diff --git a/Makefile.am b/Makefile.am index 8b95fa378b..88c72f144d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,6 +1,6 @@ include $(top_srcdir)/Makefile.top -SUBDIRS = . libltdl lib doc bin +SUBDIRS = . libltdl lib doc bin fuzz BUILT_SOURCES = bind.keys.h CLEANFILES = bind.keys.h diff --git a/configure.ac b/configure.ac index 80c02b940a..fdde51e2e3 100644 --- a/configure.ac +++ b/configure.ac @@ -212,13 +212,18 @@ AS_CASE([$enable_fuzzing], AC_MSG_RESULT([using AFL]) AC_DEFINE([ENABLE_AFL], [1], [Define to enable American Fuzzy Lop test harness]) - CFLAGS="$CFLAGS -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1" - LIBS="$LIBS -lpthread"], + STD_CFLAGS="$STD_CFLAGS -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1" + FUZZ_LOG_COMPILER="afl.sh"], [libfuzzer],[ AC_MSG_RESULT([using libFuzzer]) - CFLAGS="$CFLAGS -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -fsanitize=fuzzer,address,undefined" - LDFLAGS="$LDFLAGS -fsanitize=fuzzer,address,undefined"], + STD_CFLAGS="$STD_CFLAGS -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -fsanitize=fuzzer-no-link,address,undefined" + LDFLAGS="$LDFLAGS -fsanitize=address,undefined" + FUZZ_LDFLAGS="-fsanitize=fuzzer,address,undefined" + FUZZ_LOG_COMPILER="libfuzzer.sh"], [*],[AC_MSG_ERROR([You need to explicitly select the fuzzer])]) +AM_CONDITIONAL([HAVE_FUZZ_LOG_COMPILER], [test -n "$FUZZ_LOG_COMPILER"]) +AC_SUBST([FUZZ_LOG_COMPILER]) +AC_SUBST([FUZZ_LDFLAGS]) AS_IF([test "$enable_fuzzing" = "afl"], [AC_MSG_CHECKING("for AFL enabled compiler") @@ -1672,6 +1677,10 @@ AC_CONFIG_FILES([bin/tests/system/start.sh], AC_CONFIG_FILES([bin/tests/system/stop.sh], [chmod +x bin/tests/system/stop.sh]) +# Fuzz Tests + +AC_CONFIG_FILES([fuzz/Makefile]) + # Misc AC_CONFIG_FILES([util/check-make-install]) diff --git a/fuzz/.gitignore b/fuzz/.gitignore index 8edb50ea2f..7f88801a32 100644 --- a/fuzz/.gitignore +++ b/fuzz/.gitignore @@ -1,4 +1,6 @@ /*.dSYM/ -dns_name_fromtext_target -dns_rdata_fromwire_text /*.out/ +/dns_name_fromtext_target +/dns_rdata_fromwire_text +/isc_lex_getmastertoken +/isc_lex_gettoken diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am new file mode 100644 index 0000000000..d3c858a606 --- /dev/null +++ b/fuzz/Makefile.am @@ -0,0 +1,39 @@ +include $(top_srcdir)/Makefile.top + +AM_CPPFLAGS += \ + $(LIBISC_CFLAGS) \ + $(LIBDNS_CFLAGS) \ + -DFUZZDIR=\"$(abs_srcdir)\" + +AM_LDFLAGS = \ + $(FUZZ_LDFLAGS) + +LDADD = \ + libfuzzmain.la \ + $(LIBISC_LIBS) \ + $(LIBDNS_LIBS) + +check_LTLIBRARIES = libfuzzmain.la +libfuzzmain_la_SOURCES = \ + main.c + +check_PROGRAMS = \ + dns_name_fromtext_target \ + dns_rdata_fromwire_text \ + isc_lex_getmastertoken \ + isc_lex_gettoken + +EXTRA_DIST = \ + dns_name_fromtext_target.in \ + dns_rdata_fromwire_text.in \ + isc_lex_getmastertoken.in \ + isc_lex_gettoken.in + +TESTS = $(check_PROGRAMS) + +if HAVE_FUZZ_LOG_COMPILER +LOG_COMPILER = $(srcdir)/$(FUZZ_LOG_COMPILER) +AM_LOG_FLAGS = $(srcdir) +endif HAVE_FUZZ_LOG_COMPILER + +unit-local: check diff --git a/fuzz/afl.sh b/fuzz/afl.sh new file mode 100755 index 0000000000..b97862af8a --- /dev/null +++ b/fuzz/afl.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +echo "The AFL log compiler is not implemented yet." + +exit 1 diff --git a/fuzz/dns_name_fromtext_target.c b/fuzz/dns_name_fromtext_target.c index 0e7af6b9ca..e85e61e33a 100644 --- a/fuzz/dns_name_fromtext_target.c +++ b/fuzz/dns_name_fromtext_target.c @@ -18,24 +18,34 @@ #include #include +#include "fuzz.h" + +static isc_mem_t *mctx = NULL; + int -LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); +LLVMFuzzerInitialize(int *argc __attribute__((unused)), + char ***argv __attribute__((unused))) { + isc_mem_create(&mctx); + RUNTIME_CHECK(dst_lib_init(mctx, NULL) == ISC_R_SUCCESS); + return (0); +} int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { isc_buffer_t buf; isc_result_t result; dns_fixedname_t origin; - char *de_const; if (size < 5) { return (0); } dns_fixedname_init(&origin); - DE_CONST(data, de_const); - isc_buffer_init(&buf, (void *)de_const, size); + + isc_buffer_constinit(&buf, data, size); isc_buffer_add(&buf, size); + isc_buffer_setactive(&buf, size); + result = dns_name_fromtext(dns_fixedname_name(&origin), &buf, dns_rootname, 0, NULL); UNUSED(result); diff --git a/fuzz/dns_rdata_fromwire_text.c b/fuzz/dns_rdata_fromwire_text.c index 10f0e4c291..20db8058d3 100644 --- a/fuzz/dns_rdata_fromwire_text.c +++ b/fuzz/dns_rdata_fromwire_text.c @@ -26,11 +26,7 @@ #include #include -#define CHECK(x) \ - ({ \ - if ((result = (x)) != ISC_R_SUCCESS) \ - goto done; \ - }) +#include "fuzz.h" /* * Fuzz input to dns_rdata_fromwire(). Then convert the result @@ -38,8 +34,28 @@ * format again, checking for consistency throughout the sequence. */ +static isc_mem_t *mctx = NULL; +static isc_lex_t *lex = NULL; + int -LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); +LLVMFuzzerInitialize(int *argc __attribute__((unused)), + char ***argv __attribute__((unused))) { + isc_lexspecials_t specials; + + isc_mem_create(&mctx); + RUNTIME_CHECK(dst_lib_init(mctx, NULL) == ISC_R_SUCCESS); + CHECK(isc_lex_create(mctx, 64, &lex)); + + memset(specials, 0, sizeof(specials)); + specials[0] = 1; + specials['('] = 1; + specials[')'] = 1; + specials['"'] = 1; + isc_lex_setspecials(lex, specials); + isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE); + + return (0); +} static void nullmsg(dns_rdatacallbacks_t *cb, const char *fmt, ...) { @@ -62,9 +78,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { rdata3 = DNS_RDATA_INIT; dns_rdatacallbacks_t callbacks; isc_buffer_t source, target; - isc_lex_t *lex = NULL; - isc_lexspecials_t specials; - isc_mem_t *mctx = NULL; isc_result_t result; unsigned char fromtext[1024]; unsigned char fromwire[1024]; @@ -73,7 +86,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { unsigned int types = 1, flags, t; if (size < 2) { - goto done; + return (0); } /* @@ -100,17 +113,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { rdclass = classlist[(*data++) % classes]; size--; - isc_mem_create(&mctx); - - CHECK(isc_lex_create(mctx, 64, &lex)); - memset(specials, 0, sizeof(specials)); - specials[0] = 1; - specials['('] = 1; - specials[')'] = 1; - specials['"'] = 1; - isc_lex_setspecials(lex, specials); - isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE); - dns_rdatacallbacks_init(&callbacks); callbacks.warn = callbacks.error = nullmsg; @@ -184,12 +186,5 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { assert(target.used == size); assert(!memcmp(target.base, data, size)); -done: - if (lex != NULL) { - isc_lex_destroy(&lex); - } - if (lex != NULL) { - isc_mem_detach(&mctx); - } return (0); } diff --git a/fuzz/fuzz.h b/fuzz/fuzz.h index b0976e634b..a3f4ae8388 100644 --- a/fuzz/fuzz.h +++ b/fuzz/fuzz.h @@ -23,19 +23,16 @@ ISC_LANG_BEGINDECLS +int +LLVMFuzzerInitialize(int *argc __attribute__((unused)), + char ***argv __attribute__((unused))); + int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); -static isc_mem_t *mctx = NULL; - -static void __attribute__((constructor)) init(void) { - isc_mem_create(&mctx); - RUNTIME_CHECK(dst_lib_init(mctx, NULL) == ISC_R_SUCCESS); -} - -static void __attribute__((destructor)) deinit(void) { - dst_lib_destroy(); - isc_mem_destroy(&mctx); -} +#define CHECK(x) \ + if ((x) != ISC_R_SUCCESS) { \ + return 0; \ + } ISC_LANG_ENDDECLS diff --git a/fuzz/isc_lex_getmastertoken.c b/fuzz/isc_lex_getmastertoken.c new file mode 100644 index 0000000000..75a2329585 --- /dev/null +++ b/fuzz/isc_lex_getmastertoken.c @@ -0,0 +1,62 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#include +#include + +#include +#include +#include +#include + +#include "fuzz.h" + +int +LLVMFuzzerInitialize(int *argc __attribute__((unused)), + char ***argv __attribute__((unused))); + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +static isc_mem_t *mctx = NULL; +static isc_lex_t *lex = NULL; + +int +LLVMFuzzerInitialize(int *argc __attribute__((unused)), + char ***argv __attribute__((unused))) { + isc_result_t result; + + isc_mem_create(&mctx); + + result = isc_lex_create(mctx, 