Merge branch 'ondrej/add-isc_lex-fuzzing-test' into 'main'

Re-enable tests in fuzz directory and add isc_lex_gettoken() and isc_lex_getmastertoken() tests

See merge request isc-projects/bind9!3908

Makefile.am

@@ -1,6 +1,6 @@
 include $(top_srcdir)/Makefile.top
 
-SUBDIRS = . libltdl lib doc bin
+SUBDIRS = . libltdl lib doc bin fuzz
 
 BUILT_SOURCES = bind.keys.h
 CLEANFILES = bind.keys.h

configure.ac

@@ -212,13 +212,18 @@ AS_CASE([$enable_fuzzing],
 	  AC_MSG_RESULT([using AFL])
 	  AC_DEFINE([ENABLE_AFL], [1],
 		    [Define to enable American Fuzzy Lop test harness])
-	  CFLAGS="$CFLAGS -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1"
-	  LIBS="$LIBS -lpthread"],
+	  STD_CFLAGS="$STD_CFLAGS -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1"
+	  FUZZ_LOG_COMPILER="afl.sh"],
 	[libfuzzer],[
 	  AC_MSG_RESULT([using libFuzzer])
-	  CFLAGS="$CFLAGS -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -fsanitize=fuzzer,address,undefined"
-	  LDFLAGS="$LDFLAGS -fsanitize=fuzzer,address,undefined"],
+	  STD_CFLAGS="$STD_CFLAGS -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -fsanitize=fuzzer-no-link,address,undefined"
+	  LDFLAGS="$LDFLAGS -fsanitize=address,undefined"
+	  FUZZ_LDFLAGS="-fsanitize=fuzzer,address,undefined"
+	  FUZZ_LOG_COMPILER="libfuzzer.sh"],
 	[*],[AC_MSG_ERROR([You need to explicitly select the fuzzer])])
+AM_CONDITIONAL([HAVE_FUZZ_LOG_COMPILER], [test -n "$FUZZ_LOG_COMPILER"])
+AC_SUBST([FUZZ_LOG_COMPILER])
+AC_SUBST([FUZZ_LDFLAGS])
 
 AS_IF([test "$enable_fuzzing" = "afl"],
       [AC_MSG_CHECKING("for AFL enabled compiler")
@@ -1672,6 +1677,10 @@ AC_CONFIG_FILES([bin/tests/system/start.sh],
 AC_CONFIG_FILES([bin/tests/system/stop.sh],
 		[chmod +x bin/tests/system/stop.sh])
 
+# Fuzz Tests
+
+AC_CONFIG_FILES([fuzz/Makefile])
+
 # Misc
 
 AC_CONFIG_FILES([util/check-make-install])

fuzz/.gitignore

@@ -1,4 +1,6 @@
 /*.dSYM/
-dns_name_fromtext_target
-dns_rdata_fromwire_text
 /*.out/
+/dns_name_fromtext_target
+/dns_rdata_fromwire_text
+/isc_lex_getmastertoken
+/isc_lex_gettoken

fuzz/Makefile.am

@@ -0,0 +1,39 @@
+include $(top_srcdir)/Makefile.top
+
+AM_CPPFLAGS +=				\
+	$(LIBISC_CFLAGS)		\
+	$(LIBDNS_CFLAGS)		\
+	-DFUZZDIR=\"$(abs_srcdir)\"
+
+AM_LDFLAGS =				\
+	$(FUZZ_LDFLAGS)
+
+LDADD =					\
+	libfuzzmain.la			\
+	$(LIBISC_LIBS)			\
+	$(LIBDNS_LIBS)
+
+check_LTLIBRARIES = libfuzzmain.la
+libfuzzmain_la_SOURCES =		\
+	main.c
+
+check_PROGRAMS =			\
+	dns_name_fromtext_target	\
+	dns_rdata_fromwire_text		\
+	isc_lex_getmastertoken		\
+	isc_lex_gettoken
+
+EXTRA_DIST =				\
+	dns_name_fromtext_target.in	\
+	dns_rdata_fromwire_text.in	\
+	isc_lex_getmastertoken.in	\
+	isc_lex_gettoken.in
+
+TESTS = $(check_PROGRAMS)
+
+if HAVE_FUZZ_LOG_COMPILER
+LOG_COMPILER = $(srcdir)/$(FUZZ_LOG_COMPILER)
+AM_LOG_FLAGS = $(srcdir)
+endif HAVE_FUZZ_LOG_COMPILER
+
+unit-local: check

fuzz/afl.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+echo "The AFL log compiler is not implemented yet."
+
+exit 1

fuzz/dns_name_fromtext_target.c

@@ -18,24 +18,34 @@
 #include <dns/fixedname.h>
 #include <dns/name.h>
 
+#include "fuzz.h"
+
+static isc_mem_t *mctx = NULL;
+
 int
-LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+LLVMFuzzerInitialize(int *argc __attribute__((unused)),
+		     char ***argv __attribute__((unused))) {
+	isc_mem_create(&mctx);
+	RUNTIME_CHECK(dst_lib_init(mctx, NULL) == ISC_R_SUCCESS);
+	return (0);
+}
 
 int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 	isc_buffer_t buf;
 	isc_result_t result;
 	dns_fixedname_t origin;
-	char *de_const;
 
 	if (size < 5) {
 		return (0);
 	}
 
 	dns_fixedname_init(&origin);
-	DE_CONST(data, de_const);
-	isc_buffer_init(&buf, (void *)de_const, size);
+
+	isc_buffer_constinit(&buf, data, size);
 	isc_buffer_add(&buf, size);
+	isc_buffer_setactive(&buf, size);
+
 	result = dns_name_fromtext(dns_fixedname_name(&origin), &buf,
 				   dns_rootname, 0, NULL);
 	UNUSED(result);

fuzz/dns_rdata_fromwire_text.c

@@ -26,11 +26,7 @@
 #include <dns/rdata.h>
 #include <dns/rdatatype.h>
 
-#define CHECK(x)                                     \
-	({                                           \
-		if ((result = (x)) != ISC_R_SUCCESS) \
-			goto done;                   \
-	})
+#include "fuzz.h"
 
 /*
  * Fuzz input to dns_rdata_fromwire(). Then convert the result
@@ -38,8 +34,28 @@
  * format again, checking for consistency throughout the sequence.
  */
 
