fuzzing engines like AFL and libFuzzer.
These targets are built by passing the --enable-fuzz-targets option to the
-configure, then building as usual. You can also build only these targets
-by going into the pdns/ directory and issuing a 'make fuzz_targets' command.
+configure of the authoritative server and dnsdist, then building them as usual.
+You can also build only these targets manually by going into the pdns/ directory
+and issuing a 'make fuzz_targets' command for the authoritative server,
+or going into the pdns/dnsdistdist and issuing a 'make fuzz_targets' command for
+dnsdist.
The current targets cover:
-- the auth, dnsdist and rec packet caches (fuzz_target_packetcache and
- fuzz_target_dnsdistcache) ;
+- the auth and rec packet cache (fuzz_target_packetcache) ;
- MOADNSParser (fuzz_target_moadnsparser) ;
- the Proxy Protocol parser (fuzz_target_proxyprotocol) ;
- the HTTP parser we use (YaHTTP, fuzz_target_yahttp) ;
- ZoneParserTNG (fuzz_target_zoneparsertng).
- Parts of the ragel-generated parser (parseRFC1035CharString in
- fuzz_target_dnslabeltext)
+ fuzz_target_dnslabeltext) ;
+- the dnsdist packet cache (fuzz_target_dnsdistcache).
By default the targets are linked against a standalone target,
-pdns/standalone_fuzz_target_runner.cc, which does no fuzzing but makes it easy
+standalone_fuzz_target_runner.cc, which does no fuzzing but makes it easy
to check a given test file, or just that the fuzzing targets can be built properly.
This behaviour can be changed via the LIB_FUZZING_ENGINE variable, for example
Quickly getting started (using clang 11)
----------------------------------------
-First, confgure:
+First, configure the authoritative server:
```
LIB_FUZZING_ENGINE="/usr/lib/clang/11.0.1/lib/linux/libclang_rt.fuzzer-x86_64.a" \
./configure --without-dynmodules --with-modules= --disable-lua-records --disable-ixfrdist --enable-fuzz-targets --disable-dependency-tracking --disable-silent-rules --enable-asan --enable-ubsan
```
+If you build the fuzzing targets only, you will need to issue the following commands first:
+```
+make -j2 -C ext/arc4random/
+make -j2 -C ext/yahttp/
+```
+
Then build:
```
lua-record.cc \
minicurl.cc \
minicurl.hh \
+ standalone_fuzz_target_runner.cc \
api-swagger.yaml \
api-swagger.json \
requirements.txt \
standalone_fuzz_target_runner.o: standalone_fuzz_target_runner.cc
fuzz_targets_programs = \
- fuzz_target_dnsdistcache \
fuzz_target_moadnsparser \
fuzz_target_packetcache \
fuzz_target_proxyprotocol \
fuzz_target_proxyprotocol_LDFLAGS = $(fuzz_targets_ldflags)
fuzz_target_proxyprotocol_LDADD = $(fuzz_targets_libs)
-fuzz_target_dnsdistcache_SOURCES = \
- channel.hh channel.cc \
- dns.cc dns.hh \
- dnsdist-cache.cc dnsdist-cache.hh \
- dnsdist-ecs.cc dnsdist-ecs.hh \
- dnsdist-idstate.hh \
- dnsdist-protocols.cc dnsdist-protocols.hh \
- dnslabeltext.cc \
- dnsname.cc dnsname.hh \
- dnsparser.cc dnsparser.hh \
- dnswriter.cc dnswriter.hh \
- doh.hh \
- ednsoptions.cc ednsoptions.hh \
- ednssubnet.cc ednssubnet.hh \
- fuzz_dnsdistcache.cc \
- iputils.cc iputils.hh \
- misc.cc misc.hh \
- packetcache.hh \
