From: Pieter Lexis Date: Tue, 9 Feb 2021 10:09:04 +0000 (+0100) Subject: Add fuzzing for parseRFC1035CharString X-Git-Tag: dnsdist-1.6.0-rc1~33^2~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b53d042a774bdb8e72714cf0d0a80d1e2715f0a;p=thirdparty%2Fpdns.git Add fuzzing for parseRFC1035CharString --- diff --git a/fuzzing/README.md b/fuzzing/README.md index 055c448830..b2ad4437c8 100644 --- a/fuzzing/README.md +++ b/fuzzing/README.md @@ -14,6 +14,8 @@ The current targets cover: - MOADNSParser (fuzz_target_moadnsparser) ; - the Proxy Protocol parser (fuzz_target_proxyprotocol) ; - ZoneParserTNG (fuzz_target_zoneparsertng). +- Parts of the ragel-generated parser (parseRFC1035CharString in + fuzz_target_dnslabeltext) By default the targets are linked against a standalone target, pdns/standalone_fuzz_target_runner.cc, which does no fuzzing but makes it easy @@ -51,3 +53,38 @@ The 'corpus' directory contains three sub-directories: When run in the OSS-Fuzz environment, the zone files from the regression-tests/zones/ directory are added to the ones present in the fuzzing/corpus/zones/ directory. + +Quickly getting started (using clang 11) +---------------------------------------- +First, confgure: + +``` +LIB_FUZZING_ENGINE="/usr/lib/clang/11.0.1/lib/linux/libclang_rt.fuzzer-x86_64.a" \ + CC=clang \ + CXX=clang++ \ + CFLAGS='-fsanitize=fuzzer-no-link' \ + CXXFLAGS='-fsanitize=fuzzer-no-link' \ + ./configure --without-dynmodules --with-modules= --disable-lua-records --disable-ixfrdist --enable-fuzz-targets --disable-dependency-tracking --disable-silent-rules --enable-asan --enable-ubsan +``` + +Then build: + +``` +LIB_FUZZING_ENGINE="/usr/lib/clang/11.0.1/lib/linux/libclang_rt.fuzzer-x86_64.a" \ + make -C pdns -j2 fuzz_targets +``` + +Now you're ready to run one of the fuzzing targets. +First, copy the starting corpus: + +``` +mkdir new-corpus +./pdns/fuzz_target_XXXXXXX -merge=1 new-corpus fuzzing/corpus/YYYYY +``` + +Then run the thing: +``` +./pdns_fuzz_target_XXXXXXX new-corpus +``` + +The [LLVM docs](https://llvm.org/docs/LibFuzzer.html) have more info. diff --git a/fuzzing/corpus/txt-records/escaped b/fuzzing/corpus/txt-records/escaped new file mode 100644 index 0000000000..0e5ed5e88f --- /dev/null +++ b/fuzzing/corpus/txt-records/escaped @@ -0,0 +1 @@ +esc\033aped\! diff --git a/fuzzing/corpus/txt-records/escaped_quoted b/fuzzing/corpus/txt-records/escaped_quoted new file mode 100644 index 0000000000..881c4da078 --- /dev/null +++ b/fuzzing/corpus/txt-records/escaped_quoted @@ -0,0 +1 @@ +"esc\033ped!" diff --git a/fuzzing/corpus/txt-records/quoted_simple b/fuzzing/corpus/txt-records/quoted_simple new file mode 100644 index 0000000000..3580093b9d --- /dev/null +++ b/fuzzing/corpus/txt-records/quoted_simple @@ -0,0 +1 @@ +"hello" diff --git a/fuzzing/corpus/txt-records/simple b/fuzzing/corpus/txt-records/simple new file mode 100644 index 0000000000..ce01362503 --- /dev/null +++ b/fuzzing/corpus/txt-records/simple @@ -0,0 +1 @@ +hello diff --git a/pdns/.gitignore b/pdns/.gitignore index 7b6406ec34..4d24f952bf 100644 --- a/pdns/.gitignore +++ b/pdns/.gitignore @@ -70,3 +70,4 @@ effective_tld_names.dat /fuzz_target_packetcache /fuzz_target_proxyprotocol /fuzz_target_zoneparsertng +/fuzz_target_dnslabeltext_parseRFC1035CharString diff --git a/pdns/Makefile.am b/pdns/Makefile.am index 975a129722..ab06764594 100644 --- a/pdns/Makefile.am +++ b/pdns/Makefile.am @@ -1478,7 +1478,8 @@ fuzz_targets_programs = \ fuzz_target_moadnsparser \ fuzz_target_packetcache \ fuzz_target_proxyprotocol \ - fuzz_target_zoneparsertng + fuzz_target_zoneparsertng \ + fuzz_target_dnslabeltext_parseRFC1035CharString fuzz_targets: $(fuzz_targets_programs) @@ -1593,6 +1594,14 @@ fuzz_target_zoneparsertng_DEPENDENCIES = $(fuzz_targets_deps) fuzz_target_zoneparsertng_LDFLAGS = $(fuzz_targets_ldflags) fuzz_target_zoneparsertng_LDADD = $(fuzz_targets_libs) +fuzz_target_dnslabeltext_parseRFC1035CharString_SOURCES = \ + dnslabeltext.cc \ + fuzz_dnslabeltext_parseRFC1035CharString.cc + +fuzz_target_dnslabeltext_parseRFC1035CharString_DEPENDENCIES = $(fuzz_targets_deps) +fuzz_target_dnslabeltext_parseRFC1035CharString_LDFLAGS = $(fuzz_targets_ldflags) +fuzz_target_dnslabeltext_parseRFC1035CharString_LDADD = $(fuzz_targets_libs) + endif dnslabeltext.cc: dnslabeltext.rl diff --git a/pdns/fuzz_dnslabeltext_parseRFC1035CharString.cc b/pdns/fuzz_dnslabeltext_parseRFC1035CharString.cc new file mode 100644 index 0000000000..4f13a0b405 --- /dev/null +++ b/pdns/fuzz_dnslabeltext_parseRFC1035CharString.cc @@ -0,0 +1,35 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "misc.hh" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size); + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + + std::string val; + + std::string input((char*)data, size); + parseRFC1035CharString(input, val); + + return 0; +}