+static isc_mem_t *mctx = NULL;
+static isc_lex_t *lex = NULL;
+
 int
-LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+LLVMFuzzerInitialize(int *argc __attribute__((unused)),
+		     char ***argv __attribute__((unused))) {
+	isc_lexspecials_t specials;
+
+	isc_mem_create(&mctx);
+	RUNTIME_CHECK(dst_lib_init(mctx, NULL) == ISC_R_SUCCESS);
+	CHECK(isc_lex_create(mctx, 64, &lex));
+
+	memset(specials, 0, sizeof(specials));
+	specials[0] = 1;
+	specials['('] = 1;
+	specials[')'] = 1;
+	specials['"'] = 1;
+	isc_lex_setspecials(lex, specials);
+	isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
+
+	return (0);
+}
 
 static void
 nullmsg(dns_rdatacallbacks_t *cb, const char *fmt, ...) {
@@ -62,9 +78,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 		    rdata3 = DNS_RDATA_INIT;
 	dns_rdatacallbacks_t callbacks;
 	isc_buffer_t source, target;
-	isc_lex_t *lex = NULL;
-	isc_lexspecials_t specials;
-	isc_mem_t *mctx = NULL;
 	isc_result_t result;
 	unsigned char fromtext[1024];
 	unsigned char fromwire[1024];
@@ -73,7 +86,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 	unsigned int types = 1, flags, t;
 
 	if (size < 2) {
-		goto done;
+		return (0);
 	}
 
 	/*
@@ -100,17 +113,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 	rdclass = classlist[(*data++) % classes];
 	size--;
 
-	isc_mem_create(&mctx);
-
-	CHECK(isc_lex_create(mctx, 64, &lex));
-	memset(specials, 0, sizeof(specials));
-	specials[0] = 1;
-	specials['('] = 1;
-	specials[')'] = 1;
-	specials['"'] = 1;
-	isc_lex_setspecials(lex, specials);
-	isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
-
 	dns_rdatacallbacks_init(&callbacks);
 	callbacks.warn = callbacks.error = nullmsg;
 
@@ -184,12 +186,5 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 	assert(target.used == size);
 	assert(!memcmp(target.base, data, size));
 
-done:
-	if (lex != NULL) {
-		isc_lex_destroy(&lex);
-	}
-	if (lex != NULL) {
-		isc_mem_detach(&mctx);
-	}
 	return (0);
 }

fuzz/fuzz.h

@@ -23,19 +23,16 @@
 
 ISC_LANG_BEGINDECLS
 
+int
+LLVMFuzzerInitialize(int *argc __attribute__((unused)),
+		     char ***argv __attribute__((unused)));
+
 int
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
 
-static isc_mem_t *mctx = NULL;
-
-static void __attribute__((constructor)) init(void) {
-	isc_mem_create(&mctx);
-	RUNTIME_CHECK(dst_lib_init(mctx, NULL) == ISC_R_SUCCESS);
-}
-
-static void __attribute__((destructor)) deinit(void) {
-	dst_lib_destroy();
-	isc_mem_destroy(&mctx);
-}
+#define CHECK(x)                    \
+	if ((x) != ISC_R_SUCCESS) { \
+		return 0;           \
+	}
 
 ISC_LANG_ENDDECLS

fuzz/isc_lex_getmastertoken.c

@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <isc/buffer.h>
+#include <isc/lex.h>
+#include <isc/mem.h>
+#include <isc/util.h>
+
+#include "fuzz.h"
+
+int
+LLVMFuzzerInitialize(int *argc __attribute__((unused)),
+		     char ***argv __attribute__((unused)));
+
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+static isc_mem_t *mctx = NULL;
+static isc_lex_t *lex = NULL;
+
+int
+LLVMFuzzerInitialize(int *argc __attribute__((unused)),
+		     char ***argv __attribute__((unused))) {
+	isc_result_t result;
+
+	isc_mem_create(&mctx);
+
+	result = isc_lex_create(mctx, 1024, &lex);
+	REQUIRE(result == ISC_R_SUCCESS);
+
+	return (0);
+}
+
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+	isc_buffer_t buf;
+	isc_result_t result;
+
+	isc_buffer_constinit(&buf, data, size);
+	isc_buffer_add(&buf, size);
+	isc_buffer_setactive(&buf, size);
+
+	CHECK(isc_lex_openbuffer(lex, &buf));
+
+	do {
+		isc_token_t token;
+		result = isc_lex_gettoken(lex, 0, &token);
+	} while (result == ISC_R_SUCCESS);
+
+	return (0);
+}

