/*.dSYM/
-dns_name_fromtext_target
-dns_rdata_fromwire_text
/*.out/
+/dns_name_fromtext_target
+/dns_rdata_fromwire_text
+/isc_lex_getmastertoken
+/isc_lex_gettoken
#include <dns/fixedname.h>
#include <dns/name.h>
+#include "fuzz.h"
+
+static isc_mem_t *mctx = NULL;
+
int
-LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+LLVMFuzzerInitialize(int *argc __attribute__((unused)),
+ char ***argv __attribute__((unused))) {
+ isc_mem_create(&mctx);
+ RUNTIME_CHECK(dst_lib_init(mctx, NULL) == ISC_R_SUCCESS);
+ return (0);
+}
int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
isc_buffer_t buf;
isc_result_t result;
dns_fixedname_t origin;
- char *de_const;
if (size < 5) {
return (0);
}
dns_fixedname_init(&origin);
- DE_CONST(data, de_const);
- isc_buffer_init(&buf, (void *)de_const, size);
+
+ isc_buffer_constinit(&buf, data, size);
isc_buffer_add(&buf, size);
+ isc_buffer_setactive(&buf, size);
+
result = dns_name_fromtext(dns_fixedname_name(&origin), &buf,
dns_rootname, 0, NULL);
UNUSED(result);
#include <dns/rdata.h>
#include <dns/rdatatype.h>
-#define CHECK(x) \
- ({ \
- if ((result = (x)) != ISC_R_SUCCESS) \
- goto done; \
- })
+#include "fuzz.h"
/*
* Fuzz input to dns_rdata_fromwire(). Then convert the result
* format again, checking for consistency throughout the sequence.
*/
+static isc_mem_t *mctx = NULL;
+static isc_lex_t *lex = NULL;
+
int
-LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+LLVMFuzzerInitialize(int *argc __attribute__((unused)),
+ char ***argv __attribute__((unused))) {
+ isc_lexspecials_t specials;
+
+ isc_mem_create(&mctx);
+ RUNTIME_CHECK(dst_lib_init(mctx, NULL) == ISC_R_SUCCESS);
+ CHECK(isc_lex_create(mctx, 64, &lex));
+
+ memset(specials, 0, sizeof(specials));
+ specials[0] = 1;
+ specials['('] = 1;
+ specials[')'] = 1;
+ specials['"'] = 1;
+ isc_lex_setspecials(lex, specials);
+ isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
+
+ return (0);
+}
static void
nullmsg(dns_rdatacallbacks_t *cb, const char *fmt, ...) {
rdata3 = DNS_RDATA_INIT;
dns_rdatacallbacks_t callbacks;
isc_buffer_t source, target;
- isc_lex_t *lex = NULL;
- isc_lexspecials_t specials;
- isc_mem_t *mctx = NULL;
isc_result_t result;
unsigned char fromtext[1024];
unsigned char fromwire[1024];
unsigned int types = 1, flags, t;
if (size < 2) {
- goto done;
+ return (0);
}
/*
rdclass = classlist[(*data++) % classes];
size--;
- isc_mem_create(&mctx);
-
- CHECK(isc_lex_create(mctx, 64, &lex));
- memset(specials, 0, sizeof(specials));
- specials[0] = 1;
- specials['('] = 1;
- specials[')'] = 1;
- specials['"'] = 1;
- isc_lex_setspecials(lex, specials);
- isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
-
dns_rdatacallbacks_init(&callbacks);
callbacks.warn = callbacks.error = nullmsg;
assert(target.used == size);
assert(!memcmp(target.base, data, size));
-done:
- if (lex != NULL) {
- isc_lex_destroy(&lex);
- }
- if (lex != NULL) {
- isc_mem_detach(&mctx);
- }
return (0);
}
ISC_LANG_BEGINDECLS
int
-LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
-
-static isc_mem_t *mctx = NULL;
+LLVMFuzzerInitialize(int *argc __attribute__((unused)),
+ char ***argv __attribute__((unused)));
-static void __attribute__((constructor)) init(void) {
- isc_mem_create(&mctx);
- RUNTIME_CHECK(dst_lib_init(mctx, NULL) == ISC_R_SUCCESS);
-}
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
-static void __attribute__((destructor)) deinit(void) {
- dst_lib_destroy();
- isc_mem_destroy(&mctx);
-}
+#define CHECK(x) \
+ if ((x) != ISC_R_SUCCESS) { \
+ return 0; \
+ }
ISC_LANG_ENDDECLS
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <isc/buffer.h>
+#include <isc/lex.h>
+#include <isc/mem.h>
+#include <isc/util.h>
+
+#include "fuzz.h"
+
+int
+LLVMFuzzerInitialize(int *argc __attribute__((unused)),
+ char ***argv __attribute__((unused)));
+
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+static isc_mem_t *mctx = NULL;
+static isc_lex_t *lex = NULL;
+
+int
+LLVMFuzzerInitialize(int *argc __attribute__((unused)),
+ char ***argv __attribute__((unused))) {
+ isc_result_t result;
+
+ isc_mem_create(&mctx);
+
+ result = isc_lex_create(mctx, 1024, &lex);
+ REQUIRE(result == ISC_R_SUCCESS);
+
+ return (0);
+}
+
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ isc_buffer_t buf;
+ isc_result_t result;
+
+ isc_buffer_constinit(&buf, data, size);
+ isc_buffer_add(&buf, size);
+ isc_buffer_setactive(&buf, size);
+
+ CHECK(isc_lex_openbuffer(lex, &buf));
+
+ do {
+ isc_token_t token;
+ result = isc_lex_gettoken(lex, 0, &token);
+ } while (result == ISC_R_SUCCESS);
+
+ return (0);
+}
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*
+ * This is a worthless, nonrunnable example of a named.conf file that has
+ * every conceivable syntax element in use. We use it to test the parser.
