Don't fetch DNSKEY when fuzzing resolver

(cherry picked from commit cb3208aa4361587a7c246381d402c333522a3024)

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 865480d89f68420ab94dbb1eb701a4be2671757f..8f674a26d0331d5a10b356b105d4ff3faeee78ad 100644 (file)
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -544,9 +544,9 @@ struct dns_resolver {
 #define NEGATIVE(r) (((r)->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)
 
 #ifdef ENABLE_AFL
-static isc_boolean_t fuzzing_resolver = ISC_FALSE;
+isc_boolean_t dns_fuzzing_resolver = ISC_FALSE;
 void dns_resolver_setfuzzing() {
-       fuzzing_resolver = ISC_TRUE;
+       dns_fuzzing_resolver = ISC_TRUE;
 }
 #endif
 
@@ -1904,7 +1904,7 @@ add_bad_edns(fetchctx_t *fctx, isc_sockaddr_t *address) {
        isc_sockaddr_t *sa;
 
 #ifdef ENABLE_AFL
-       if (fuzzing_resolver)
+       if (dns_fuzzing_resolver)
                return;
 #endif
        if (bad_edns(fctx, address))
@@ -2860,7 +2860,7 @@ mark_bad(fetchctx_t *fctx) {
        isc_boolean_t all_bad = ISC_TRUE;
 
 #ifdef ENABLE_AFL
-       if (fuzzing_resolver)
+       if (dns_fuzzing_resolver)
                return ISC_FALSE;
 #endif
 
@@ -2940,7 +2940,7 @@ add_bad(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, isc_result_t reason,
        isc_sockaddr_t *address = &addrinfo->sockaddr;
 
 #ifdef ENABLE_AFL
-       if (fuzzing_resolver)
+       if (dns_fuzzing_resolver)
                return;
 #endif
 
@@ -8548,7 +8548,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
                                 no_response, ISC_FALSE);
 
 #ifdef ENABLE_AFL
-       if (fuzzing_resolver && (keep_trying || resend)) {
+       if (dns_fuzzing_resolver && (keep_trying || resend)) {
                fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
                return;
        } else
@@ -9787,7 +9787,7 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, dns_name_t *name,
                         dns_rdatatype_t type, isc_time_t *expire)
 {
 #ifdef ENABLE_AFL
-       if (!fuzzing_resolver)
+       if (!dns_fuzzing_resolver)
 #endif
        {
                (void) dns_badcache_add(resolver->badcache, name, type,

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index f1e5466358e42bfacfa58114420479b6486c2a9a..79c4d655985562720c01720fd9e8890aea2b8734 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -187,6 +187,10 @@ typedef struct dns_include dns_include_t;
 #define ZONEDB_UNLOCK(l, t)    UNLOCK(l)
 #endif
 
+#ifdef ENABLE_AFL
+extern isc_boolean_t dns_fuzzing_resolver;
+#endif
+
 struct dns_zone {
        /* Unlocked */
        unsigned int            magic;
@@ -9825,6 +9829,10 @@ zone_refreshkeys(dns_zone_t *zone) {
                 * as the latter will have a lower trust level due to not being
                 * validated until keyfetch_done() is called.
                 */
+
+#ifdef ENABLE_AFL
+                if (dns_fuzzing_resolver == ISC_FALSE) {
+#endif
                result = dns_resolver_createfetch(zone->view->resolver,
                                                  kname, dns_rdatatype_dnskey,
                                                  NULL, NULL, NULL,
@@ -9836,6 +9844,11 @@ zone_refreshkeys(dns_zone_t *zone) {
                                                  &kfetch->dnskeyset,
                                                  &kfetch->dnskeysigset,
                                                  &kfetch->fetch);
+#ifdef ENABLE_AFL
+                } else {
+                        result = ISC_R_FAILURE;
+                }
+#endif
                if (result == ISC_R_SUCCESS)
                        fetching = ISC_TRUE;
                else {