diff options
author | 2019-02-09 19:13:09 -0800 | |
---|---|---|
committer | 2019-02-09 19:13:09 -0800 | |
commit | 4e6082959806ce221e2040904a93ed294b193c60 (patch) | |
tree | cfee84ed60cf678ed679f13ef96c0e952544d9fe | |
parent | 65c064ed0e1cc2d1a336eaf9b89cfa219fa04cb6 (diff) |
Add fuzzer for Unbound's parse_packet. (#2149)
* Add fuzzer for Unbound's parse_packet.
-rw-r--r-- | projects/unbound/Dockerfile | 23 | ||||
-rwxr-xr-x | projects/unbound/build.sh | 47 | ||||
-rw-r--r-- | projects/unbound/parse_packet_fuzzer.c | 23 | ||||
-rw-r--r-- | projects/unbound/project.yaml | 2 |
4 files changed, 95 insertions, 0 deletions
diff --git a/projects/unbound/Dockerfile b/projects/unbound/Dockerfile new file mode 100644 index 00000000..fe4a0159 --- /dev/null +++ b/projects/unbound/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER jsha@letsencrypt.org +RUN apt-get update +RUN apt-get install -y make libtool libssl-dev libexpat-dev wget +RUN git clone --depth=1 https://github.com/NLnetLabs/unbound unbound +WORKDIR unbound +COPY parse_packet_fuzzer.c . +COPY build.sh $SRC/ diff --git a/projects/unbound/build.sh b/projects/unbound/build.sh new file mode 100755 index 00000000..c525b30d --- /dev/null +++ b/projects/unbound/build.sh @@ -0,0 +1,47 @@ +#!/bin/bash -eux +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +# util/storage/lookup3.c has some code that triggers the address sanitizer, but +# according to a comment is OK. -DVALGRIND turns on an alternate version of that +# code. +CFLAGS="${CFLAGS} -DVALGRIND=1" +./configure +make -j6 all + +$CC $CFLAGS -I. -DSRCDIR=. -c -o parse_packet_fuzzer.o parse_packet_fuzzer.c + +$CXX $CXXFLAGS -std=c++11 \ + -lFuzzingEngine \ + -lssl -lcrypto -pthread \ + -o $OUT/parse_packet_fuzzer \ + parse_packet_fuzzer.o \ + dns.o infra.o rrset.o dname.o \ + msgencode.o as112.o msgparse.o msgreply.o packed_rrset.o iterator.o \ + iter_delegpt.o iter_donotq.o iter_fwd.o iter_hints.o iter_priv.o \ + iter_resptype.o iter_scrub.o iter_utils.o localzone.o mesh.o modstack.o view.o \ + outbound_list.o alloc.o config_file.o configlexer.o configparser.o \ + fptr_wlist.o edns.o locks.o log.o mini_event.o module.o net_help.o random.o \ + rbtree.o regional.o rtt.o dnstree.o lookup3.o lruhash.o slabhash.o \ + tcp_conn_limit.o timehist.o tube.o winsock_event.o autotrust.o val_anchor.o \ + validator.o val_kcache.o val_kentry.o val_neg.o val_nsec3.o val_nsec.o \ + val_secalgo.o val_sigcrypt.o val_utils.o dns64.o cachedb.o redis.o authzone.o \ + respip.o netevent.o listen_dnsport.o outside_network.o ub_event.o keyraw.o \ + sbuffer.o wire2str.o parse.o parseutil.o rrdef.o str2wire.o strlcat.o \ + getentropy_linux.o reallocarray.o libunbound.o \ + explicit_bzero.o libworker.o context.o \ + strlcpy.o arc4random.o arc4random_uniform.o arc4_lock.o + +wget --directory-prefix $OUT https://github.com/jsha/unbound/raw/fuzzing-corpora/testdata/parse_packet_fuzzer_seed_corpus.zip diff --git a/projects/unbound/parse_packet_fuzzer.c b/projects/unbound/parse_packet_fuzzer.c new file mode 100644 index 00000000..b38f25e4 --- /dev/null +++ b/projects/unbound/parse_packet_fuzzer.c @@ -0,0 +1,23 @@ +#include "config.h" +#include "util/regional.h" +#include "util/fptr_wlist.h" +#include "sldns/sbuffer.h" + +struct regional * region = NULL; + +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + if (!region) { + region = regional_create(); + if (!region) { + abort(); + } +} + sldns_buffer pktbuf; + sldns_buffer_init_frm_data(&pktbuf, (void*)buf, len); + + struct msg_parse prs; + memset(&prs, 0, sizeof(prs)); + parse_packet(&pktbuf, &prs, region); + return 0; +} diff --git a/projects/unbound/project.yaml b/projects/unbound/project.yaml new file mode 100644 index 00000000..f45f4810 --- /dev/null +++ b/projects/unbound/project.yaml @@ -0,0 +1,2 @@ +homepage: "https://nlnetlabs.nl/projects/unbound/about/" +primary_contact: "wouter@nlnetlabs.nl" |