+ * It could also be used as a conceptual template for users of new features.
+ */
+
+/*
+ * C-style comments are OK
+ */
+
+// So are C++-style comments
+
+#So are shell - style comments
+
+// watch out for ";" -- it's important!
+
+options {
+ additional - from - auth true;
+ additional - from - cache false;
+
+ version "my version string";
+ random - device "/dev/random";
+ directory "/tmp";
+
+ port 666;
+
+ sig - validity - interval 33;
+
+#Obsolete
+ named - xfer "/usr/libexec/named-xfer"; // _PATH_XFER
+
+ dump - file "named_dump.db"; // _PATH_DUMPFILE
+ pid - file "/var/run/named.pid"; // _PATH_PIDFILE
+ statistics - file "named.stats"; // _PATH_STATS
+ memstatistics - file "named.memstats"; // _PATH_MEMSTATS
+
+ max - cache - ttl 999;
+ min - cache - ttl 66;
+ auth - nxdomain yes; // always set AA on NXDOMAIN.
+ // don't set this to 'no' unless
+ // you know what you're doing -- older
+ // servers won't like it.
+
+#Obsolete
+ deallocate - on - exit no;
+
+ dialup yes;
+
+#Obsolete
+ fake - iquery no;
+
+ fetch - glue yes;
+ has - old - clients yes;
+ host - statistics no;
+
+#Obsolete
+ multiple - cnames no; // if yes, then a name my have more
+ // than one CNAME RR. This use
+ // is non-standard and is not
+ // recommended, but it is available
+ // because previous releases supported
+ // it and it was used by large sites
+ // for load balancing.
+
+ notify yes; // send NOTIFY messages. You can set
+ // notify on a zone-by-zone
+ // basis in the "zone" statement
+ // see (below)
+ recursion yes;
+ rfc2308 - type1 no;
+
+#Obsolete
+ use - id - pool yes;
+
+#Obsolete
+ treat - cr - as - space yes;
+
+ also - notify { 10.0.2.3; };
+
+ // The "forward" option is only meaningful if you've defined
+ // forwarders. "first" gives the normal BIND
+ // forwarding behavior, i.e. ask the forwarders first, and if that
+ // doesn't work then do the full lookup. You can also say
+ // "forward only;" which is what used to be specified with
+ // "slave" or "options forward-only". "only" will never attempt
+ // a full lookup; only the forwarders will be used.
+ forward first;
+ forwarders {
+ 1.2.3.4;
+ 5.6.7.8;
+ };
+
+ check - names master fail;
+ check - names slave warn;
+ check - names response ignore;
+
+ allow - query { any; };
+ allow - transfer { any; };
+ allow - recursion { !any; };
+ blackhole { 45 / 24; };
+ keep - response - order { 46 / 24; };
+
+ listen - on {
+ 10 / 24;
+ 10.0.0.3;
+ };
+
+ listen - on port 53 { any; };
+
+ listen - on { 5.6.7.8; };
+
+ listen - on port 1234 {
+ !1.2.3.4;
+ 1.2.3 / 24;
+ };
+
+ listen - on - v6 { 1 : 1 : 1 : 1 : 1 : 1 : 1 : 1; };
+
+ listen - on - v6 port 777 { 2 : 2 : 2 : 2 : 2 : 2 : 2 : 2; };
+
+ query - source - v6 address 8 : 7 : 6 : 5 : 4 : 3 : 2 : 1 port *;
+ query - source port *address 10.0.0.54;
+
+ lame - ttl 444;
+
+ max - transfer - time - in 300;
+ max - transfer - time - out 10;
+ max - transfer - idle - in 100;
+ max - transfer - idle - out 11;
+
+ max - retry - time 1234;
+ min - retry - time 1111;
+ max - refresh - time 888;
+ min - refresh - time 777;
+
+ max - ncache - ttl 333;
+ min - ncache - ttl 22;
+ min - roots 15;
+ serial - queries 34;
+
+ transfer - format one - answer;
+
+ transfers - in 10;
+ transfers - per - ns 2;
+ transfers - out 0;
+
+ transfer - source 10.0.0.5;
+ transfer - source - v6 4 : 3 : 2 : 1 : 5 : 6 : 7 : 8;
+
+ request - ixfr yes;
+ provide - ixfr yes;
+
+#Now called 'provide-ixfr'
+#maintain - ixfr - base no; // If yes, keep transaction log file for IXFR
+
+ max - ixfr - log - size 20m;
+ coresize 100;
+ datasize 101;
+ files 230;
+ max - cache - size 1m;
+ stacksize 231;
+ heartbeat - interval 1001;
+ interface - interval 1002;
+ statistics - interval 1003;
+
+ topology {
+ 10 / 8;
+
+ !1.2.3 / 24;
+
+ {
+ 1.2 / 16;
+ 3 / 8;
+ };
+ };
+
+ sortlist {
+ 10 / 8;
+ 11 / 8;
+ };
+
+ tkey - domain "foo.com";
+ tkey - dhkey "xyz" 666;
+
+ rrset - order {
+ class IN type A name "foo" order random;
+ order cyclic;
+ };
+};
+
+/*
+ * Control listeners, for "ndc". Every nameserver needs at least one.
+ */
+controls {
+ // 'inet' lines without a 'port' defaults to 'port 953'
+ // 'keys' must be used and the list must have at least one entry
+ inet *port 52 allow { any; }
+ keys { "key2"; };
+ unix "/var/run/ndc" perm 0600 owner 0 group 0; // ignored by named.
