1 Fuzzing the PowerDNS products
2 -----------------------------
4 This repository contains several fuzzing targets that can be used with generic
5 fuzzing engines like AFL and libFuzzer.
7 These targets are built by passing the --enable-fuzz-targets option to the
8 configure, then building as usual. You can also build only these targets
9 by going into the pdns/ directory and issuing a 'make fuzz_targets' command.
11 The current targets cover:
12 - the auth, dnsdist and rec packet caches (fuzz_target_packetcache and
13 fuzz_target_dnsdistcache) ;
14 - MOADNSParser (fuzz_target_moadnsparser) ;
15 - ZoneParserTNG (fuzz_target_zoneparsertng).
17 By default the targets are linked against a standalone target,
18 pdns/standalone_fuzz_target_runner.cc, which does no fuzzing but makes it easy
19 to check a given test file, or just that the fuzzing targets can be built properly.
21 This behaviour can be changed via the LIB_FUZZING_ENGINE variable, for example
22 by setting it to -lFuzzer, building with clang by setting CC=clang CXX=clang++
23 before running the configure and adding '-fsanitize=fuzzer-no-link' to CFLAGS
24 and CXXFLAGS. Doing so instructs the compiler to instrument the code for
25 efficient fuzzing but not to link directly with -lFuzzer, which would make
26 the compilation tests done during the configure phase fail.
31 In order to catch the maximum of issues during fuzzing, it makes sense to
32 enable the ASAN and UBSAN sanitizers via --enable-asan and --enable-ubsan
33 options to the configure, or to set the appropriate flags directly.
38 This directory contains a few files used for continuous fuzzing
39 of the PowerDNS products.
41 The 'corpus' directory contains two sub-directories:
42 - raw-dns-packets/ contains DNS queries and responses as captured on
43 the wire. These are used by the fuzz_target_dnsdistcache,
44 fuzz_target_moadnsparser and fuzz_target_packetcache targets ;
45 - zones/ contains DNS zones, used by the fuzz_target_zoneparsertng
48 When run in the OSS-Fuzz environment, the zone files from the
49 regression-tests/zones/ directory are added to the ones present
50 in the fuzzing/corpus/zones/ directory.