From: Witold Kręcicki <wpk@isc.org>
Date: Wed, 6 Jun 2018 12:51:17 +0000 (+0200)
Subject: Don't fetch DNSKEY when fuzzing resolver
X-Git-Tag: v9.13.1~7^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cb3208aa4361587a7c246381d402c333522a3024;p=thirdparty%2Fbind9.git

Don't fetch DNSKEY when fuzzing resolver
---

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 3b18f41254b..840f99ac973 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -548,9 +548,9 @@ struct dns_resolver {
 #define NEGATIVE(r) (((r)->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)
 
 #ifdef ENABLE_AFL
-static isc_boolean_t fuzzing_resolver = ISC_FALSE;
+isc_boolean_t dns_fuzzing_resolver = ISC_FALSE;
 void dns_resolver_setfuzzing() {
-	fuzzing_resolver = ISC_TRUE;
+	dns_fuzzing_resolver = ISC_TRUE;
 }
 #endif
 
@@ -2125,7 +2125,7 @@ add_bad_edns(fetchctx_t *fctx, isc_sockaddr_t *address) {
 	isc_sockaddr_t *sa;
 
 #ifdef ENABLE_AFL
-	if (fuzzing_resolver)
+	if (dns_fuzzing_resolver)
 		return;
 #endif
 	if (bad_edns(fctx, address))
@@ -3097,7 +3097,7 @@ mark_bad(fetchctx_t *fctx) {
 	isc_boolean_t all_bad = ISC_TRUE;
 
 #ifdef ENABLE_AFL
-	if (fuzzing_resolver)
+	if (dns_fuzzing_resolver)
 		return ISC_FALSE;
 #endif
 
@@ -3177,7 +3177,7 @@ add_bad(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, isc_result_t reason,
 	isc_sockaddr_t *address = &addrinfo->sockaddr;
 
 #ifdef ENABLE_AFL
-	if (fuzzing_resolver)
+	if (dns_fuzzing_resolver)
 		return;
 #endif
 
@@ -9152,7 +9152,7 @@ rctx_done(respctx_t *rctx, isc_result_t result) {
 	}
 
 #ifdef ENABLE_AFL
-	if (fuzzing_resolver &&
+	if (dns_fuzzing_resolver &&
 	    (rctx->next_server || rctx->resend || rctx->nextitem))
 	{
 		if (rctx->nextitem) {
@@ -10558,7 +10558,7 @@ dns_resolver_addbadcache(dns_resolver_t *resolver, const dns_name_t *name,
 			 dns_rdatatype_t type, isc_time_t *expire)
 {
 #ifdef ENABLE_AFL
-	if (!fuzzing_resolver)
+	if (!dns_fuzzing_resolver)
 #endif
 	{
 		dns_badcache_add(resolver->badcache, name, type,
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index adb76a59712..19a573241fb 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -186,6 +186,10 @@ typedef struct dns_include dns_include_t;
 #define ZONEDB_UNLOCK(l, t)	UNLOCK(l)
 #endif
 
+#ifdef ENABLE_AFL
+extern isc_boolean_t dns_fuzzing_resolver;
+#endif
+
 struct dns_zone {
 	/* Unlocked */
 	unsigned int		magic;
@@ -9863,6 +9867,10 @@ zone_refreshkeys(dns_zone_t *zone) {
 		 * as the latter will have a lower trust level due to not being
 		 * validated until keyfetch_done() is called.
 		 */
+
+#ifdef ENABLE_AFL
+                if (dns_fuzzing_resolver == ISC_FALSE) {
+#endif
 		result = dns_resolver_createfetch(zone->view->resolver,
 						  kname, dns_rdatatype_dnskey,
 						  NULL, NULL, NULL, NULL, 0,
@@ -9874,6 +9882,11 @@ zone_refreshkeys(dns_zone_t *zone) {
 						  &kfetch->dnskeyset,
 						  &kfetch->dnskeysigset,
 						  &kfetch->fetch);
+#ifdef ENABLE_AFL
+                } else {
+                        result = ISC_R_FAILURE;
+                }
+#endif
 		if (result == ISC_R_SUCCESS)
 			fetching = ISC_TRUE;
 		else {