]>
Commit | Line | Data |
---|---|---|
164ccdcd RG |
1 | Fuzzing the PowerDNS products |
2 | ----------------------------- | |
3 | ||
4 | This repository contains several fuzzing targets that can be used with generic | |
5 | fuzzing engines like AFL and libFuzzer. | |
6 | ||
7 | These targets are built by passing the --enable-fuzz-targets option to the | |
8 | configure, then building as usual. You can also build only these targets | |
9 | by going into the pdns/ directory and issuing a 'make fuzz_targets' command. | |
10 | ||
11 | The current targets cover: | |
12 | - the auth, dnsdist and rec packet caches (fuzz_target_packetcache and | |
13 | fuzz_target_dnsdistcache) ; | |
14 | - MOADNSParser (fuzz_target_moadnsparser) ; | |
15 | - ZoneParserTNG (fuzz_target_zoneparsertng). | |
16 | ||
17 | By default the targets are linked against a standalone target, | |
18 | pdns/standalone_fuzz_target_runner.cc, which does no fuzzing but makes it easy | |
19 | to check a given test file, or just that the fuzzing targets can be built properly. | |
20 | ||
21 | This behaviour can be changed via the LIB_FUZZING_ENGINE variable, for example | |
22 | by setting it to -lFuzzer, building with clang by setting CC=clang CXX=clang++ | |
23 | before running the configure and adding '-fsanitize=fuzzer-no-link' to CFLAGS | |
24 | and CXXFLAGS. Doing so instructs the compiler to instrument the code for | |
25 | efficient fuzzing but not to link directly with -lFuzzer, which would make | |
26 | the compilation tests done during the configure phase fail. | |
27 | ||
28 | Sanitizers | |
29 | ---------- | |
30 | ||
44e0b9d2 | 31 | In order to catch the maximum of issues during fuzzing, it makes sense to |
164ccdcd RG |
32 | enable the ASAN and UBSAN sanitizers via --enable-asan and --enable-ubsan |
33 | options to the configure, or to set the appropriate flags directly. | |
34 | ||
35 | Corpus | |
36 | ------ | |
37 | ||
38 | This directory contains a few files used for continuous fuzzing | |
39 | of the PowerDNS products. | |
40 | ||
41 | The 'corpus' directory contains two sub-directories: | |
42 | - raw-dns-packets/ contains DNS queries and responses as captured on | |
43 | the wire. These are used by the fuzz_target_dnsdistcache, | |
44 | fuzz_target_moadnsparser and fuzz_target_packetcache targets ; | |
45 | - zones/ contains DNS zones, used by the fuzz_target_zoneparsertng | |
46 | target. | |
47 | ||
48 | When run in the OSS-Fuzz environment, the zone files from the | |
49 | regression-tests/zones/ directory are added to the ones present | |
50 | in the fuzzing/corpus/zones/ directory. |