]>
Commit | Line | Data |
---|---|---|
164ccdcd RG |
1 | Fuzzing the PowerDNS products |
2 | ----------------------------- | |
3 | ||
4 | This repository contains several fuzzing targets that can be used with generic | |
5 | fuzzing engines like AFL and libFuzzer. | |
6 | ||
7 | These targets are built by passing the --enable-fuzz-targets option to the | |
8 | configure, then building as usual. You can also build only these targets | |
9 | by going into the pdns/ directory and issuing a 'make fuzz_targets' command. | |
10 | ||
11 | The current targets cover: | |
12 | - the auth, dnsdist and rec packet caches (fuzz_target_packetcache and | |
13 | fuzz_target_dnsdistcache) ; | |
14 | - MOADNSParser (fuzz_target_moadnsparser) ; | |
aa5a2a6f | 15 | - the Proxy Protocol parser (fuzz_target_proxyprotocol) ; |
164ccdcd RG |
16 | - ZoneParserTNG (fuzz_target_zoneparsertng). |
17 | ||
18 | By default the targets are linked against a standalone target, | |
19 | pdns/standalone_fuzz_target_runner.cc, which does no fuzzing but makes it easy | |
20 | to check a given test file, or just that the fuzzing targets can be built properly. | |
21 | ||
22 | This behaviour can be changed via the LIB_FUZZING_ENGINE variable, for example | |
23 | by setting it to -lFuzzer, building with clang by setting CC=clang CXX=clang++ | |
24 | before running the configure and adding '-fsanitize=fuzzer-no-link' to CFLAGS | |
25 | and CXXFLAGS. Doing so instructs the compiler to instrument the code for | |
26 | efficient fuzzing but not to link directly with -lFuzzer, which would make | |
27 | the compilation tests done during the configure phase fail. | |
28 | ||
29 | Sanitizers | |
30 | ---------- | |
31 | ||
44e0b9d2 | 32 | In order to catch the maximum of issues during fuzzing, it makes sense to |
164ccdcd RG |
33 | enable the ASAN and UBSAN sanitizers via --enable-asan and --enable-ubsan |
34 | options to the configure, or to set the appropriate flags directly. | |
35 | ||
36 | Corpus | |
37 | ------ | |
38 | ||
39 | This directory contains a few files used for continuous fuzzing | |
40 | of the PowerDNS products. | |
41 | ||
aa5a2a6f RG |
42 | The 'corpus' directory contains three sub-directories: |
43 | - proxy-protocol-raw-packets/ contains DNS queries prefixed with a Proxy | |
44 | Protocol v2 header, used by fuzz_target_proxyprotocol ; | |
164ccdcd RG |
45 | - raw-dns-packets/ contains DNS queries and responses as captured on |
46 | the wire. These are used by the fuzz_target_dnsdistcache, | |
47 | fuzz_target_moadnsparser and fuzz_target_packetcache targets ; | |
48 | - zones/ contains DNS zones, used by the fuzz_target_zoneparsertng | |
49 | target. | |
50 | ||
51 | When run in the OSS-Fuzz environment, the zone files from the | |
52 | regression-tests/zones/ directory are added to the ones present | |
53 | in the fuzzing/corpus/zones/ directory. |