fuzz/isc_lex_getmastertoken.in/named.conf

@@ -0,0 +1,644 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*
+ * This is a worthless, nonrunnable example of a named.conf file that has
+ * every conceivable syntax element in use.  We use it to test the parser.
+ * It could also be used as a conceptual template for users of new features.
+ */
+
+/*
+ * C-style comments are OK
+ */
+
+// So are C++-style comments
+
+#So are shell - style comments
+
+// watch out for ";" -- it's important!
+
+options {
+	additional - from - auth true;
+	additional - from - cache false;
+
+	version "my version string";
+	random - device "/dev/random";
+	directory "/tmp";
+
+	port 666;
+
+	sig - validity - interval 33;
+
+#Obsolete
+	named - xfer "/usr/libexec/named-xfer"; // _PATH_XFER
+
+	dump - file "named_dump.db";	       // _PATH_DUMPFILE
+	pid - file "/var/run/named.pid";       // _PATH_PIDFILE
+	statistics - file "named.stats";       // _PATH_STATS
+	memstatistics - file "named.memstats"; // _PATH_MEMSTATS
+
+	max - cache - ttl 999;
+	min - cache - ttl 66;
+	auth - nxdomain yes; // always set AA on NXDOMAIN.
+			     // don't set this to 'no' unless
+			     // you know what you're doing -- older
+			     // servers won't like it.
+
+#Obsolete
+	deallocate - on - exit no;
+
+	dialup yes;
+
+#Obsolete
+	fake - iquery no;
+
+	fetch - glue yes;
+	has - old - clients yes;
+	host - statistics no;
+
+#Obsolete
+	multiple - cnames no; // if yes, then a name my have more
+			      // than one CNAME RR.  This use
+			      // is non-standard and is not
+			      // recommended, but it is available
+			      // because previous releases supported
+			      // it and it was used by large sites
+			      // for load balancing.
+
+	notify yes; // send NOTIFY messages.  You can set
+		    // notify on a zone-by-zone
+		    // basis in the "zone" statement
+		    // see (below)
+	recursion yes;
+	rfc2308 - type1 no;
+
+#Obsolete
+	use - id - pool yes;
+
+#Obsolete
+	treat - cr - as - space yes;
+
+	also - notify { 10.0.2.3; };
+
+	// The "forward" option is only meaningful if you've defined
+	// forwarders.  "first" gives the normal BIND
+	// forwarding behavior, i.e. ask the forwarders first, and if that
+	// doesn't work then do the full lookup.  You can also say
+	// "forward only;" which is what used to be specified with
+	// "slave" or "options forward-only".  "only" will never attempt
+	// a full lookup; only the forwarders will be used.
+	forward first;
+	forwarders {
+		1.2.3.4;
+		5.6.7.8;
+	};
+
+	check - names master fail;
+	check - names slave warn;
+	check - names response ignore;
+
+	allow - query { any; };
+	allow - transfer { any; };
+	allow - recursion { !any; };
+	blackhole { 45 / 24; };
+	keep - response - order { 46 / 24; };
+
+	listen - on {
+		10 / 24;
+		10.0.0.3;
+	};
+
+	listen - on port 53 { any; };
+
+	listen - on { 5.6.7.8; };
+
+	listen - on port 1234 {
+		!1.2.3.4;
+		1.2.3 / 24;
+	};
+
+	listen - on - v6 { 1 : 1 : 1 : 1 : 1 : 1 : 1 : 1; };
+
+	listen - on - v6 port 777 { 2 : 2 : 2 : 2 : 2 : 2 : 2 : 2; };
+
+	query - source - v6 address 8 : 7 : 6 : 5 : 4 : 3 : 2 : 1 port *;
+	query - source port *address 10.0.0.54;
+
+	lame - ttl 444;
+
+	max - transfer - time - in 300;
+	max - transfer - time - out 10;
+	max - transfer - idle - in 100;
+	max - transfer - idle - out 11;
+
+	max - retry - time 1234;
+	min - retry - time 1111;
+	max - refresh - time 888;
+	min - refresh - time 777;
+
+	max - ncache - ttl 333;
+	min - ncache - ttl 22;
+	min - roots 15;
+	serial - queries 34;
+
+	transfer - format one - answer;
+
+	transfers - in 10;
+	transfers - per - ns 2;
+	transfers - out 0;
+
+	transfer - source 10.0.0.5;
+	transfer - source - v6 4 : 3 : 2 : 1 : 5 : 6 : 7 : 8;
+
+	request - ixfr yes;
+	provide - ixfr yes;
+
+#Now called 'provide-ixfr'
+#maintain - ixfr - base no; // If yes, keep transaction log file for IXFR
+
+	max - ixfr - log - size 20m;
+	coresize 100;
+	datasize 101;
+	files 230;
+	max - cache - size 1m;
+	stacksize 231;
+	heartbeat - interval 1001;
+	interface - interval 1002;
+	statistics - interval 1003;
+
+	topology {
+		10 / 8;
+
+		!1.2.3 / 24;
+
+		{
+			1.2 / 16;
+			3 / 8;
+		};
+	};
+
+	sortlist {
+		10 / 8;
+		11 / 8;
+	};
+
+	tkey - domain "foo.com";
+	tkey - dhkey "xyz" 666;
+
+	rrset - order {
+		class IN type A name "foo" order random;
+		order cyclic;
+	};
+};
+
+/*
+ * Control listeners, for "ndc".  Every nameserver needs at least one.
+ */
+controls {
+	// 'inet' lines without a 'port' defaults to 'port 953'
+	// 'keys' must be used and the list must have at least one entry
+	inet *port 52 allow { any; }
+	keys { "key2"; };
+	unix "/var/run/ndc" perm 0600 owner 0 group 0; // ignored by named.
+	inet 10.0.0.1 allow {
+		any;
+		key foo;
+	}
+	keys { "key4"; };
+	inet 10.0.0.2 allow { none; }
+	keys {
+		"key-1";
+		"key-2";
+	};
+	inet 10.0.0.2 allow { none; };
+};
+
+zone "master.demo.zone" {
+	type master; // what used to be called "primary"
+	database "somedb -option1 -option2 arg1 arg2 arg3";
+	file "master.demo.zone";
+	check - names fail;
+	allow - update { none; };
+	allow - update - forwarding {
+		10.0.0.5;
+		!any;
+	};
+	allow - transfer { any; };
+	allow - query { any; };
+	sig - validity - interval 990;
+	notify explicit;
+	also - notify {
+		1.0.0.1;
+	}; // don't notify any nameservers other
+	   // than those on the NS list for this
+	   // zone
+	forward first;
+	forwarders {
+		10.0.0.3;
+		1 : 2 : 3 : 4 : 5 : 6 : 7 : 8;
+	};
+};
+
+zone "slave.demo.zone" {
+	type slave; // what used to be called "secondary"
+	file "slave.demo.zone";
+	ixfr - base "slave.demo.zone.ixfr"; // File name for IXFR transaction
+					    // log file
+	masters {
+		1.2.3.4 port 10 key "foo"; // where to zone transfer from
+		5.6.7.8;
+		6.7.8.9 key "zippo";
+	};
+	transfer - source 10.0.0.53; // fixes multihoming problems
+	check - names warn;
+	allow - update { none; };
+	allow - transfer { any; };
+	allow - update - forwarding { any; };
+	allow - query { any; };
+	max - transfer - time - in 120; // if not set, global option is used.
+	max - transfer - time - out 1;	// if not set, global option is used.
+	max - transfer - idle - in 2;	// if not set, global option is used.
+	max - transfer - idle - out 3;	// if not set, global option is used.
+	also - notify { 1.0.0.2; };
+	forward only;
+	forwarders {
+		10.45.45.45;
+		10.0.0.3;
+		1 : 2 : 3 : 4 : 5 : 6 : 7 : 8;
+	};
+};
+
+key "non-viewkey" {
+	secret "YWFh";
+	algorithm "zzz";
+};
+
+view "test-view" in {
+	key "viewkey" {
+		algorithm "xxx";
+		secret "eXl5";
+	};
+	also - notify { 10.2.2.3; };
+	managed - keys { foo.com.static 4 3 2 "abdefghijklmnopqrstuvwxyz"; };
+	sig - validity - interval 45;
+	max - cache - size 100000;
+	allow - query { 10.0.0.30; };
+	additional - from - cache false;
+	additional - from - auth no;
+	match - clients { 10.0.0.1; };
+	check - names master warn;
+	check - names slave ignore;
+	check - names response fail;
+	auth - nxdomain false;
+	recursion true;
+	provide - ixfr false;
+	request - ixfr true;
+	fetch - glue true;
+	notify false;
+	rfc2308 - type1 false;
+	transfer - source 10.0.0.55;
+	transfer - source - v6 4 : 3 : 8 : 1 : 5 : 6 : 7 : 8;
+	query - source port *address 10.0.0.54;
+	query - source - v6 address 6 : 6 : 6 : 6 : 6 : 6 : 6 : 6 port *;
+	max - transfer - time - out 45;
+	max - transfer - idle - out 55;
+	min - roots 3;
+	lame - ttl 477;
+	max - ncache - ttl 333;
+	max - cache - ttl 777;
+	transfer - format many - answers;
+	max - retry - time 7;
+	min - retry - time 4;
+	max - refresh - time 999;
+	min - refresh - time 111;
+
+	zone "view-zone.com" {
+		type master;
+		allow - update - forwarding { 10.0.0.34; };
+		file "view-zone-master";
+	};
+
+	server 5.6.7.8 { keys "viewkey"; };
+
+	server 10.9.8.7 { keys "non-viewkey"; };
+	dialup yes;
+};
+
+zone "stub.demo.zone" {
+	type stub; // stub zones are like slave zones,
+		   // except that only the NS records
+		   // are transferred.
+	dialup yes;
+	file "stub.demo.zone";
+	masters {
+		1.2.3.4; // where to zone transfer from
+		5.6.7.8 port 999;
+	};
+	check - names warn;
+	allow - update { none; };
+	allow - transfer { any; };
+	allow - query { any; };
+
+	max - retry - time 10;
+	min - retry - time 11;
+	max - refresh - time 12;
+	min - refresh - time 13;
+
+	max - transfer - time - in 120; // if not set, global option is used.