+ inet 10.0.0.1 allow {
+ any;
+ key foo;
+ }
+ keys { "key4"; };
+ inet 10.0.0.2 allow { none; }
+ keys {
+ "key-1";
+ "key-2";
+ };
+ inet 10.0.0.2 allow { none; };
+};
+
+zone "master.demo.zone" {
+ type master; // what used to be called "primary"
+ database "somedb -option1 -option2 arg1 arg2 arg3";
+ file "master.demo.zone";
+ check - names fail;
+ allow - update { none; };
+ allow - update - forwarding {
+ 10.0.0.5;
+ !any;
+ };
+ allow - transfer { any; };
+ allow - query { any; };
+ sig - validity - interval 990;
+ notify explicit;
+ also - notify {
+ 1.0.0.1;
+ }; // don't notify any nameservers other
+ // than those on the NS list for this
+ // zone
+ forward first;
+ forwarders {
+ 10.0.0.3;
+ 1 : 2 : 3 : 4 : 5 : 6 : 7 : 8;
+ };
+};
+
+zone "slave.demo.zone" {
+ type slave; // what used to be called "secondary"
+ file "slave.demo.zone";
+ ixfr - base "slave.demo.zone.ixfr"; // File name for IXFR transaction
+ // log file
+ masters {
+ 1.2.3.4 port 10 key "foo"; // where to zone transfer from
+ 5.6.7.8;
+ 6.7.8.9 key "zippo";
+ };
+ transfer - source 10.0.0.53; // fixes multihoming problems
+ check - names warn;
+ allow - update { none; };
+ allow - transfer { any; };
+ allow - update - forwarding { any; };
+ allow - query { any; };
+ max - transfer - time - in 120; // if not set, global option is used.
+ max - transfer - time - out 1; // if not set, global option is used.
+ max - transfer - idle - in 2; // if not set, global option is used.
+ max - transfer - idle - out 3; // if not set, global option is used.
+ also - notify { 1.0.0.2; };
+ forward only;
+ forwarders {
+ 10.45.45.45;
+ 10.0.0.3;
+ 1 : 2 : 3 : 4 : 5 : 6 : 7 : 8;
+ };
+};
+
+key "non-viewkey" {
+ secret "YWFh";
+ algorithm "zzz";
+};
+
+view "test-view" in {
+ key "viewkey" {
+ algorithm "xxx";
+ secret "eXl5";
+ };
+ also - notify { 10.2.2.3; };
+ managed - keys { foo.com.static 4 3 2 "abdefghijklmnopqrstuvwxyz"; };
+ sig - validity - interval 45;
+ max - cache - size 100000;
+ allow - query { 10.0.0.30; };
+ additional - from - cache false;
+ additional - from - auth no;
+ match - clients { 10.0.0.1; };
+ check - names master warn;
+ check - names slave ignore;
+ check - names response fail;
+ auth - nxdomain false;
+ recursion true;
+ provide - ixfr false;
+ request - ixfr true;
+ fetch - glue true;
+ notify false;
+ rfc2308 - type1 false;
+ transfer - source 10.0.0.55;
+ transfer - source - v6 4 : 3 : 8 : 1 : 5 : 6 : 7 : 8;
+ query - source port *address 10.0.0.54;
+ query - source - v6 address 6 : 6 : 6 : 6 : 6 : 6 : 6 : 6 port *;
+ max - transfer - time - out 45;
+ max - transfer - idle - out 55;
+ min - roots 3;
+ lame - ttl 477;
+ max - ncache - ttl 333;
+ max - cache - ttl 777;
+ transfer - format many - answers;
+ max - retry - time 7;
+ min - retry - time 4;
+ max - refresh - time 999;
+ min - refresh - time 111;
+
+ zone "view-zone.com" {
+ type master;
+ allow - update - forwarding { 10.0.0.34; };
+ file "view-zone-master";
+ };
+
+ server 5.6.7.8 { keys "viewkey"; };
+
+ server 10.9.8.7 { keys "non-viewkey"; };
+ dialup yes;
+};
+
+zone "stub.demo.zone" {
+ type stub; // stub zones are like slave zones,
+ // except that only the NS records
+ // are transferred.
+ dialup yes;
+ file "stub.demo.zone";
+ masters {
+ 1.2.3.4; // where to zone transfer from
+ 5.6.7.8 port 999;
+ };
+ check - names warn;
+ allow - update { none; };
+ allow - transfer { any; };
+ allow - query { any; };
+
+ max - retry - time 10;
+ min - retry - time 11;
+ max - refresh - time 12;
+ min - refresh - time 13;
+
+ max - transfer - time - in 120; // if not set, global option is used.
+ pubkey 257 255 1 "a useless key";
+ pubkey 257 255 1 "another useless key";
+};
+
+zone "." {
+ type hint; // used to be specified w/ "cache"
+ file "cache.db";
+ // pubkey 257 255 1
+ //"AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
+};
+
+managed - keys {
+ "." static 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/"
+ "KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP"
+ "/rick6gvEer5VcDEkLR5Q==";
+};
+
+acl can_query {
+ !1.2.3 / 24;
+ any;
+}; // network 1.2.3.0 mask 255.255.255.0
+ // is disallowed; rest are OK
+acl can_axfr {
+ 1.2.3.4;
+ can_query;
+}; // host 1.2.3.4 and any host allowed
+ // by can_query are OK
+
+zone "disabled-zone.com" {
+ type master;
+ file "bar";
+
+ max - retry - time 100;
+ min - retry - time 110;
+ max - refresh - time 120;
+ min - refresh - time 130;
+};
+
+zone "non-default-acl.demo.zone" {
+ type master;
+ file "foo";
+ allow - query { can_query; };
+ allow - transfer { can_axfr; };
+ allow - update {
+ 1.2.3.4;
+ 5.6.7.8;
+ };
+ pubkey 666 665 664 "key of the beast";
+ // Errors trapped by parser:
+ // identity or name not absolute
+ // 'wildcard' match type and no wildcard character in name
+ //
+ // issues:
+ // - certain rdatatype values (such as "key") are config file
+ // keywords and
+ // must be quoted or a syntax error will occur.
