From: Remi Gacogne Date: Fri, 13 Mar 2020 18:07:02 +0000 (+0100) Subject: Add a fuzzing target for the Proxy Protocol v2 parser X-Git-Tag: dnsdist-1.5.0-alpha1~12^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aa5a2a6fe8ad0f8f43e19d315bc267e7bea6592c;p=thirdparty%2Fpdns.git Add a fuzzing target for the Proxy Protocol v2 parser --- diff --git a/fuzzing/README.md b/fuzzing/README.md index c42c5c12f1..055c448830 100644 --- a/fuzzing/README.md +++ b/fuzzing/README.md @@ -12,6 +12,7 @@ The current targets cover: - the auth, dnsdist and rec packet caches (fuzz_target_packetcache and fuzz_target_dnsdistcache) ; - MOADNSParser (fuzz_target_moadnsparser) ; +- the Proxy Protocol parser (fuzz_target_proxyprotocol) ; - ZoneParserTNG (fuzz_target_zoneparsertng). By default the targets are linked against a standalone target, @@ -38,7 +39,9 @@ Corpus This directory contains a few files used for continuous fuzzing of the PowerDNS products. -The 'corpus' directory contains two sub-directories: +The 'corpus' directory contains three sub-directories: +- proxy-protocol-raw-packets/ contains DNS queries prefixed with a Proxy + Protocol v2 header, used by fuzz_target_proxyprotocol ; - raw-dns-packets/ contains DNS queries and responses as captured on the wire. These are used by the fuzz_target_dnsdistcache, fuzz_target_moadnsparser and fuzz_target_packetcache targets ; diff --git a/fuzzing/corpus/proxy-protocol-raw-packets/proxy-protocol-local-header b/fuzzing/corpus/proxy-protocol-raw-packets/proxy-protocol-local-header new file mode 100644 index 0000000000..f2f8264e12 Binary files /dev/null and b/fuzzing/corpus/proxy-protocol-raw-packets/proxy-protocol-local-header differ diff --git a/fuzzing/corpus/proxy-protocol-raw-packets/proxy-protocol-v4-with-tlvs b/fuzzing/corpus/proxy-protocol-raw-packets/proxy-protocol-v4-with-tlvs new file mode 100644 index 0000000000..250bed2936 Binary files /dev/null and b/fuzzing/corpus/proxy-protocol-raw-packets/proxy-protocol-v4-with-tlvs differ diff --git a/pdns/Makefile.am b/pdns/Makefile.am index 64d3ad8fad..524110a07b 100644 --- a/pdns/Makefile.am +++ b/pdns/Makefile.am @@ -1423,6 +1423,7 @@ fuzz_targets_programs = \ fuzz_target_dnsdistcache \ fuzz_target_moadnsparser \ fuzz_target_packetcache \ + fuzz_target_proxyprotocol \ fuzz_target_zoneparsertng fuzz_targets: $(fuzz_targets_programs) @@ -1479,6 +1480,16 @@ fuzz_target_packetcache_DEPENDENCIES = $(fuzz_targets_deps) fuzz_target_packetcache_LDFLAGS = $(fuzz_targets_ldflags) fuzz_target_packetcache_LDADD = $(fuzz_targets_libs) +fuzz_target_proxyprotocol_SOURCES = \ + fuzz_proxyprotocol.cc \ + iputils.hh \ + proxy-protocol.cc \ + proxy-protocol.hh + +fuzz_target_proxyprotocol_DEPENDENCIES = $(fuzz_targets_deps) +fuzz_target_proxyprotocol_LDFLAGS = $(fuzz_targets_ldflags) +fuzz_target_proxyprotocol_LDADD = $(fuzz_targets_libs) + fuzz_target_dnsdistcache_SOURCES = \ fuzz_dnsdistcache.cc \ dnsdist-cache.cc dnsdist-cache.hh \ diff --git a/pdns/fuzz_proxyprotocol.cc b/pdns/fuzz_proxyprotocol.cc new file mode 100644 index 0000000000..d138d6faac --- /dev/null +++ b/pdns/fuzz_proxyprotocol.cc @@ -0,0 +1,42 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "proxy-protocol.hh" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + + std::vector values; + ComboAddress source; + ComboAddress destination; + bool proxy = false; + bool tcp = false; + + try { + parseProxyHeader(std::string(reinterpret_cast(data), size), proxy, source, destination, tcp, values); + } + catch(const std::exception& e) { + } + catch(const PDNSException& e) { + } + + return 0; +}