diff options
author | 2020-01-14 01:42:13 +0100 | |
---|---|---|
committer | 2020-01-14 11:42:13 +1100 | |
commit | ed6b5232eef29182d3bf26a491e3c2d389333447 (patch) | |
tree | 931d963d426ca7f94aaff6b47b628ea12c7b925d /projects/unbound/fuzz_4.c | |
parent | 40fa9e5e9cccb5d36f3e4c4b4aa17ccbf58773e4 (diff) |
[unbound] add fuzzers written for OSTIF audit (#3210)
Diffstat (limited to 'projects/unbound/fuzz_4.c')
-rw-r--r-- | projects/unbound/fuzz_4.c | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/projects/unbound/fuzz_4.c b/projects/unbound/fuzz_4.c new file mode 100644 index 00000000..14fea497 --- /dev/null +++ b/projects/unbound/fuzz_4.c @@ -0,0 +1,81 @@ +/* + * unbound-fuzzme.c - parse a packet provided on stdin (for fuzzing). + * + */ +#include "config.h" +#include "util/regional.h" +#include "util/module.h" +#include "util/config_file.h" +#include "iterator/iterator.h" +#include "iterator/iter_priv.h" +#include "iterator/iter_scrub.h" +#include "util/log.h" +#include "util/netevent.h" +#include "util/alloc.h" +#include "sldns/sbuffer.h" +#include "services/cache/rrset.h" + +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t nr) { + log_init("/tmp/foo", 0, NULL); + struct regional* reg; + + struct sldns_buffer *pkt = sldns_buffer_new(1); + sldns_buffer_new_frm_data(pkt, buf, nr); + + reg = regional_create(); + + struct msg_parse msg; + struct edns_data edns; + memset(&msg, 0, sizeof(struct msg_parse)); + memset(&edns, 0, sizeof(edns)); + + struct query_info qinfo_out; + memset(&qinfo_out, 0, sizeof(struct query_info)); + qinfo_out.qname = (unsigned char *) "\03nic\02de"; + uint8_t *peter = (unsigned char *) "\02de"; // zonename + struct module_env env; + memset(&env, 0, sizeof(struct module_env)); + struct config_file cfg; + memset(&cfg, 0, sizeof(struct config_file)); + + cfg.harden_glue = 0; // crashes now, want to remove that later + env.cfg = &cfg; + cfg.rrset_cache_slabs = HASH_DEFAULT_SLABS; + cfg.rrset_cache_size = HASH_DEFAULT_MAXMEM; + + struct comm_base* base = comm_base_create(0); + comm_base_timept(base, &env.now, &env.now_tv); + + env.alloc = malloc(sizeof(struct alloc_cache)); + alloc_init(env.alloc, NULL, 0); + + env.rrset_cache = rrset_cache_create(env.cfg, env.alloc); + + + struct iter_env ie; + memset(&ie, 0, sizeof(struct iter_env)); + + struct iter_priv priv; + memset(&priv, 0, sizeof(struct iter_priv)); + ie.priv = &priv; + + + if (parse_packet(pkt, &msg, reg) != LDNS_RCODE_NOERROR) { + goto out; + } + if (parse_extract_edns(&msg, &edns, reg) != LDNS_RCODE_NOERROR) { + goto out; + } + + + scrub_message(pkt, &msg, &qinfo_out, peter, reg, &env, &ie); + +out: + rrset_cache_delete(env.rrset_cache); + alloc_clear(env.alloc); + free(env.alloc); + comm_base_delete(base); + regional_destroy(reg); + sldns_buffer_free(pkt); + return 0; +} |