+ //
+
+ update - policy {
+ grant root.domain.subdomain host.domain.A MX CNAME;
+ grant sub.root.domain.wildcard *.host.domain.A;
+ grant root.domain.name host.domain.a ns md mf cname soa mb mg mr
+ "null" wks ptr hinfo minfo mx txt rp afsdb x25 isdn rt
+ nsap sig "key" px gpos aaaa loc nxt srv naptr kx
+ cert a6 dname opt unspec uri tkey tsig;
+ grant foo.bar.com.self foo.bar.com.a;
+ };
+};
+
+key sample_key { // for TSIG; supported by parser
+ algorithm hmac - md5; // but not yet implemented in the
+ secret "eW91ciBzZWNyZXQgaGVyZQ=="; // rest of the server
+};
+
+key key2 {
+ algorithm hmac - md5;
+ secret "ZXJlaCB0ZXJjZXMgcm91eQ==";
+};
+
+acl key_acl { key sample_key; }; // a request signed with sample_key
+
+server 1.2.3.4 {
+ request - ixfr no;
+ provide - ixfr no;
+ bogus no; // if yes, we won't query or listen
+ // to this server
+ transfer - format one - answer; // set transfer format for this
+ // server (see the description of
+ // 'transfer-format' above)
+ // if not specified, the global option
+ // will be used
+ transfers 0; // not implemented
+ keys{ "sample_key" }; // for TSIG; supported by the parser
+ // but not yet implemented in the
+ // rest of the server
+#Now called 'request-ixfr'
+#support - ixfr yes; // for IXFR supported by server
+ // if yes, the listed server talks IXFR
+};
+
+logging {
+ /*
+ * All log output goes to one or more "channels"; you can make as
+ * many of them as you want.
+ */
+
+ channel syslog_errors { // this channel will send errors or
+ syslog user; // or worse to syslog (user facility)
+ severity error;
+ };
+
+ channel stderr_errors { stderr; };
+
+ /*
+ * Channels have a severity level. Messages at severity levels
+ * greater than or equal to the channel's level will be logged on
+ * the channel. In order of decreasing severity, the levels are:
+ *
+ * critical a fatal error
+ * error
+ * warning
+ * notice a normal, but significant event
+ * info an informational message
+ * debug 1 the least detailed debugging info
+ * ...
+ * debug 99 the most detailed debugging info
+ */
+
+ /*
+ * Here are the built-in channels:
+ *
+ * channel default_syslog {
+ * syslog daemon;
+ * severity info;
+ * };
+ *
+ * channel default_debug {
+ * file "named.run"; // note: stderr is used instead
+ * // of "named.run" if the server
+ * // is started with the "-f"
+ * // option.
+ * severity dynamic; // this means log debugging
+ * // at whatever debugging level
+ * // the server is at, and don't
+ * // log anything if not
+ * // debugging.
+ * };
+ *
+ * channel null { // this is the bit bucket;
+ * file "/dev/null"; // any logging to this channel
+ * // is discarded.
+ * };
+ *
+ * channel default_stderr { // writes to stderr
+ * file "<stderr>"; // this is illustrative only;
+ * // there's currently no way
+ * // of saying "stderr" in the
+ * // configuration language.
+ * // i.e. don't try this at home.
+ * severity info;
+ * };
+ *
+ * default_stderr only works before the server daemonizes (i.e.
+ * during initial startup) or when it is running in foreground
+ * mode (-f command line option).
+ */
+
+ /*
+ * There are many categories, so you can send the logs
+ * you want to see wherever you want, without seeing logs you
+ * don't want. Right now the categories are
+ *
+ * default the catch-all. many things still
+ * aren't classified into categories, and
+ * they all end up here. also, if you
+ * don't specify any channels for a
+ * category, the default category is used
+ * instead.
+ * config high-level configuration file
+ * processing
+ * parser low-level configuration file processing
+ * queries what used to be called "query logging"
+ * lame-servers messages like "Lame server on ..."
+ * statistics
+ * panic if the server has to shut itself
+ * down due to an internal problem, it
+ * logs the problem here (as well as
+ * in the problem's native category)
+ * update dynamic update
+ * ncache negative caching
+ * xfer-in zone transfers we're receiving
+ * xfer-out zone transfers we're sending
+ * db all database operations
+ * eventlib debugging info from the event system
+ * (see below)
+ * packet dumps of packets received and sent
+ * (see below)
+ * notify the NOTIFY protocol
+ * cname messages like "XX points to a CNAME"
+ * security approved/unapproved requests
+ * os operating system problems
+ * insist consistency check failures
+ * maintenance periodic maintenance
+ * load zone loading
+ * response-checks messages like
+ * "Malformed response ..."
+ * "wrong ans. name ..."
+ * "unrelated additional info ..."
+ * "invalid RR type ..."
+ * "bad referral ..."