- qtype.cc qtype.hh \
- svc-records.cc svc-records.hh
-
-fuzz_target_dnsdistcache_DEPENDENCIES = $(fuzz_targets_deps)
-fuzz_target_dnsdistcache_LDFLAGS = $(fuzz_targets_ldflags)
-fuzz_target_dnsdistcache_LDADD = $(fuzz_targets_libs)
-
fuzz_target_yahttp_SOURCES = \
fuzz_yahttp.cc
kqueuemplexer.cc \
portsmplexer.cc \
cdb.cc cdb.hh \
+ standalone_fuzz_target_runner.cc \
ext/lmdb-safe/lmdb-safe.cc ext/lmdb-safe/lmdb-safe.hh \
ext/protozero/include/* \
builder-support/gen-version
portsmplexer.cc
endif
+if FUZZ_TARGETS
+
+LIB_FUZZING_ENGINE ?= standalone_fuzz_target_runner.o
+
+standalone_fuzz_target_runner.o: standalone_fuzz_target_runner.cc
+
+fuzz_targets_programs = \
+ fuzz_target_dnsdistcache
+
+fuzz_targets: $(ARC4RANDOM_LIBS) $(fuzz_targets_programs)
+
+bin_PROGRAMS += \
+ $(fuzz_targets_programs)
+
+fuzz_targets_libs = \
+ $(LIBCRYPTO_LIBS) \
+ $(LIB_FUZZING_ENGINE)
+
+fuzz_targets_ldflags = \
+ $(AM_LDFLAGS) \
+ $(DYNLINKFLAGS) \
+ $(LIBCRYPTO_LDFLAGS) \
+ $(FUZZING_LDFLAGS)
+
+# we need the mockup runner to be built, but not linked if a real fuzzing engine is used
+fuzz_targets_deps = standalone_fuzz_target_runner.o
+
+fuzz_target_dnsdistcache_SOURCES = \
+ channel.hh channel.cc \
+ dns.cc dns.hh \
+ dnsdist-cache.cc dnsdist-cache.hh \
+ dnsdist-ecs.cc dnsdist-ecs.hh \
+ dnsdist-idstate.hh \
+ dnsdist-protocols.cc dnsdist-protocols.hh \
+ dnslabeltext.cc \
+ dnsname.cc dnsname.hh \
+ dnsparser.cc dnsparser.hh \
+ dnswriter.cc dnswriter.hh \
+ doh.hh \
+ ednsoptions.cc ednsoptions.hh \
+ ednssubnet.cc ednssubnet.hh \
+ fuzz_dnsdistcache.cc \
+ iputils.cc iputils.hh \
+ misc.cc misc.hh \
+ packetcache.hh \
+ qtype.cc qtype.hh \
+ svc-records.cc svc-records.hh
+
+fuzz_target_dnsdistcache_DEPENDENCIES = $(fuzz_targets_deps)
+fuzz_target_dnsdistcache_LDFLAGS = $(fuzz_targets_ldflags)
+fuzz_target_dnsdistcache_LDADD = $(fuzz_targets_libs)
+
+endif
+
MANPAGES=dnsdist.1
dist_man_MANS=$(MANPAGES)
BOOST_REQUIRE([1.42])
PDNS_ENABLE_UNIT_TESTS
+PDNS_ENABLE_FUZZ_TARGETS
PDNS_WITH_RE2
DNSDIST_ENABLE_DNSCRYPT
PDNS_WITH_EBPF
--- /dev/null
+../../../m4/pdns_enable_fuzz_targets.m4
\ No newline at end of file
--- /dev/null
+../standalone_fuzz_target_runner.cc
\ No newline at end of file
-DDISABLE_FALSE_SHARING_PADDING \
-DDISABLE_NPN'
unittests = ' --enable-unit-tests' if os.getenv('UNIT_TESTS') == 'yes' else ''
+ fuzztargets = '--enable-fuzz-targets' if os.getenv('FUZZING_TARGETS') == 'yes' else ''
sanitizers = ' '.join('--enable-'+x for x in os.getenv('SANITIZERS').split('+')) if os.getenv('SANITIZERS') != '' else ''
cflags = '-O1 -Werror=vla -Werror=shadow -Wformat=2 -Werror=format-security -Werror=string-plus-int'
cxxflags = cflags + ' -Wp,-D_GLIBCXX_ASSERTIONS ' + additional_flags
--enable-fortify-source=auto \
--enable-auto-var-init=pattern \
--enable-lto=thin \
- --prefix=/opt/dnsdist %s %s %s''' % (cflags, cxxflags, features_set, sanitizers, unittests), warn=True)
+ --prefix=/opt/dnsdist %s %s %s %s''' % (cflags, cxxflags, features_set, sanitizers, unittests, fuzztargets), warn=True)
if res.exited != 0:
c.run('cat config.log')
raise UnexpectedExit(res)