From: Remi Gacogne Date: Thu, 12 Nov 2020 08:01:23 +0000 (+0100) Subject: Add a fuzzing target for YaHTTP X-Git-Tag: dnsdist-1.8.0-rc1~213^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F9709%2Fhead;p=thirdparty%2Fpdns.git Add a fuzzing target for YaHTTP --- diff --git a/fuzzing/README.md b/fuzzing/README.md index b2ad4437c8..c2637d4338 100644 --- a/fuzzing/README.md +++ b/fuzzing/README.md @@ -13,6 +13,7 @@ The current targets cover: fuzz_target_dnsdistcache) ; - MOADNSParser (fuzz_target_moadnsparser) ; - the Proxy Protocol parser (fuzz_target_proxyprotocol) ; +- the HTTP parser we use (YaHTTP, fuzz_target_yahttp) ; - ZoneParserTNG (fuzz_target_zoneparsertng). - Parts of the ragel-generated parser (parseRFC1035CharString in fuzz_target_dnslabeltext) @@ -42,6 +43,8 @@ This directory contains a few files used for continuous fuzzing of the PowerDNS products. The 'corpus' directory contains three sub-directories: +- http-raw-payloads/ contains HTTP payloads of queries, used by + fuzz_target_yahttp ; - proxy-protocol-raw-packets/ contains DNS queries prefixed with a Proxy Protocol v2 header, used by fuzz_target_proxyprotocol ; - raw-dns-packets/ contains DNS queries and responses as captured on diff --git a/fuzzing/corpus/http-raw-payloads/http0_get.raw b/fuzzing/corpus/http-raw-payloads/http0_get.raw new file mode 100644 index 0000000000..56d93d9281 --- /dev/null +++ b/fuzzing/corpus/http-raw-payloads/http0_get.raw @@ -0,0 +1,2 @@ +GET / + diff --git a/fuzzing/corpus/http-raw-payloads/http10_nohost_get.raw b/fuzzing/corpus/http-raw-payloads/http10_nohost_get.raw new file mode 100644 index 0000000000..c1da607c07 --- /dev/null +++ b/fuzzing/corpus/http-raw-payloads/http10_nohost_get.raw @@ -0,0 +1,2 @@ +GET / HTTP/1.0 + diff --git a/fuzzing/corpus/http-raw-payloads/http11_get.raw b/fuzzing/corpus/http-raw-payloads/http11_get.raw new file mode 100644 index 0000000000..b2be663035 --- /dev/null +++ b/fuzzing/corpus/http-raw-payloads/http11_get.raw @@ -0,0 +1,10 @@ +GET /foo?param=42a HTTP/1.1 +Host: 127.0.0.1:8085 +User-Agent: HTTPie/2.3.0 +Accept-Encoding: gzip, deflate +Accept: */* +Connection: keep-alive +X-API-Key: redacted +customheader: foobar +Authorization: Basic YTpzdXBlcnNlY3JldA== + diff --git a/fuzzing/corpus/http-raw-payloads/http11_put.raw b/fuzzing/corpus/http-raw-payloads/http11_put.raw new file mode 100644 index 0000000000..4c16819813 --- /dev/null +++ b/fuzzing/corpus/http-raw-payloads/http11_put.raw @@ -0,0 +1,13 @@ +PUT /api/v1/servers/localhost/config/allow-from HTTP/1.1 +Host: 127.0.0.1:8085 +User-Agent: HTTPie/2.3.0 +Accept-Encoding: gzip, deflate +Accept: application/json, */*;q=0.5 +Connection: keep-alive +Content-Type: application/json +X-API-Key: apikey +Content-Length: 114 + +{"name": "allow-from", + "type": "ConfigSetting", + "value": ["192.0.2.0/24", "198.51.100.0/24", "203.0.113.0/24"]} diff --git a/pdns/.gitignore b/pdns/.gitignore index 6b31bb27ac..c8d6f27aa7 100644 --- a/pdns/.gitignore +++ b/pdns/.gitignore @@ -69,6 +69,7 @@ effective_tld_names.dat /fuzz_target_moadnsparser /fuzz_target_packetcache /fuzz_target_proxyprotocol +/fuzz_target_yahttp /fuzz_target_zoneparsertng /fuzz_target_dnslabeltext_parseRFC1035CharString /.cache diff --git a/pdns/Makefile.am b/pdns/Makefile.am index a151f62119..385d3bae16 100644 --- a/pdns/Makefile.am +++ b/pdns/Makefile.am @@ -1574,8 +1574,9 @@ fuzz_targets_programs = \ fuzz_target_moadnsparser \ fuzz_target_packetcache \ fuzz_target_proxyprotocol \ - fuzz_target_zoneparsertng \ - fuzz_target_dnslabeltext_parseRFC1035CharString + fuzz_target_dnslabeltext_parseRFC1035CharString \ + fuzz_target_yahttp \ + fuzz_target_zoneparsertng fuzz_targets: $(fuzz_targets_programs) @@ -1667,6 +1668,14 @@ fuzz_target_dnsdistcache_DEPENDENCIES = $(fuzz_targets_deps) fuzz_target_dnsdistcache_LDFLAGS = $(fuzz_targets_ldflags) fuzz_target_dnsdistcache_LDADD = $(fuzz_targets_libs) +fuzz_target_yahttp_SOURCES = \ + fuzz_yahttp.cc + +fuzz_target_yahttp_DEPENDENCIES = $(fuzz_targets_deps) +fuzz_target_yahttp_LDFLAGS = $(fuzz_targets_ldflags) +fuzz_target_yahttp_LDADD = $(fuzz_targets_libs) \ + $(YAHTTP_LIBS) + fuzz_target_zoneparsertng_SOURCES = \ base32.cc base32.hh \ base64.cc base64.hh \ diff --git a/pdns/fuzz_yahttp.cc b/pdns/fuzz_yahttp.cc new file mode 100644 index 0000000000..f0096f4996 --- /dev/null +++ b/pdns/fuzz_yahttp.cc @@ -0,0 +1,47 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size); + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + try { + YaHTTP::AsyncRequestLoader yarl; + YaHTTP::Request req; + + yarl.initialize(&req); + bool finished = yarl.feed(std::string(reinterpret_cast(data), size)); + if (finished) { + yarl.finalize(); + } + } + catch (const YaHTTP::ParseError& e) { + } + catch (const std::exception& e) { + } + catch (...) { + } + + return 0; +}