1024, &lex); + REQUIRE(result == ISC_R_SUCCESS); + + return (0); +} + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + isc_buffer_t buf; + isc_result_t result; + + isc_buffer_constinit(&buf, data, size); + isc_buffer_add(&buf, size); + isc_buffer_setactive(&buf, size); + + CHECK(isc_lex_openbuffer(lex, &buf)); + + do { + isc_token_t token; + result = isc_lex_gettoken(lex, 0, &token); + } while (result == ISC_R_SUCCESS); + + return (0); +} diff --git a/fuzz/isc_lex_getmastertoken.in/named.conf b/fuzz/isc_lex_getmastertoken.in/named.conf new file mode 100644 index 0000000000..f7d39fdabe --- /dev/null +++ b/fuzz/isc_lex_getmastertoken.in/named.conf @@ -0,0 +1,644 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * This is a worthless, nonrunnable example of a named.conf file that has + * every conceivable syntax element in use. We use it to test the parser. + * It could also be used as a conceptual template for users of new features. + */ + +/* + * C-style comments are OK + */ + +// So are C++-style comments + +#So are shell - style comments + +// watch out for ";" -- it's important! + +options { + additional - from - auth true; + additional - from - cache false; + + version "my version string"; + random - device "/dev/random"; + directory "/tmp"; + + port 666; + + sig - validity - interval 33; + +#Obsolete + named - xfer "/usr/libexec/named-xfer"; // _PATH_XFER + + dump - file "named_dump.db"; // _PATH_DUMPFILE + pid - file "/var/run/named.pid"; // _PATH_PIDFILE + statistics - file "named.stats"; // _PATH_STATS + memstatistics - file "named.memstats"; // _PATH_MEMSTATS + + max - cache - ttl 999; + min - cache - ttl 66; + auth - nxdomain yes; // always set AA on NXDOMAIN. + // don't set this to 'no' unless + // you know what you're doing -- older + // servers won't like it. + +#Obsolete + deallocate - on - exit no; + + dialup yes; + +#Obsolete + fake - iquery no; + + fetch - glue yes; + has - old - clients yes; + host - statistics no; + +#Obsolete + multiple - cnames no; // if yes, then a name my have more + // than one CNAME RR. This use + // is non-standard and is not + // recommended, but it is available + // because previous releases supported + // it and it was used by large sites + // for load balancing. + + notify yes; // send NOTIFY messages. You can set + // notify on a zone-by-zone + // basis in the "zone" statement + // see (below) + recursion yes; + rfc2308 - type1 no; + +#Obsolete + use - id - pool yes; + +#Obsolete + treat - cr - as - space yes; + + also - notify { 10.0.2.3; }; + + // The "forward" option is only meaningful if you've defined + // forwarders. "first" gives the normal BIND + // forwarding behavior, i.e. ask the forwarders first, and if that + // doesn't work then do the full lookup. You can also say + // "forward only;" which is what used to be specified with + // "slave" or "options forward-only". "only" will never attempt + // a full lookup; only the forwarders will be used. + forward first; + forwarders { + 1.2.3.4; + 5.6.7.8; + }; + + check - names master fail; + check - names slave warn; + check - names response ignore; + + allow - query { any; }; + allow - transfer { any; }; + allow - recursion { !any; }; + blackhole { 45 / 24; }; + keep - response - order { 46 / 24; }; + + listen - on { + 10 / 24; + 10.0.0.3; + }; + + listen - on port 53 { any; }; + + listen - on { 5.6.7.8; }; + + listen - on port 1234 { + !1.2.3.4; + 1.2.3 / 24; + }; + + listen - on - v6 { 1 : 1 : 1 : 1 : 1 : 1 : 1 : 1; }; + + listen - on - v6 port 777 { 2 : 2 : 2 : 2 : 2 : 2 : 2 : 2; }; + + query - source - v6 address 8 : 7 : 6 : 5 : 4 : 3 : 2 : 1 port *; + query - source port *address 10.0.0.54; + + lame - ttl 444; + + max - transfer - time - in 300; + max - transfer - time - out 10; + max - transfer - idle - in 100; + max - transfer - idle - out 11; + + max - retry - time 1234; + min - retry - time 1111; + max - refresh - time 888; + min - refresh - time 777; + + max - ncache - ttl 333; + min - ncache - ttl 22; + min - roots 15; + serial - queries 34; + + transfer - format one - answer; + + transfers - in 10; + transfers - per - ns 2; + transfers - out 0; + + transfer - source 10.0.0.5; + transfer - source - v6 4 : 3 : 2 : 1 : 5 : 6 : 7 : 8; + + request - ixfr yes; + provide - ixfr yes; + +#Now called 'provide-ixfr' +#maintain - ixfr - base no; // If yes, keep transaction log file for IXFR + + max - ixfr - log - size 20m; + coresize 100; + datasize 101; + files 230; + max - cache - size 1m; + stacksize 231; + heartbeat - interval 1001; + interface - interval 1002; + statistics - interval 1003; + + topology { + 10 / 8; + + !1.2.3 / 24; + + { + 1.2 / 16; + 3 / 8; + }; + }; + + sortlist { + 10 / 8; + 11 / 8; + }; + + tkey - domain "foo.com"; + tkey - dhkey "xyz" 666; + + rrset - order { + class IN type A name "foo" order random; + order cyclic; + }; +}; + +/* + * Control listeners, for "ndc". Every nameserver needs at least one. + */ +controls { + // 'inet' lines without a 'port' defaults to 'port 953' + // 'keys' must be used and the list must have at least one entry + inet *port 52 allow { any; } + keys { "key2"; }; + unix "/var/run/ndc" perm 0600 owner 0 group 0; // ignored by named. + inet 10.0.0.1 allow { + any; + key foo; + } + keys { "key4"; }; + inet 10.0.0.2 allow { none; } + keys { + "key-1"; + "key-2"; + }; + inet 10.0.0.2 allow { none; }; +}; + +zone "master.demo.zone" { + type master; // what used to be called "primary" + database "somedb -option1 -option2 arg1 arg2 arg3"; + file "master.demo.zone"; + check - names fail; + allow - update { none; }; + allow - update - forwarding { + 10.0.0.5; + !any; + }; + allow - transfer { any; }; + allow - query { any; }; + sig - validity - interval 990; + notify explicit; + also - notify { + 1.0.0.1; + }; // don't notify any nameservers other + // than those on the NS list for this + // zone + forward first; + forwarders { + 10.0.0.3; + 1 : 2 : 3 : 4 : 5 : 6 : 7 : 8; + }; +}; + +zone "slave.demo.zone" { + type slave; // what used to be called "secondary" + file "slave.demo.zone"; + ixfr - base "slave.demo.zone.ixfr"; // File name for IXFR transaction + // log file + masters { + 1.2.3.4 port 10 key "foo"; // where to zone transfer from + 5.6.7.8; + 6.7.8.9 key "zippo"; + }; + transfer - source 10.0.0.53; // fixes multihoming problems + check - names warn; + allow - update { none; }; + allow - transfer { any; }; + allow - update - forwarding { any; }; + allow - query { any; }; + max - transfer - time - in 120; // if not set, global option is used. + max - transfer - time - out 1; // if not set, global option is used. + max - transfer - idle - in 2; // if not set, global option is used. + max - transfer - idle - out 3; // if not set, global option is used. + also - notify { 1.0.0.2; }; + forward only; + forwarders { + 10.45.45.45; + 10.0.0.3; + 1 : 2 : 3 : 4 : 5 : 6 : 7 : 8; + }; +}; + +key "non-viewkey" { + secret "YWFh"; + algorithm "zzz"; +}; + +view "test-view" in { + key "viewkey" { + algorithm "xxx"; + secret "eXl5"; + }; + also - notify { 10.2.2.3; }; + managed - keys { foo.com.static 4 3 2 "abdefghijklmnopqrstuvwxyz"; }; + sig - validity - interval 45; + max - cache - size 100000; + allow - query { 10.0.0.30; }; + additional - from - cache false; + additional - from - auth no; + match - clients { 10.0.0.1; }; + check - names master warn; + check - names slave ignore; + check - names response fail; + auth - nxdomain false; + recursion true; + provide - ixfr false; + request - ixfr true; + fetch - glue true; + notify false; + rfc2308 - type1 false; + transfer - source 10.0.0.55; + transfer - source - v6 4 : 3 : 8 : 1 : 5 : 6 : 7 : 8; + query - source port *address 10.0.0.54; + query - source - v6 address 6 : 6 : 6 : 6 : 6 : 6 : 6 : 6 port *; + max - transfer - time - out 45; + max - transfer - idle - out 55; + min - roots 3; + lame - ttl 477; + max - ncache - ttl 333; + max - cache - ttl 777; + transfer - format many - answers; + max - retry - time 7; + min - retry - time 4; + max - refresh - time 999; + min - refresh - time 111; + + zone "view-zone.com" { + type master; + allow - update - forwarding { 10.0.0.34; }; + file "view-zone-master"; + }; + + server 5.6.7.8 { keys "viewkey"; }; + + server 10.9.8.7 { keys "non-viewkey"; }; + dialup yes; +}; + +zone "stub.demo.zone" { + type stub; // stub zones are like slave zones, + // except that only the NS records + // are transferred. + dialup yes; + file "stub.demo.zone"; + masters { + 1.2.3.4; // where to zone transfer from + 5.6.7.8 port 999; + }; + check - names warn; + allow - update { none; }; + allow - transfer { any; }; + allow - query { any; }; + + max - retry - time 10; + min - retry - time 11; + max - refresh - time 12; + min - refresh - time 13; + + max - transfer - time - in 120; // if not set, global option is used. + pubkey 257 255 1 "a useless key"; + pubkey 257 255 1 "another useless key"; +}; + +zone "." { + type hint; // used to be specified w/ "cache" + file "cache.db"; + // pubkey 257 255 1 + //"AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q=="; +}; + +managed - keys { + "." static 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/" + "KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP" + "/rick6gvEer5VcDEkLR5Q=="; +}; + +acl can_query { + !1.2.3 / 24; + any; +}; // network 1.2.3.0 mask 255.255.255.0 + // is disallowed; rest are OK +acl can_axfr { + 1.2.3.4; + can_query; +}; // host 1.2.3.4 and any host allowed + // by can_query are OK + +zone "disabled-zone.com" { + type master; + file "bar"; + + max - retry - time 100; + min - retry - time 110; + max - refresh - time 120; + min - refresh - time 130; +}; + +zone "non-default-acl.demo.zone" { + type master; + file "foo"; + allow - query { can_query; }; + allow - transfer { can_axfr; }; + allow - update { + 1.2.3.4; + 5.6.7.8; + }; + pubkey 666 665 664 "key of the beast"; + // Errors trapped by parser: + // identity or name not absolute + // 'wildcard' match type and no wildcard character in name + // + // issues: + // - certain rdatatype values (such as "key") are config file + // keywords and + // must be quoted or a syntax error will occur. + // + + update - policy { + grant root.domain.subdomain host.domain.A MX CNAME; + grant sub.root.domain.wildcard *.host.domain.A; + grant root.domain.name host.domain.a ns md mf cname soa mb mg mr + "null" wks ptr hinfo minfo mx txt rp afsdb x25 isdn rt + nsap sig "key" px gpos aaaa loc nxt srv naptr kx + cert a6 dname opt unspec uri tkey tsig; + grant foo.bar.com.self foo.bar.com.a; + }; +}; + +key sample_key { // for TSIG; supported by parser + algorithm hmac - md5; // but not yet implemented in the + secret "eW91ciBzZWNyZXQgaGVyZQ=="; // rest of the server +}; + +key key2 { + algorithm hmac - md5; + secret "ZXJlaCB0ZXJjZXMgcm91eQ=="; +}; + +acl key_acl { key sample_key; }; // a request signed with sample_key + +server 1.2.3.4 { + request - ixfr no; + provide - ixfr no; + bogus no; // if yes, we won't query or listen + // to this server + transfer - format one - answer; // set transfer format for this + // server (see the description of + // 'transfer-format' above) + // if not specified, the global option + // will be used + transfers 0; // not implemented + keys{ "sample_key" }; // for TSIG; supported by the parser + // but not yet implemented in the + // rest of the server +#Now called 'request-ixfr' +#support - ixfr yes; // for IXFR supported by server + // if yes, the listed server talks IXFR +}; + +logging { + /* + * All log output goes to one or more "channels"; you can make as + * many of them as you want. + */ + + channel syslog_errors { // this channel will send errors or + syslog user; // or worse to syslog (user facility) + severity error; + }; + + channel stderr_errors { stderr; }; + + /* + * Channels have a severity level. Messages at severity levels + * greater than or equal to the channel's level will be logged on + * the channel. In order of decreasing severity, the levels are: + * + * critical a fatal error + * error + * warning + * notice a normal, but significant event + * info an informational message + * debug 1 the least detailed debugging info + * ... + * debug 99 the most detailed debugging info + */ + + /* + * Here are the built-in channels: + * + * channel default_syslog { + * syslog daemon; + * severity info; + * }; + * + * channel default_debug { + * file "named.run"; // note: stderr is used instead + * // of "named.run" if the server + * // is started with the "-f" + * // option. + * severity dynamic; // this means log debugging + * // at whatever debugging level + * // the server is at, and don't + * // log anything if not + * // debugging. + * }; + * + * channel null { // this is the bit bucket; + * file "/dev/null"; // any logging to this channel + * // is discarded. + * }; + * + * channel default_stderr { // writes to stderr + * file ""; // this is illustrative only; + * // there's currently no way + * // of saying "stderr" in the + * // configuration language. + * // i.e. don't try this at home. + * severity info; + * }; + * + * default_stderr only works before the server daemonizes (i.e. + * during initial startup) or when it is running in foreground + * mode (-f command line option). + */ + + /* + * There are many categories, so you can send the logs + * you want to see wherever you want, without seeing logs you + * don't want. Right now the categories are + * + * default the catch-all. many things still + * aren't classified into categories, and + * they all end up here. also, if you + * don't specify any channels for a + * category, the default category is used + * instead. + * config high-level configuration file + * processing + * parser low-level configuration file processing + * queries what used to be called "query logging" + * lame-servers messages like "Lame server on ..." + * statistics + * panic if the server has to shut itself + * down due to an internal problem, it + * logs the problem here (as well as + * in the problem's native category) + * update dynamic update + * ncache negative caching + * xfer-in zone transfers we're receiving + * xfer-out zone transfers we're sending + * db all database operations + * eventlib debugging info from the event system + * (see below) + * packet dumps of packets received and sent + * (see below) + * notify the NOTIFY protocol + * cname messages like "XX points to a CNAME" + * security approved/unapproved requests + * os operating system problems + * insist consistency check failures + * maintenance periodic maintenance + * load zone loading + * response-checks messages like + * "Malformed response ..." + * "wrong ans. name ..." + * "unrelated additional info ..." + * "invalid RR type ..." + * "bad referral ..." + */ + + category parser { + syslog_errors; // you can log to as many channels + default_syslog; // as you want + }; + + category lame - servers { null; }; // don't log these at all + + channel moderate_debug { + file "foo"; // foo + severity debug 3; // level 3 debugging to file + print - time yes; // timestamp log entries + print - category yes; // print category name + print - severity yes; // print severity level + /* + * Note that debugging must have been turned on either + * on the command line or with a signal to get debugging + * output (non-debugging output will still be written to + * this channel). + */ + }; + + channel another { + file "bar" versions 99 size 10M; + severity info; + }; + + channel third { + file "bar" size 100000 versions unlimited; + severity debug; // use default debug level + }; + + /* + * If you don't want to see "zone XXXX loaded" messages but do + * want to see any problems, you could do the following. + */ + channel no_info_messages { + syslog; + severity notice; + }; + + category load { no_info_messages; }; + + /* + * You can also define category "default"; it gets used when no + * "category" statement has been given for a category. + */ + category default { + default_syslog; + moderate_debug; + }; + + /* + * If you don't define category default yourself, the default + * default category will be used. It is + * + * category default { default_syslog; default_debug; }; + */ + + /* + * If you don't define category