+ */
+
+ category parser {
+ syslog_errors; // you can log to as many channels
+ default_syslog; // as you want
+ };
+
+ category lame - servers { null; }; // don't log these at all
+
+ channel moderate_debug {
+ file "foo"; // foo
+ severity debug 3; // level 3 debugging to file
+ print - time yes; // timestamp log entries
+ print - category yes; // print category name
+ print - severity yes; // print severity level
+ /*
+ * Note that debugging must have been turned on either
+ * on the command line or with a signal to get debugging
+ * output (non-debugging output will still be written to
+ * this channel).
+ */
+ };
+
+ channel another {
+ file "bar" versions 99 size 10M;
+ severity info;
+ };
+
+ channel third {
+ file "bar" size 100000 versions unlimited;
+ severity debug; // use default debug level
+ };
+
+ /*
+ * If you don't want to see "zone XXXX loaded" messages but do
+ * want to see any problems, you could do the following.
+ */
+ channel no_info_messages {
+ syslog;
+ severity notice;
+ };
+
+ category load { no_info_messages; };
+
+ /*
+ * You can also define category "default"; it gets used when no
+ * "category" statement has been given for a category.
+ */
+ category default {
+ default_syslog;
+ moderate_debug;
+ };
+
+ /*
+ * If you don't define category default yourself, the default
+ * default category will be used. It is
+ *
+ * category default { default_syslog; default_debug; };
+ */
+
+ /*
+ * If you don't define category panic yourself, the default
+ * panic category will be used. It is
+ *
+ * category panic { default_syslog; default_stderr; };
+ */
+
+ /*
+ * Two categories, 'packet' and 'eventlib', are special. Only one
+ * channel may be assigned to each of them, and it must be a
+ * file channel. If you don't define them yourself, they default to
+ *
+ * category eventlib { default_debug; };
+ *
+ * category packet { default_debug; };
+ */
+};
+
+#include "filename"; // can't do within a statement
--- /dev/null
+text
+to
+be
+processed
+by
+lexer
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <isc/buffer.h>
+#include <isc/lex.h>
+#include <isc/mem.h>
+#include <isc/util.h>
+
+#include "fuzz.h"
+
+static isc_mem_t *mctx = NULL;
+static isc_lex_t *lex = NULL;
+
+int
+LLVMFuzzerInitialize(int *argc __attribute__((unused)),
+ char ***argv __attribute__((unused))) {
+ isc_result_t result;
+
+ isc_mem_create(&mctx);
+
+ result = isc_lex_create(mctx, 1024, &lex);
+ REQUIRE(result == ISC_R_SUCCESS);
+
+ return (0);
+}
+
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ isc_buffer_t buf;
+ isc_result_t result;
+
+ isc_buffer_constinit(&buf, data, size);
+ isc_buffer_add(&buf, size);
+ isc_buffer_setactive(&buf, size);
+
+ CHECK(isc_lex_openbuffer(lex, &buf));
+
+ do {
+ isc_token_t token;
+ result = isc_lex_gettoken(lex, 0, &token);
+ } while (result == ISC_R_SUCCESS);
+
+ return (0);
+}
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*
+ * This is a worthless, nonrunnable example of a named.conf file that has
+ * every conceivable syntax element in use. We use it to test the parser.
+ * It could also be used as a conceptual template for users of new features.
+ */
+
+/*
+ * C-style comments are OK
+ */
+
+// So are C++-style comments
+
+#So are shell - style comments
+
+// watch out for ";" -- it's important!
+
+options {
+ additional - from - auth true;
+ additional - from - cache false;
+
+ version "my version string";
+ random - device "/dev/random";
+ directory "/tmp";
+
+ port 666;
+
+ sig - validity - interval 33;
+
+#Obsolete
+ named - xfer "/usr/libexec/named-xfer"; // _PATH_XFER
+
+ dump - file "named_dump.db"; // _PATH_DUMPFILE
+ pid - file "/var/run/named.pid"; // _PATH_PIDFILE
+ statistics - file "named.stats"; // _PATH_STATS
+ memstatistics - file "named.memstats"; // _PATH_MEMSTATS
+
+ max - cache - ttl 999;
+ min - cache - ttl 66;
+ auth - nxdomain yes; // always set AA on NXDOMAIN.
+ // don't set this to 'no' unless
+ // you know what you're doing -- older
+ // servers won't like it.
+
+#Obsolete
+ deallocate - on - exit no;
+
+ dialup yes;
+
+#Obsolete
+ fake - iquery no;
+
+ fetch - glue yes;
+ has - old - clients yes;
+ host - statistics no;
+
+#Obsolete
+ multiple - cnames no; // if yes, then a name my have more
+ // than one CNAME RR. This use
+ // is non-standard and is not
+ // recommended, but it is available
+ // because previous releases supported
+ // it and it was used by large sites
+ // for load balancing.
+
+ notify yes; // send NOTIFY messages. You can set
+ // notify on a zone-by-zone
+ // basis in the "zone" statement
+ // see (below)
+ recursion yes;
+ rfc2308 - type1 no;
+
+#Obsolete
+ use - id - pool yes;
+
+#Obsolete
+ treat - cr - as - space yes;
+
+ also - notify { 10.0.2.3; };
+
+ // The "forward" option is only meaningful if you've defined
+ // forwarders. "first" gives the normal BIND
+ // forwarding behavior, i.e. ask the forwarders first, and if that
+ // doesn't work then do the full lookup. You can also say
+ // "forward only;" which is what used to be specified with
+ // "slave" or "options forward-only". "only" will never attempt
+ // a full lookup; only the forwarders will be used.
