From: Ondřej Surý <ondrej@sury.org>
Date: Wed, 12 Aug 2020 09:29:30 +0000 (+0200)
Subject: Really fuzz isc_lex_getmastertoken() in the test
X-Git-Tag: v9.17.5~54^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=790476332e39bbdad139066f25be87e2ddc90282;p=thirdparty%2Fbind9.git

Really fuzz isc_lex_getmastertoken() in the test

There was a copy&paste error in fuzz/isc_lex_getmastertoken.c where we
didn't really test the function we wanted to test.  Update the test to
have the input data to always include expected 'tokentype' in the first
byte, `eol` argument in the second byte and the rest of the input is the
data to parse.
---

diff --git a/fuzz/isc_lex_getmastertoken.c b/fuzz/isc_lex_getmastertoken.c
index 75a23295854..a9beb7d681d 100644
--- a/fuzz/isc_lex_getmastertoken.c
+++ b/fuzz/isc_lex_getmastertoken.c
@@ -15,6 +15,7 @@
 #include <isc/buffer.h>
 #include <isc/lex.h>
 #include <isc/mem.h>
+#include <isc/string.h>
 #include <isc/util.h>
 
 #include "fuzz.h"
@@ -46,6 +47,20 @@ int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 	isc_buffer_t buf;
 	isc_result_t result;
+	isc_tokentype_t expect;
+	bool eol;
+
+	if (size < sizeof(expect) + sizeof(eol)) {
+		return (0);
+	}
+
+	(void)memmove(&expect, data, sizeof(expect));
+	data += sizeof(expect);
+	size -= sizeof(expect);
+
+	(void)memmove(&eol, data, sizeof(eol));
+	data += sizeof(eol);
+	size -= sizeof(eol);
 
 	isc_buffer_constinit(&buf, data, size);
 	isc_buffer_add(&buf, size);
@@ -55,7 +70,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 
 	do {
 		isc_token_t token;
-		result = isc_lex_gettoken(lex, 0, &token);
+		result = isc_lex_getmastertoken(lex, &token, expect, eol);
 	} while (result == ISC_R_SUCCESS);
 
 	return (0);
diff --git a/fuzz/isc_lex_getmastertoken.in/named.conf b/fuzz/isc_lex_getmastertoken.in/named.conf
index f7d39fdabe8..de8ea9c07df 100644
Binary files a/fuzz/isc_lex_getmastertoken.in/named.conf and b/fuzz/isc_lex_getmastertoken.in/named.conf differ
diff --git a/fuzz/isc_lex_getmastertoken.in/simple b/fuzz/isc_lex_getmastertoken.in/simple
index 105e53a3dcf..a5eb98cd6f6 100644
Binary files a/fuzz/isc_lex_getmastertoken.in/simple and b/fuzz/isc_lex_getmastertoken.in/simple differ