+	pubkey 257 255 1 "a useless key";
+	pubkey 257 255 1 "another useless key";
+};
+
+zone "." {
+	type hint; // used to be specified w/ "cache"
+	file "cache.db";
+	//	pubkey 257 255 1
+	//"AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
+};
+
+managed - keys {
+	"." static 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/"
+			     "KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP"
+			     "/rick6gvEer5VcDEkLR5Q==";
+};
+
+acl can_query {
+	!1.2.3 / 24;
+	any;
+}; // network 1.2.3.0 mask 255.255.255.0
+   // is disallowed; rest are OK
+acl can_axfr {
+	1.2.3.4;
+	can_query;
+}; // host 1.2.3.4 and any host allowed
+   // by can_query are OK
+
+zone "disabled-zone.com" {
+	type master;
+	file "bar";
+
+	max - retry - time 100;
+	min - retry - time 110;
+	max - refresh - time 120;
+	min - refresh - time 130;
+};
+
+zone "non-default-acl.demo.zone" {
+	type master;
+	file "foo";
+	allow - query { can_query; };
+	allow - transfer { can_axfr; };
+	allow - update {
+		1.2.3.4;
+		5.6.7.8;
+	};
+	pubkey 666 665 664 "key of the beast";
+	// Errors trapped by parser:
+	//	identity or name not absolute
+	//	'wildcard' match type and no wildcard character in name
+	//
+	// issues:
+	//	- certain rdatatype values (such as "key") are config file
+	// keywords and
+	// 	  must be quoted or a syntax error will occur.
+	//
+
+	update - policy {
+		grant root.domain.subdomain host.domain.A MX CNAME;
+		grant sub.root.domain.wildcard *.host.domain.A;
+		grant root.domain.name host.domain.a ns md mf cname soa mb mg mr
+			"null" wks ptr hinfo minfo mx txt rp afsdb x25 isdn rt
+				nsap sig "key" px gpos aaaa loc nxt srv naptr kx
+					cert a6 dname opt unspec uri tkey tsig;
+		grant foo.bar.com.self foo.bar.com.a;
+	};
+};
+
+key sample_key {			   // for TSIG; supported by parser
+	algorithm hmac - md5;		   // but not yet implemented in the
+	secret "eW91ciBzZWNyZXQgaGVyZQ=="; // rest of the server
+};
+
+key key2 {
+	algorithm hmac - md5;
+	secret "ZXJlaCB0ZXJjZXMgcm91eQ==";
+};
+
+acl key_acl { key sample_key; }; // a request signed with sample_key
+
+server 1.2.3.4 {
+	request - ixfr no;
+	provide - ixfr no;
+	bogus no;			// if yes, we won't query or listen
+					// to this server
+	transfer - format one - answer; // set transfer format for this
+					// server (see the description of
+					// 'transfer-format' above)
+					// if not specified, the global option
+					// will be used
+	transfers 0;			// not implemented
+	keys{ "sample_key" };		// for TSIG; supported by the parser
+					// but not yet implemented in the
+					// rest of the server
+#Now called 'request-ixfr'
+#support - ixfr yes; // for IXFR supported by server
+		     // if yes, the listed server talks IXFR
+};
+
+logging {
+	/*
+	 * All log output goes to one or more "channels"; you can make as
+	 * many of them as you want.
+	 */
+
+	channel syslog_errors { // this channel will send errors or
+		syslog user;	// or worse to syslog (user facility)
+		severity error;
+	};
+
+	channel stderr_errors { stderr; };
+
+	/*
+	 * Channels have a severity level.  Messages at severity levels
+	 * greater than or equal to the channel's level will be logged on
+	 * the channel.  In order of decreasing severity, the levels are:
+	 *
+	 * 	critical		a fatal error
+	 *	error
+	 *	warning
+	 *	notice			a normal, but significant event
+	 *	info			an informational message
+	 *	debug 1			the least detailed debugging info
+	 *	...
+	 *	debug 99		the most detailed debugging info
+	 */
+
+	/*
+	 * Here are the built-in channels:
+	 *
+	 * 	channel default_syslog {
+	 *		syslog daemon;
+	 *		severity info;
+	 *	};
+	 *
+	 *	channel default_debug {
+	 *		file "named.run";	// note: stderr is used instead
+	 *					// of "named.run" if the server
+	 *					// is started with the "-f"
+	 *					// option.
+	 *		severity dynamic;	// this means log debugging
+	 *					// at whatever debugging level
+	 *					// the server is at, and don't
+	 *					// log anything if not
+	 *					// debugging.
+	 *	};
+	 *
+	 *	channel null {			// this is the bit bucket;
+	 *		file "/dev/null";	// any logging to this channel
+	 *					// is discarded.
+	 *	};
+	 *
+	 *	channel default_stderr {	// writes to stderr
+	 *		file "<stderr>";	// this is illustrative only;
+	 *					// there's currently no way
+	 *					// of saying "stderr" in the
+	 *					// configuration language.
+	 *					// i.e. don't try this at home.
+	 *		severity info;
+	 *	};
+	 *
+	 *	default_stderr only works before the server daemonizes (i.e.
+	 *	during initial startup) or when it is running in foreground
+	 *	mode (-f command line option).
+	 */
+
+	/*
+	 * There are many categories, so you can send the logs
+	 * you want to see wherever you want, without seeing logs you
+	 * don't want.  Right now the categories are
+	 *
+	 *	default			the catch-all.  many things still
+	 *				aren't classified into categories, and
+	 *				they all end up here.  also, if you
+	 *				don't specify any channels for a
+	 *				category, the default category is used
+	 *				instead.
+	 *	config			high-level configuration file
+	 *				processing
+	 *	parser			low-level configuration file processing
+	 *	queries			what used to be called "query logging"
+	 *	lame-servers		messages like "Lame server on ..."
+	 *	statistics
+	 *	panic			if the server has to shut itself
+	 *				down due to an internal problem, it
+	 *				logs the problem here (as well as
+	 *				in the problem's native category)
+	 *	update			dynamic update
+	 *	ncache			negative caching
+	 *	xfer-in			zone transfers we're receiving
+	 *	xfer-out		zone transfers we're sending
+	 *	db			all database operations
+	 *	eventlib		debugging info from the event system
+	 *				(see below)
+	 *	packet			dumps of packets received and sent
+	 *				(see below)
+	 *	notify			the NOTIFY protocol
+	 *	cname			messages like "XX points to a CNAME"
+	 *	security		approved/unapproved requests
+	 *	os			operating system problems
+	 *	insist			consistency check failures
+	 *	maintenance		periodic maintenance
+	 *	load			zone loading
+	 *	response-checks		messages like
+	 *				"Malformed response ..."
+	 *				"wrong ans. name ..."
+	 *				"unrelated additional info ..."
+	 *				"invalid RR type ..."
+	 *				"bad referral ..."
+	 */
+
+	category parser {
+		syslog_errors;	// you can log to as many channels
+		default_syslog; // as you want
+	};
+
+	category lame - servers { null; }; // don't log these at all
+
+	channel moderate_debug {
+		file "foo";	      // foo
+		severity debug 3;     // level 3 debugging to file
+		print - time yes;     // timestamp log entries
+		print - category yes; // print category name
+		print - severity yes; // print severity level
+				      /*
+				       * Note that debugging must have been turned on either
+				       * on the command line or with a signal to get debugging
+				       * output (non-debugging output will still be written to
+				       * this channel).
+				       */
+	};
+
+	channel another {
+		file "bar" versions 99 size 10M;
+		severity info;
+	};
+
+	channel third {
+		file "bar" size 100000 versions unlimited;
+		severity debug; // use default debug level
+	};
+
+	/*
+	 * If you don't want to see "zone XXXX loaded" messages but do
+	 * want to see any problems, you could do the following.
+	 */
+	channel no_info_messages {
+		syslog;
+		severity notice;
+	};
+
+	category load { no_info_messages; };
+
+	/*
+	 * You can also define category "default"; it gets used when no
+	 * "category" statement has been given for a category.
+	 */
+	category default {
+		default_syslog;
+		moderate_debug;
+	};
+
+	/*
+	 * If you don't define category default yourself, the default
+	 * default category will be used.  It is
+	 *
+	 * 	category default { default_syslog; default_debug; };
+	 */
+
+	/*
+	 * If you don't define category panic yourself, the default
+	 * panic category will be used.  It is
+	 *
+	 * 	category panic { default_syslog; default_stderr; };
+	 */
+
+	/*
+	 * Two categories, 'packet' and 'eventlib', are special.  Only one
+	 * channel may be assigned to each of them, and it must be a
+	 * file channel.  If you don't define them  yourself, they default to
+	 *
+	 *	category eventlib { default_debug; };
+	 *
+	 *	category packet { default_debug; };
+	 */
+};
+
+#include "filename"; // can't do within a statement