+ forward first;
+ forwarders {
+ 1.2.3.4;
+ 5.6.7.8;
+ };
+
+ check - names master fail;
+ check - names slave warn;
+ check - names response ignore;
+
+ allow - query { any; };
+ allow - transfer { any; };
+ allow - recursion { !any; };
+ blackhole { 45 / 24; };
+ keep - response - order { 46 / 24; };
+
+ listen - on {
+ 10 / 24;
+ 10.0.0.3;
+ };
+
+ listen - on port 53 { any; };
+
+ listen - on { 5.6.7.8; };
+
+ listen - on port 1234 {
+ !1.2.3.4;
+ 1.2.3 / 24;
+ };
+
+ listen - on - v6 { 1 : 1 : 1 : 1 : 1 : 1 : 1 : 1; };
+
+ listen - on - v6 port 777 { 2 : 2 : 2 : 2 : 2 : 2 : 2 : 2; };
+
+ query - source - v6 address 8 : 7 : 6 : 5 : 4 : 3 : 2 : 1 port *;
+ query - source port *address 10.0.0.54;
+
+ lame - ttl 444;
+
+ max - transfer - time - in 300;
+ max - transfer - time - out 10;
+ max - transfer - idle - in 100;
+ max - transfer - idle - out 11;
+
+ max - retry - time 1234;
+ min - retry - time 1111;
+ max - refresh - time 888;
+ min - refresh - time 777;
+
+ max - ncache - ttl 333;
+ min - ncache - ttl 22;
+ min - roots 15;
+ serial - queries 34;
+
+ transfer - format one - answer;
+
+ transfers - in 10;
+ transfers - per - ns 2;
+ transfers - out 0;
+
+ transfer - source 10.0.0.5;
+ transfer - source - v6 4 : 3 : 2 : 1 : 5 : 6 : 7 : 8;
+
+ request - ixfr yes;
+ provide - ixfr yes;
+
+#Now called 'provide-ixfr'
+#maintain - ixfr - base no; // If yes, keep transaction log file for IXFR
+
+ max - ixfr - log - size 20m;
+ coresize 100;
+ datasize 101;
+ files 230;
+ max - cache - size 1m;
+ stacksize 231;
+ heartbeat - interval 1001;
+ interface - interval 1002;
+ statistics - interval 1003;
+
+ topology {
+ 10 / 8;
+
+ !1.2.3 / 24;
+
+ {
+ 1.2 / 16;
+ 3 / 8;
+ };
+ };
+
+ sortlist {
+ 10 / 8;
+ 11 / 8;
+ };
+
+ tkey - domain "foo.com";
+ tkey - dhkey "xyz" 666;
+
+ rrset - order {
+ class IN type A name "foo" order random;
+ order cyclic;
+ };
+};
+
+/*
+ * Control listeners, for "ndc". Every nameserver needs at least one.
+ */
+controls {
+ // 'inet' lines without a 'port' defaults to 'port 953'
+ // 'keys' must be used and the list must have at least one entry
+ inet *port 52 allow { any; }
+ keys { "key2"; };
+ unix "/var/run/ndc" perm 0600 owner 0 group 0; // ignored by named.
+ inet 10.0.0.1 allow {
+ any;
+ key foo;
+ }
+ keys { "key4"; };
+ inet 10.0.0.2 allow { none; }
+ keys {
+ "key-1";
+ "key-2";
+ };
+ inet 10.0.0.2 allow { none; };
+};
+
+zone "master.demo.zone" {
+ type master; // what used to be called "primary"
+ database "somedb -option1 -option2 arg1 arg2 arg3";
+ file "master.demo.zone";
+ check - names fail;
+ allow - update { none; };
+ allow - update - forwarding {
+ 10.0.0.5;
+ !any;
+ };
+ allow - transfer { any; };
+ allow - query { any; };
+ sig - validity - interval 990;
+ notify explicit;
+ also - notify {
+ 1.0.0.1;
+ }; // don't notify any nameservers other
+ // than those on the NS list for this
+ // zone
+ forward first;
+ forwarders {
+ 10.0.0.3;
+ 1 : 2 : 3 : 4 : 5 : 6 : 7 : 8;
+ };
+};
+
+zone "slave.demo.zone" {
+ type slave; // what used to be called "secondary"
+ file "slave.demo.zone";
+ ixfr - base "slave.demo.zone.ixfr"; // File name for IXFR transaction
+ // log file
+ masters {
+ 1.2.3.4 port 10 key "foo"; // where to zone transfer from
+ 5.6.7.8;
+ 6.7.8.9 key "zippo";
+ };
+ transfer - source 10.0.0.53; // fixes multihoming problems
+ check - names warn;
+ allow - update { none; };
+ allow - transfer { any; };
+ allow - update - forwarding { any; };
+ allow - query { any; };
+ max - transfer - time - in 120; // if not set, global option is used.
+ max - transfer - time - out 1; // if not set, global option is used.
+ max - transfer - idle - in 2; // if not set, global option is used.
+ max - transfer - idle - out 3; // if not set, global option is used.