panic yourself, the default + * panic category will be used. It is + * + * category panic { default_syslog; default_stderr; }; + */ + + /* + * Two categories, 'packet' and 'eventlib', are special. Only one + * channel may be assigned to each of them, and it must be a + * file channel. If you don't define them yourself, they default to + * + * category eventlib { default_debug; }; + * + * category packet { default_debug; }; + */ +}; + +#include "filename"; // can't do within a statement diff --git a/fuzz/isc_lex_getmastertoken.in/simple b/fuzz/isc_lex_getmastertoken.in/simple new file mode 100644 index 0000000000..105e53a3dc --- /dev/null +++ b/fuzz/isc_lex_getmastertoken.in/simple @@ -0,0 +1,6 @@ +text +to +be +processed +by +lexer diff --git a/fuzz/isc_lex_gettoken.c b/fuzz/isc_lex_gettoken.c new file mode 100644 index 0000000000..c87086bb27 --- /dev/null +++ b/fuzz/isc_lex_gettoken.c @@ -0,0 +1,55 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#include +#include + +#include +#include +#include +#include + +#include "fuzz.h" + +static isc_mem_t *mctx = NULL; +static isc_lex_t *lex = NULL; + +int +LLVMFuzzerInitialize(int *argc __attribute__((unused)), + char ***argv __attribute__((unused))) { + isc_result_t result; + + isc_mem_create(&mctx); + + result = isc_lex_create(mctx, 1024, &lex); + REQUIRE(result == ISC_R_SUCCESS); + + return (0); +} + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + isc_buffer_t buf; + isc_result_t result; + + isc_buffer_constinit(&buf, data, size); + isc_buffer_add(&buf, size); + isc_buffer_setactive(&buf, size); + + CHECK(isc_lex_openbuffer(lex, &buf)); + + do { + isc_token_t token; + result = isc_lex_gettoken(lex, 0, &token); + } while (result == ISC_R_SUCCESS); + + return (0); +} diff --git a/fuzz/isc_lex_gettoken.in/named.conf b/fuzz/isc_lex_gettoken.in/named.conf new file mode 100644 index 0000000000..f7d39fdabe --- /dev/null +++ b/fuzz/isc_lex_gettoken.in/named.conf @@ -0,0 +1,644 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* + * This is a worthless, nonrunnable example of a named.conf file that has + * every conceivable syntax element in use. We use it to test the parser. + * It could also be used as a conceptual template for users of new features. + */ + +/* + * C-style comments are OK + */ + +// So are C++-style comments + +#So are shell - style comments + +// watch out for ";" -- it's important! + +options { + additional - from - auth true; + additional - from - cache false; + + version "my version string"; + random - device "/dev/random"; + directory "/tmp"; + + port 666; + + sig - validity - interval 33; + +#Obsolete + named - xfer "/usr/libexec/named-xfer"; // _PATH_XFER + + dump - file "named_dump.db"; // _PATH_DUMPFILE + pid - file "/var/run/named.pid"; // _PATH_PIDFILE + statistics - file "named.stats"; // _PATH_STATS + memstatistics - file "named.memstats"; // _PATH_MEMSTATS + + max - cache - ttl 999; + min - cache - ttl 66; + auth - nxdomain yes; // always set AA on NXDOMAIN. + // don't set this to 'no' unless + // you know what you're doing -- older + // servers won't like it. + +#Obsolete + deallocate - on - exit no; + + dialup yes; + +#Obsolete + fake - iquery no; + + fetch - glue yes; + has - old - clients yes; + host - statistics no; + +#Obsolete + multiple - cnames no; // if yes, then a name my have more + // than one CNAME RR. This use + // is non-standard and is not + // recommended, but it is available + // because previous releases supported + // it and it was used by large sites + // for load balancing. + + notify yes; // send NOTIFY messages. You can set + // notify on a zone-by-zone + // basis in the "zone" statement + // see (below) + recursion yes; + rfc2308 - type1 no; + +#Obsolete + use - id - pool yes; + +#Obsolete + treat - cr - as - space yes; + + also - notify { 10.0.2.3; }; + + // The "forward" option is only meaningful if you've defined + // forwarders. "first" gives the normal BIND + // forwarding behavior, i.e. ask the forwarders first, and if that + // doesn't work then do the full