fuzz/isc_lex_getmastertoken.in/simple

@@ -0,0 +1,6 @@
+text
+to
+be
+processed
+by
+lexer

fuzz/isc_lex_gettoken.c

@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <isc/buffer.h>
+#include <isc/lex.h>
+#include <isc/mem.h>
+#include <isc/util.h>
+
+#include "fuzz.h"
+
+static isc_mem_t *mctx = NULL;
+static isc_lex_t *lex = NULL;
+
+int
+LLVMFuzzerInitialize(int *argc __attribute__((unused)),
+		     char ***argv __attribute__((unused))) {
+	isc_result_t result;
+
+	isc_mem_create(&mctx);
+
+	result = isc_lex_create(mctx, 1024, &lex);
+	REQUIRE(result == ISC_R_SUCCESS);
+
+	return (0);
+}
+
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+	isc_buffer_t buf;
+	isc_result_t result;
+
+	isc_buffer_constinit(&buf, data, size);
+	isc_buffer_add(&buf, size);
+	isc_buffer_setactive(&buf, size);
+
+	CHECK(isc_lex_openbuffer(lex, &buf));
+
+	do {
+		isc_token_t token;
+		result = isc_lex_gettoken(lex, 0, &token);
+	} while (result == ISC_R_SUCCESS);
+
+	return (0);
+}