+ also - notify { 1.0.0.2; };
+ forward only;
+ forwarders {
+ 10.45.45.45;
+ 10.0.0.3;
+ 1 : 2 : 3 : 4 : 5 : 6 : 7 : 8;
+ };
+};
+
+key "non-viewkey" {
+ secret "YWFh";
+ algorithm "zzz";
+};
+
+view "test-view" in {
+ key "viewkey" {
+ algorithm "xxx";
+ secret "eXl5";
+ };
+ also - notify { 10.2.2.3; };
+ managed - keys { foo.com.static 4 3 2 "abdefghijklmnopqrstuvwxyz"; };
+ sig - validity - interval 45;
+ max - cache - size 100000;
+ allow - query { 10.0.0.30; };
+ additional - from - cache false;
+ additional - from - auth no;
+ match - clients { 10.0.0.1; };
+ check - names master warn;
+ check - names slave ignore;
+ check - names response fail;
+ auth - nxdomain false;
+ recursion true;
+ provide - ixfr false;
+ request - ixfr true;
+ fetch - glue true;
+ notify false;
+ rfc2308 - type1 false;
+ transfer - source 10.0.0.55;
+ transfer - source - v6 4 : 3 : 8 : 1 : 5 : 6 : 7 : 8;
+ query - source port *address 10.0.0.54;
+ query - source - v6 address 6 : 6 : 6 : 6 : 6 : 6 : 6 : 6 port *;
+ max - transfer - time - out 45;
+ max - transfer - idle - out 55;
+ min - roots 3;
+ lame - ttl 477;
+ max - ncache - ttl 333;
+ max - cache - ttl 777;
+ transfer - format many - answers;
+ max - retry - time 7;
+ min - retry - time 4;
+ max - refresh - time 999;
+ min - refresh - time 111;
+
+ zone "view-zone.com" {
+ type master;
+ allow - update - forwarding { 10.0.0.34; };
+ file "view-zone-master";
+ };
+
+ server 5.6.7.8 { keys "viewkey"; };
+
+ server 10.9.8.7 { keys "non-viewkey"; };
+ dialup yes;
+};
+
+zone "stub.demo.zone" {
+ type stub; // stub zones are like slave zones,
+ // except that only the NS records
+ // are transferred.
+ dialup yes;
+ file "stub.demo.zone";
+ masters {
+ 1.2.3.4; // where to zone transfer from
+ 5.6.7.8 port 999;
+ };
+ check - names warn;
+ allow - update { none; };
+ allow - transfer { any; };
+ allow - query { any; };
+
+ max - retry - time 10;
+ min - retry - time 11;
+ max - refresh - time 12;
+ min - refresh - time 13;
+
+ max - transfer - time - in 120; // if not set, global option is used.
+ pubkey 257 255 1 "a useless key";
+ pubkey 257 255 1 "another useless key";
+};
+
+zone "." {
+ type hint; // used to be specified w/ "cache"
+ file "cache.db";
+ // pubkey 257 255 1
+ //"AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
+};
+
+managed - keys {
+ "." static 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/"
+ "KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP"
+ "/rick6gvEer5VcDEkLR5Q==";
+};
+
+acl can_query {
+ !1.2.3 / 24;
+ any;
+}; // network 1.2.3.0 mask 255.255.255.0
+ // is disallowed; rest are OK
+acl can_axfr {
+ 1.2.3.4;
+ can_query;
+}; // host 1.2.3.4 and any host allowed
+ // by can_query are OK
+
+zone "disabled-zone.com" {
+ type master;
+ file "bar";
+
+ max - retry - time 100;
+ min - retry - time 110;
+ max - refresh - time 120;
+ min - refresh - time 130;
+};
+
+zone "non-default-acl.demo.zone" {
+ type master;
+ file "foo";
+ allow - query { can_query; };
+ allow - transfer { can_axfr; };
+ allow - update {
+ 1.2.3.4;
+ 5.6.7.8;
+ };
+ pubkey 666 665 664 "key of the beast";
+ // Errors trapped by parser:
+ // identity or name not absolute
+ // 'wildcard' match type and no wildcard character in name
+ //
+ // issues:
+ // - certain rdatatype values (such as "key") are config file
+ // keywords and
+ // must be quoted or a syntax error will occur.
+ //
+
+ update - policy {
+ grant root.domain.subdomain host.domain.A MX CNAME;
+ grant sub.root.domain.wildcard *.host.domain.A;
+ grant root.domain.name host.domain.a ns md mf cname soa mb mg mr
+ "null" wks ptr hinfo minfo mx txt rp afsdb x25 isdn rt
+ nsap sig "key" px gpos aaaa loc nxt srv naptr kx
+ cert a6 dname opt unspec uri tkey tsig;
+ grant foo.bar.com.self foo.bar.com.a;
+ };
+};
+
+key sample_key { // for TSIG; supported by parser
+ algorithm hmac - md5; // but not yet implemented in the
+ secret "eW91ciBzZWNyZXQgaGVyZQ=="; // rest of the server
+};
+
+key key2 {
+ algorithm hmac - md5;
+ secret "ZXJlaCB0ZXJjZXMgcm91eQ==";
+};
+
+acl key_acl { key sample_key; }; // a request signed with sample_key
+
+server 1.2.3.4 {
+ request - ixfr no;
+ provide - ixfr no;
+ bogus no; // if yes, we won't query or listen
+ // to this server
+ transfer - format one - answer; // set transfer format for this
+ // server (see the description of
+ // 'transfer-format' above)
+ // if not specified, the global option
+ // will be used
+ transfers 0; // not implemented
+ keys{ "sample_key" }; // for TSIG; supported by the parser
+ // but not yet implemented in the
+ // rest of the server
+#Now called 'request-ixfr'
+#support - ixfr yes; // for IXFR supported by server
+ // if yes, the listed server talks IXFR
+};
+
+logging {
+ /*
+ * All log output goes to one or more "channels"; you can make as
+ * many of them as you want.
+ */
+
+ channel syslog_errors { // this channel will send errors or
+ syslog user; // or worse to syslog (user facility)
+ severity error;
+ };
+
+ channel stderr_errors { stderr; };
+
+ /*
+ * Channels have a severity level. Messages at severity levels
+ * greater than or equal to the channel's level will be logged on
+ * the channel. In order of decreasing severity, the levels are:
+ *
+ * critical a fatal error
+ * error
+ * warning
+ * notice a normal, but significant event
+ * info an informational message
+ * debug 1 the least detailed debugging info
+ * ...
