MOADNSParser (fuzz_target_moadnsparser) ; | |
| 15 | - ZoneParserTNG (fuzz_target_zoneparsertng). | |
| 16 | ||
| 17 | By default the targets are linked against a standalone target, | |
| 18 | pdns/standalone_fuzz_target_runner.cc, which does no fuzzing but makes it easy | |
| 19 | to check a given test file, or just that the fuzzing targets can be built properly. | |
| 20 | ||
| 21 | This behaviour can be changed via the LIB_FUZZING_ENGINE variable, for example | |
| 22 | by setting it to -lFuzzer, building with clang by setting CC=clang CXX=clang++ | |
| 23 | before running the configure and adding '-fsanitize=fuzzer-no-link' to CFLAGS | |
| 24 | and CXXFLAGS. Doing so instructs the compiler to instrument the code for | |
| 25 | efficient fuzzing but not to link directly with -lFuzzer, which would make | |
| 26 | the compilation tests done during the configure phase fail. | |
| 27 | ||
| 28 | Sanitizers | |
| 29 | ---------- | |
| 30 | ||
| 44e0b9d2 | 31 | In order to catch the maximum of issues during fuzzing, it makes sense to |
| 164ccdcd RG |
32 | enable the ASAN and UBSAN sanitizers via --enable-asan and --enable-ubsan |
| 33 | options to the configure, or to set the appropriate flags directly. | |
| 34 | ||
| 35 | Corpus | |
| 36 | ------ | |
| 37 | ||
| 38 | This directory contains a few files used for continuous fuzzing | |
| 39 | of the PowerDNS products. | |
| 40 | ||
| 41 | The 'corpus' directory contains two sub-directories: | |
| 42 | - raw-dns-packets/ contains DNS queries and responses as captured on | |
| 43 | the wire. These are used by the fuzz_target_dnsdistcache, | |
| 44 | fuzz_target_moadnsparser and fuzz_target_packetcache targets ; | |
| 45 | - zones/ contains DNS zones, used by the fuzz_target_zoneparsertng | |
| 46 | target. | |
| 47 | ||
| 48 | When run in the OSS-Fuzz environment, the zone files from the | |
| 49 | regression-tests/zones/ directory are added to the ones present | |
| 50 | in the fuzzing/corpus/zones/ directory. |