fuzz/isc_lex_gettoken.in/named.conf

@@ -0,0 +1,644 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*
+ * This is a worthless, nonrunnable example of a named.conf file that has
+ * every conceivable syntax element in use.  We use it to test the parser.
+ * It could also be used as a conceptual template for users of new features.
+ */
+
+/*
+ * C-style comments are OK
+ */
+
+// So are C++-style comments
+
+#So are shell - style comments
+
+// watch out for ";" -- it's important!
+
+options {
+	additional - from - auth true;
+	additional - from - cache false;
+
+	version "my version string";
+	random - device "/dev/random";
+	directory "/tmp";
+
+	port 666;
+
+	sig - validity - interval 33;
+
+#Obsolete
+	named - xfer "/usr/libexec/named-xfer"; // _PATH_XFER
+
+	dump - file "named_dump.db";	       // _PATH_DUMPFILE
+	pid - file "/var/run/named.pid";       // _PATH_PIDFILE
+	statistics - file "named.stats";       // _PATH_STATS
+	memstatistics - file "named.memstats"; // _PATH_MEMSTATS
+
+	max - cache - ttl 999;
+	min - cache - ttl 66;
+	auth - nxdomain yes; // always set AA on NXDOMAIN.
+			     // don't set this to 'no' unless
+			     // you know what you're doing -- older
+			     // servers won't like it.
+
+#Obsolete
+	deallocate - on - exit no;
+
+	dialup yes;
+
+#Obsolete
+	fake - iquery no;
+
+	fetch - glue yes;
+	has - old - clients yes;
+	host - statistics no;
+
+#Obsolete
+	multiple - cnames no; // if yes, then a name my have more
+			      // than one CNAME RR.  This use
+			      // is non-standard and is not
+			      // recommended, but it is available
+			      // because previous releases supported
+			      // it and it was used by large sites
+			      // for load balancing.
+
+	notify yes; // send NOTIFY messages.  You can set
+		    // notify on a zone-by-zone
+		    // basis in the "zone" statement
+		    // see (below)
+	recursion yes;
+	rfc2308 - type1 no;
+
+#Obsolete
+	use - id - pool yes;
+
+#Obsolete
+	treat - cr - as - space yes;
+
+	also - notify { 10.0.2.3; };
+
+	// The "forward" option is only meaningful if you've defined
+	// forwarders.  "first" gives the normal BIND
+	// forwarding behavior, i.e. ask the forwarders first, and if that
+	// doesn't work then do the full lookup.  You can also say
+	// "forward only;" which is what used to be specified with
+	// "slave" or "options forward-only".  "only" will never attempt
+	// a full lookup; only the forwarders will be used.
+	forward first;
+	forwarders {
+		1.2.3.4;
+		5.6.7.8;
+	};
+
+	check - names master fail;
+	check - names slave warn;
+	check - names response ignore;
+
+	allow - query { any; };
+	allow - transfer { any; };
+	allow - recursion { !any; };
+	blackhole { 45 / 24; };
+	keep - response - order { 46 / 24; };
+
+	listen - on {
+		10 / 24;
+		10.0.0.3;
+	};
+
+	listen - on port 53 { any; };
+
+	listen - on { 5.6.7.8; };
+
+	listen - on port 1234 {
+		!1.2.3.4;
+		1.2.3 / 24;
+	};
+
+	listen - on - v6 { 1 : 1 : 1 : 1 : 1 : 1 : 1 : 1; };
+
+	listen - on - v6 port 777 { 2 : 2 : 2 : 2 : 2 : 2 : 2 : 2; };
+
+	query - source - v6 address 8 : 7 : 6 : 5 : 4 : 3 : 2 : 1 port *;
+	query - source port *address 10.0.0.54;
+
+	lame - ttl 444;
+
+	max - transfer - time - in 300;
+	max - transfer - time - out 10;
+	max - transfer - idle - in 100;
+	max - transfer - idle - out 11;
+
+	max - retry - time 1234;
+	min - retry - time 1111;
+	max - refresh - time 888;
+	min - refresh - time 777;
+
+	max - ncache - ttl 333;
+	min - ncache - ttl 22;
+	min - roots 15;
+	serial - queries 34;
+
+	transfer - format one - answer;
+
+	transfers - in 10;
+	transfers - per - ns 2;
+	transfers - out 0;
+
+	transfer - source 10.0.0.5;
+	transfer - source - v6 4 : 3 : 2 : 1 : 5 : 6 : 7 : 8;
+
+	request - ixfr yes;
+	provide - ixfr yes;
+
+#Now called 'provide-ixfr'
+#maintain - ixfr - base no; // If yes, keep transaction log file for IXFR
+
+	max - ixfr - log - size 20m;
+	coresize 100;
+	datasize 101;
+	files 230;
+	max - cache - size 1m;
+	stacksize 231;
+	heartbeat - interval 1001;
+	interface - interval 1002;
+	statistics - interval 1003;
+
+	topology {
+		10 / 8;
+
+		!1.2.3 / 24;
+
+		{
+			1.2 / 16;
+			3 / 8;
+		};
+	};
+
+	sortlist {
+		10 / 8;
+		11 / 8;
+	};
+
+	tkey - domain "foo.com";
+	tkey - dhkey "xyz" 666;
+
+	rrset - order {
+		class IN type A name "foo" order random;
+		order cyclic;
+	};
+};
+
+/*
+ * Control listeners, for "ndc".  Every nameserver needs at least one.
+ */
+controls {
+	// 'inet' lines without a 'port' defaults to 'port 953'
+	// 'keys' must be used and the list must have at least one entry
+	inet *port 52 allow { any; }
+	keys { "key2"; };
+	unix "/var/run/ndc" perm 0600 owner 0 group 0; // ignored by named.
+	inet 10.0.0.1 allow {
+		any;
+		key foo;
+	}
+	keys { "key4"; };
+	inet 10.0.0.2 allow { none; }
+	keys {
+		"key-1";
+		"key-2";
+	};
+	inet 10.0.0.2 allow { none; };
+};
+
+zone "master.demo.zone" {
+	type master; // what used to be called "primary"
+	database "somedb -option1 -option2 arg1 arg2 arg3";
+	file "master.demo.zone";
+	check - names fail;
+	allow - update { none; };
+	allow - update - forwarding {
+		10.0.0.5;
+		!any;
+	};
+	allow - transfer { any; };
+	allow - query { any; };
+	sig - validity - interval 990;
+	notify explicit;
+	also - notify {
+		1.0.0.1;
+	}; // don't notify any nameservers other
+	   // than those on the NS list for this
+	   // zone
+	forward first;
+	forwarders {
+		10.0.0.3;
+		1 : 2 : 3 : 4 : 5 : 6 : 7 : 8;
+	};
+};
+
+zone "slave.demo.zone" {
+	type slave; // what used to be called "secondary"
+	file "slave.demo.zone";
+	ixfr - base "slave.demo.zone.ixfr"; // File name for IXFR transaction
+					    // log file
+	masters {
+		1.2.3.4 port 10 key "foo"; // where to zone transfer from
+		5.6.7.8;
+		6.7.8.9 key "zippo";
+	};
+	transfer - source 10.0.0.53; // fixes multihoming problems
+	check - names warn;
+	allow - update { none; };
+	allow - transfer { any; };
+	allow - update - forwarding { any; };
+	allow - query { any; };
+	max - transfer - time - in 120; // if not set, global option is used.
+	max - transfer - time - out 1;	// if not set, global option is used.
+	max - transfer - idle - in 2;	// if not set, global option is used.
+	max - transfer - idle - out 3;	// if not set, global option is used.
+	also - notify { 1.0.0.2; };
+	forward only;
+	forwarders {
+		10.45.45.45;
+		10.0.0.3;
+		1 : 2 : 3 : 4 : 5 : 6 : 7 : 8;
+	};
+};
+
+key "non-viewkey" {
+	secret "YWFh";
+	algorithm "zzz";
+};
+
+view "test-view" in {
+	key "viewkey" {
+		algorithm "xxx";
+		secret "eXl5";
+	};
+	also - notify { 10.2.2.3; };
+	managed - keys { foo.com.static 4 3 2 "abdefghijklmnopqrstuvwxyz"; };
+	sig - validity - interval 45;
+	max - cache - size 100000;
+	allow - query { 10.0.0.30; };
+	additional - from - cache false;
+	additional - from - auth no;
+	match - clients { 10.0.0.1; };
+	check - names master warn;
+	check - names slave ignore;
+	check - names response fail;
+	auth - nxdomain false;
+	recursion true;
+	provide - ixfr false;
+	request - ixfr true;
+	fetch - glue true;
+	notify false;
+	rfc2308 - type1 false;
+	transfer - source 10.0.0.55;
+	transfer - source - v6 4 : 3 : 8 : 1 : 5 : 6 : 7 : 8;
+	query - source port *address 10.0.0.54;
+	query - source - v6 address 6 : 6 : 6 : 6 : 6 : 6 : 6 : 6 port *;
+	max - transfer - time - out 45;
+	max - transfer - idle - out 55;
+	min - roots 3;
+	lame - ttl 477;
+	max - ncache - ttl 333;
+	max - cache - ttl 777;
+	transfer - format many - answers;
+	max - retry - time 7;
+	min - retry - time 4;
+	max - refresh - time 999;
+	min - refresh - time 111;
+
+	zone "view-zone.com" {
+		type master;
+		allow - update - forwarding { 10.0.0.34; };
+		file "view-zone-master";
+	};
+
+	server 5.6.7.8 { keys "viewkey"; };
+
+	server 10.9.8.7 { keys "non-viewkey"; };
+	dialup yes;
+};
+
+zone "stub.demo.zone" {
+	type stub; // stub zones are like slave zones,
+		   // except that only the NS records
+		   // are transferred.
+	dialup yes;
+	file "stub.demo.zone";
+	masters {
+		1.2.3.4; // where to zone transfer from
+		5.6.7.8 port 999;
+	};
+	check - names warn;
+	allow - update { none; };
+	allow - transfer { any; };
+	allow - query { any; };
+
+	max - retry - time 10;
+	min - retry - time 11;
+	max - refresh - time 12;
+	min - refresh - time 13;
+
+	max - transfer - time - in 120; // if not set, global option is used.