+ * debug 99 the most detailed debugging info
+ */
+
+ /*
+ * Here are the built-in channels:
+ *
+ * channel default_syslog {
+ * syslog daemon;
+ * severity info;
+ * };
+ *
+ * channel default_debug {
+ * file "named.run"; // note: stderr is used instead
+ * // of "named.run" if the server
+ * // is started with the "-f"
+ * // option.
+ * severity dynamic; // this means log debugging
+ * // at whatever debugging level
+ * // the server is at, and don't
+ * // log anything if not
+ * // debugging.
+ * };
+ *
+ * channel null { // this is the bit bucket;
+ * file "/dev/null"; // any logging to this channel
+ * // is discarded.
+ * };
+ *
+ * channel default_stderr { // writes to stderr
+ * file "<stderr>"; // this is illustrative only;
+ * // there's currently no way
+ * // of saying "stderr" in the
+ * // configuration language.
+ * // i.e. don't try this at home.
+ * severity info;
+ * };
+ *
+ * default_stderr only works before the server daemonizes (i.e.
+ * during initial startup) or when it is running in foreground
+ * mode (-f command line option).
+ */
+
+ /*
+ * There are many categories, so you can send the logs
+ * you want to see wherever you want, without seeing logs you
+ * don't want. Right now the categories are
+ *
+ * default the catch-all. many things still
+ * aren't classified into categories, and
+ * they all end up here. also, if you
+ * don't specify any channels for a
+ * category, the default category is used
+ * instead.
+ * config high-level configuration file
+ * processing
+ * parser low-level configuration file processing
+ * queries what used to be called "query logging"
+ * lame-servers messages like "Lame server on ..."
+ * statistics
+ * panic if the server has to shut itself
+ * down due to an internal problem, it
+ * logs the problem here (as well as
+ * in the problem's native category)
+ * update dynamic update
+ * ncache negative caching
+ * xfer-in zone transfers we're receiving
+ * xfer-out zone transfers we're sending
+ * db all database operations
+ * eventlib debugging info from the event system
+ * (see below)
+ * packet dumps of packets received and sent
+ * (see below)
+ * notify the NOTIFY protocol
+ * cname messages like "XX points to a CNAME"
+ * security approved/unapproved requests
+ * os operating system problems
+ * insist consistency check failures
+ * maintenance periodic maintenance
+ * load zone loading
+ * response-checks messages like
+ * "Malformed response ..."
+ * "wrong ans. name ..."
+ * "unrelated additional info ..."
+ * "invalid RR type ..."
+ * "bad referral ..."
+ */
+
+ category parser {
+ syslog_errors; // you can log to as many channels
+ default_syslog; // as you want
+ };
+
+ category lame - servers { null; }; // don't log these at all
+
+ channel moderate_debug {
+ file "foo"; // foo
+ severity debug 3; // level 3 debugging to file
+ print - time yes; // timestamp log entries
+ print - category yes; // print category name
+ print - severity yes; // print severity level
+ /*
+ * Note that debugging must have been turned on either
+ * on the command line or with a signal to get debugging
+ * output (non-debugging output will still be written to
+ * this channel).
+ */
+ };
+
+ channel another {
+ file "bar" versions 99 size 10M;
+ severity info;
+ };
+
+ channel third {
+ file "bar" size 100000 versions unlimited;
+ severity debug; // use default debug level
+ };
+
+ /*
+ * If you don't want to see "zone XXXX loaded" messages but do
+ * want to see any problems, you could do the following.
+ */
+ channel no_info_messages {
+ syslog;
+ severity notice;
+ };
+
+ category load { no_info_messages; };
+
+ /*
+ * You can also define category "default"; it gets used when no
+ * "category" statement has been given for a category.
+ */
+ category default {
+ default_syslog;
+ moderate_debug;
+ };
+
+ /*
+ * If you don't define category default yourself, the default
+ * default category will be used. It is
+ *
+ * category default { default_syslog; default_debug; };
+ */
+
+ /*
+ * If you don't define category panic yourself, the default
+ * panic category will be used. It is
+ *
+ * category panic { default_syslog; default_stderr; };
+ */
+
+ /*
+ * Two categories, 'packet' and 'eventlib', are special. Only one
+ * channel may be assigned to each of them, and it must be a
+ * file channel. If you don't define them yourself, they default to
+ *
+ * category eventlib { default_debug; };
+ *
+ * category packet { default_debug; };
+ */
+};
+
+#include "filename"; // can't do within a statement
--- /dev/null
+text
+to
+be
+processed
+by
+lexer
char corpusdir[PATH_MAX];
const char *target = strrchr(argv[0], '/');
+ (void)LLVMFuzzerInitialize(&argc, &argv);
+
UNUSED(argc);
UNUSED(argv);
int ret;
unsigned char buf[64 * 1024];
- UNUSED(argc);
- UNUSED(argv);
+ (void)LLVMFuzzerInitialize(&argc, &argv);
#ifdef __AFL_LOOP
while (__AFL_LOOP(10000)) { /* only works with afl-clang-fast */
./fuzz/dns_name_fromtext_target.c C 2018,2019,2020
./fuzz/dns_rdata_fromwire_text.c C 2019,2020
./fuzz/fuzz.h C 2018,2019,2020
+./fuzz/isc_lex_getmastertoken.c C 2020
+./fuzz/isc_lex_gettoken.c C 2020
./fuzz/libfuzzer.sh SH 2020
./fuzz/main.c C 2018,2019,2020
./lib/bind9/api X 2001,2006,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020
projects / thirdparty / bind9.git / commitdiff
