fuzzing/README.md

   1 Fuzzing the PowerDNS products
   2 -----------------------------
   3
   4 This repository contains several fuzzing targets that can be used with generic
   5 fuzzing engines like AFL and libFuzzer.
   6
   7 These targets are built by passing the --enable-fuzz-targets option to the
   8 configure, then building as usual. You can also build only these targets
   9 by going into the pdns/ directory and issuing a 'make fuzz_targets' command.
  10
  11 The current targets cover:
  12 - the auth, dnsdist and rec packet caches (fuzz_target_packetcache and
  13   fuzz_target_dnsdistcache) ;
  14 - MOADNSParser (fuzz_target_moadnsparser) ;
  15 - ZoneParserTNG (fuzz_target_zoneparsertng).
  16
  17 By default the targets are linked against a standalone target,
  18 pdns/standalone_fuzz_target_runner.cc, which does no fuzzing but makes it easy
  19 to check a given test file, or just that the fuzzing targets can be built properly.
  20
  21 This behaviour can be changed via the LIB_FUZZING_ENGINE variable, for example
  22 by setting it to -lFuzzer, building with clang by setting CC=clang CXX=clang++
  23 before running the configure and adding '-fsanitize=fuzzer-no-link' to CFLAGS
  24 and CXXFLAGS. Doing so instructs the compiler to instrument the code for
  25 efficient fuzzing but not to link directly with -lFuzzer, which would make
  26 the compilation tests done during the configure phase fail.
  27
  28 Sanitizers
  29 ----------
  30
  31 In order to catch the maximum of issues during fuzzing, it makes sense to
  32 enable the ASAN and UBSAN sanitizers via --enable-asan and --enable-ubsan
  33 options to the configure, or to set the appropriate flags directly.
  34
  35 Corpus
  36 ------
  37
  38 This directory contains a few files used for continuous fuzzing
  39 of the PowerDNS products.
  40
  41 The 'corpus' directory contains two sub-directories:
  42 - raw-dns-packets/ contains DNS queries and responses as captured on
  43   the wire. These are used by the fuzz_target_dnsdistcache,
  44   fuzz_target_moadnsparser and fuzz_target_packetcache targets ;
  45 - zones/ contains DNS zones, used by the fuzz_target_zoneparsertng
  46   target.
  47
  48 When run in the OSS-Fuzz environment, the zone files from the
  49 regression-tests/zones/ directory are added to the ones present
  50 in the fuzzing/corpus/zones/ directory.