+	pubkey 257 255 1 "a useless key";
+	pubkey 257 255 1 "another useless key";
+};
+
+zone "." {
+	type hint; // used to be specified w/ "cache"
+	file "cache.db";
+	//	pubkey 257 255 1
+	//"AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
+};
+
+managed - keys {
+	"." static 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/"
+			     "KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP"
+			     "/rick6gvEer5VcDEkLR5Q==";
+};
+
+acl can_query {
+	!1.2.3 / 24;
+	any;
+}; // network 1.2.3.0 mask 255.255.255.0
+   // is disallowed; rest are OK
+acl can_axfr {
+	1.2.3.4;
+	can_query;
+}; // host 1.2.3.4 and any host allowed
+   // by can_query are OK
+
+zone "disabled-zone.com" {
+	type master;
+	file "bar";
+
+	max - retry - time 100;
+	min - retry - time 110;
+	max - refresh - time 120;
+	min - refresh - time 130;
+};
+
+zone "non-default-acl.demo.zone" {
+	type master;
+	file "foo";
+	allow - query { can_query; };
+	allow - transfer { can_axfr; };
+	allow - update {
+		1.2.3.4;
+		5.6.7.8;
+	};
+	pubkey 666 665 664 "key of the beast";
+	// Errors trapped by parser:
+	//	identity or name not absolute
+	//	'wildcard' match type and no wildcard character in name
+	//
+	// issues:
+	//	- certain rdatatype values (such as "key") are config file
+	// keywords and
+	// 	  must be quoted or a syntax error will occur.
+	//
+
+	update - policy {
+		grant root.domain.subdomain host.domain.A MX CNAME;
+		grant sub.root.domain.wildcard *.host.domain.A;
+		grant root.domain.name host.domain.a ns md mf cname soa mb mg mr
+			"null" wks ptr hinfo minfo mx txt rp afsdb x25 isdn rt
+				nsap sig "key" px gpos aaaa loc nxt srv naptr kx
+					cert a6 dname opt unspec uri tkey tsig;
+		grant foo.bar.com.self foo.bar.com.a;
+	};
+};
+
+key sample_key {			   // for TSIG; supported by parser
+	algorithm hmac - md5;		   // but not yet implemented in the
+	secret "eW91ciBzZWNyZXQgaGVyZQ=="; // rest of the server
+};
+
+key key2 {
+	algorithm hmac - md5;
+	secret "ZXJlaCB0ZXJjZXMgcm91eQ==";
+};
+
+acl key_acl { key sample_key; }; // a request signed with sample_key
+
+server 1.2.3.4 {
+	request - ixfr no;
+	provide - ixfr no;
+	bogus no;			// if yes, we won't query or listen
+					// to this server
+	transfer - format one - answer; // set transfer format for this
+					// server (see the description of
+					// 'transfer-format' above)
+					// if not specified, the global option
+					// will be used
+	transfers 0;			// not implemented
+	keys{ "sample_key" };		// for TSIG; supported by the parser
+					// but not yet implemented in the
+					// rest of the server
+#Now called 'request-ixfr'
+#support - ixfr yes; // for IXFR supported by server
+		     // if yes, the listed server talks IXFR
+};
+
+logging {
+	/*
+	 * All log output goes to one or more "channels"; you can make as
+	 * many of them as you want.
+	 */
+
+	channel syslog_errors { // this channel will send errors or
+		syslog user;	// or worse to syslog (user facility)
+		severity error;
+	};
+
+	channel stderr_errors { stderr; };
+
+	/*
+	 * Channels have a severity level.  Messages at severity levels
+	 * greater than or equal to the channel's level will be logged on
+	 * the channel.  In order of decreasing severity, the levels are:
+	 *
+	 * 	critical		a fatal error
+	 *	error
+	 *	warning
+	 *	notice			a normal, but significant event
+	 *	info			an informational message
+	 *	debug 1			the least detailed debugging info
+	 *	...
+	 *	debug 99		the most detailed debugging info
+	 */
+
+	/*
+	 * Here are the built-in channels:
+	 *
+	 * 	channel default_syslog {
+	 *		syslog daemon;
+	 *		severity info;
+	 *	};
+	 *
+	 *	channel default_debug {
+	 *		file "named.run";	// note: stderr is used instead
+	 *					// of "named.run" if the server
+	 *					// is started with the "-f"
+	 *					// option.
+	 *		severity dynamic;	// this means log debugging
+	 *					// at whatever debugging level
+	 *					// the server is at, and don't
+	 *					// log anything if not
+	 *					// debugging.
+	 *	};
+	 *
+	 *	channel null {			// this is the bit bucket;
+	 *		file "/dev/null";	// any logging to this channel
+	 *					// is discarded.
+	 *	};
+	 *
+	 *	channel default_stderr {	// writes to stderr
+	 *		file "<stderr>";	// this is illustrative only;
+	 *					// there's currently no way
+	 *					// of saying "stderr" in the
+	 *					// configuration language.
+	 *					// i.e. don't try this at home.
+	 *		severity info;
+	 *	};
+	 *
+	 *	default_stderr only works before the server daemonizes (i.e.
+	 *	during initial startup) or when it is running in foreground
+	 *	mode (-f command line option).
+	 */
+
+	/*
+	 * There are many categories, so you can send the logs
+	 * you want to see wherever you want, without seeing logs you
+	 * don't want.  Right now the categories are
+	 *
+	 *	default			the catch-all.  many things still
+	 *				aren't classified into categories, and
+	 *				they all end up here.  also, if you
+	 *				don't specify any channels for a
+	 *				category, the default category is used
+	 *				instead.
+	 *	config			high-level configuration file
+	 *				processing
+	 *	parser			low-level configuration file processing
+	 *	queries			what used to be called "query logging"
+	 *	lame-servers		messages like "Lame server on ..."
+	 *	statistics
+	 *	panic			if the server has to shut itself
+	 *				down due to an internal problem, it
+	 *				logs the problem here (as well as
+	 *				in the problem's native category)
+	 *	update			dynamic update
+	 *	ncache			negative caching
+	 *	xfer-in			zone transfers we're receiving
+	 *	xfer-out		zone transfers we're sending
+	 *	db			all database operations
+	 *	eventlib		debugging info from the event system
+	 *				(see below)
+	 *	packet			dumps of packets received and sent
+	 *				(see below)
+	 *	notify			the NOTIFY protocol
+	 *	cname			messages like "XX points to a CNAME"
+	 *	security		approved/unapproved requests
+	 *	os			operating system problems
+	 *	insist			consistency check failures
+	 *	maintenance		periodic maintenance
+	 *	load			zone loading
+	 *	response-checks		messages like
+	 *				"Malformed response ..."
+	 *				"wrong ans. name ..."
+	 *				"unrelated additional info ..."
+	 *				"invalid RR type ..."
+	 *				"bad referral ..."
+	 */
+
+	category parser {
+		syslog_errors;	// you can log to as many channels
+		default_syslog; // as you want
+	};
+
+	category lame - servers { null; }; // don't log these at all
+
+	channel moderate_debug {
+		file "foo";	      // foo
+		severity debug 3;     // level 3 debugging to file
+		print - time yes;     // timestamp log entries
+		print - category yes; // print category name
+		print - severity yes; // print severity level
+				      /*
+				       * Note that debugging must have been turned on either
+				       * on the command line or with a signal to get debugging
+				       * output (non-debugging output will still be written to
+				       * this channel).
+				       */
+	};
+
+	channel another {
+		file "bar" versions 99 size 10M;
+		severity info;
+	};
+
+	channel third {
+		file "bar" size 100000 versions unlimited;
+		severity debug; // use default debug level
+	};
+
+	/*
+	 * If you don't want to see "zone XXXX loaded" messages but do
+	 * want to see any problems, you could do the following.
+	 */
+	channel no_info_messages {
+		syslog;
+		severity notice;
+	};
+
+	category load { no_info_messages; };
+
+	/*
+	 * You can also define category "default"; it gets used when no
+	 * "category" statement has been given for a category.
+	 */
+	category default {
+		default_syslog;
+		moderate_debug;
+	};
+
+	/*
+	 * If you don't define category default yourself, the default
+	 * default category will be used.  It is
+	 *
+	 * 	category default { default_syslog; default_debug; };
+	 */
+
+	/*
+	 * If you don't define category panic yourself, the default
+	 * panic category will be used.  It is
+	 *
+	 * 	category panic { default_syslog; default_stderr; };
+	 */
+
+	/*
+	 * Two categories, 'packet' and 'eventlib', are special.  Only one
+	 * channel may be assigned to each of them, and it must be a
+	 * file channel.  If you don't define them  yourself, they default to
+	 *
+	 *	category eventlib { default_debug; };
+	 *
+	 *	category packet { default_debug; };
+	 */
+};
+
+#include "filename"; // can't do within a statement

fuzz/isc_lex_gettoken.in/simple

@@ -0,0 +1,6 @@
+text
+to
+be
+processed
+by
+lexer

fuzz/libfuzzer.sh

@@ -0,0 +1,12 @@
+#!/bin/sh -ex
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+exec "${2}" "${1}/$(basename "${2}").in" -max_total_time=5 -print_pcs=1 -print_final_stats=1 -print_corpus_stats=1 -print_coverage=1

fuzz/main.c

@@ -93,6 +93,8 @@ main(int argc, char **argv) {
 	char corpusdir[PATH_MAX];
 	const char *target = strrchr(argv[0], '/');
 
+	(void)LLVMFuzzerInitialize(&argc, &argv);
+
 	UNUSED(argc);
 	UNUSED(argv);
 
@@ -115,8 +117,7 @@ main(int argc, char **argv) {
 	int ret;
 	unsigned char buf[64 * 1024];
 
-	UNUSED(argc);
-	UNUSED(argv);
+	(void)LLVMFuzzerInitialize(&argc, &argv);
 
 #ifdef __AFL_LOOP
 	while (__AFL_LOOP(10000)) { /* only works with afl-clang-fast */

util/copyrights

@@ -1236,9 +1236,13 @@
 ./docutil/patch-db2latex-duplicate-template-bug	X	2007,2018,2019,2020
 ./docutil/patch-db2latex-nested-param-bug	X	2007,2018,2019,2020
 ./docutil/patch-db2latex-xsltproc-title-bug	X	2007,2018,2019,2020
+./fuzz/afl.sh					SH	2020
 ./fuzz/dns_name_fromtext_target.c		C	2018,2019,2020
 ./fuzz/dns_rdata_fromwire_text.c		C	2019,2020
 ./fuzz/fuzz.h					C	2018,2019,2020
+./fuzz/isc_lex_getmastertoken.c			C	2020
+./fuzz/isc_lex_gettoken.c			C	2020
+./fuzz/libfuzzer.sh				SH	2020
 ./fuzz/main.c					C	2018,2019,2020
 ./lib/bind9/api					X	2001,2006,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020
 ./lib/bind9/check.c				C	2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020