lookup. You can also say + // "forward only;" which is what used to be specified with + // "slave" or "options forward-only". "only" will never attempt + // a full lookup; only the forwarders will be used. + forward first; + forwarders { + 1.2.3.4; + 5.6.7.8; + }; + + check - names master fail; + check - names slave warn; + check - names response ignore; + + allow - query { any; }; + allow - transfer { any; }; + allow - recursion { !any; }; + blackhole { 45 / 24; }; + keep - response - order { 46 / 24; }; + + listen - on { + 10 / 24; + 10.0.0.3; + }; + + listen - on port 53 { any; }; + + listen - on { 5.6.7.8; }; + + listen - on port 1234 { + !1.2.3.4; + 1.2.3 / 24; + }; + + listen - on - v6 { 1 : 1 : 1 : 1 : 1 : 1 : 1 : 1; }; + + listen - on - v6 port 777 { 2 : 2 : 2 : 2 : 2 : 2 : 2 : 2; }; + + query - source - v6 address 8 : 7 : 6 : 5 : 4 : 3 : 2 : 1 port *; + query - source port *address 10.0.0.54; + + lame - ttl 444; + + max - transfer - time - in 300; + max - transfer - time - out 10; + max - transfer - idle - in 100; + max - transfer - idle - out 11; + + max - retry - time 1234; + min - retry - time 1111; + max - refresh - time 888; + min - refresh - time 777; + + max - ncache - ttl 333; + min - ncache - ttl 22; + min - roots 15; + serial - queries 34; + + transfer - format one - answer; + + transfers - in 10; + transfers - per - ns 2; + transfers - out 0; + + transfer - source 10.0.0.5; + transfer - source - v6 4 : 3 : 2 : 1 : 5 : 6 : 7 : 8; + + request - ixfr yes; + provide - ixfr yes; + +#Now called 'provide-ixfr' +#maintain - ixfr - base no; // If yes, keep transaction log file for IXFR + + max - ixfr - log - size 20m; + coresize 100; + datasize 101; + files 230; + max - cache - size 1m; + stacksize 231; + heartbeat - interval 1001; + interface - interval 1002; + statistics - interval 1003; + + topology { + 10 / 8; + + !1.2.3 / 24; + + { + 1.2 / 16; + 3 / 8; + }; + }; + + sortlist { + 10 / 8; + 11 / 8; + }; + + tkey - domain "foo.com"; + tkey - dhkey "xyz" 666; + + rrset - order { + class IN type A name "foo" order random; + order cyclic; + }; +}; + +/* + * Control listeners, for "ndc". Every nameserver needs at least one. + */ +controls { + // 'inet' lines without a 'port' defaults to 'port 953' + // 'keys' must be used and the list must have at least one entry + inet *port 52 allow { any; } + keys { "key2"; }; + unix "/var/run/ndc" perm 0600 owner 0 group 0; // ignored by named. + inet 10.0.0.1 allow { + any; + key foo; + } + keys { "key4"; }; + inet 10.0.0.2 allow { none; } + keys { + "key-1"; + "key-2"; + }; + inet 10.0.0.2 allow { none; }; +}; + +zone "master.demo.zone" { + type master; // what used to be called "primary" + database "somedb -option1 -option2 arg1 arg2 arg3"; + file "master.demo.zone"; + check - names fail; + allow - update { none; }; + allow - update - forwarding { + 10.0.0.5; + !any; + }; + allow - transfer { any; }; + allow - query { any; }; + sig - validity - interval 990; + notify explicit; + also - notify { + 1.0.0.1; + }; // don't notify any nameservers other + // than those on the NS list for this + // zone + forward first; + forwarders { + 10.0.0.3; + 1 : 2 : 3 : 4 : 5 : 6 : 7 : 8; + }; +}; + +zone "slave.demo.zone" { + type slave; // what used to be called "secondary" + file "slave.demo.zone"; + ixfr - base "slave.demo.zone.ixfr"; // File name for IXFR transaction + // log file + masters { + 1.2.3.4 port 10 key "foo"; // where to zone transfer from + 5.6.7.8; + 6.7.8.9 key "zippo"; + }; + transfer - source 10.0.0.53; // fixes multihoming problems + check - names warn; + allow - update { none; }; + allow - transfer { any; }; + allow - update - forwarding { any; }; + allow - query { any; }; + max - transfer - time - in 120; // if not set, global option is used. + max - transfer - time - out 1; // if not set, global option is used. + max - transfer - idle - in 2; // if not set, global option is used. + max - transfer - idle - out 3; // if not set, global option is used. + also - notify { 1.0.0.2; }; + forward only; + forwarders { + 10.45.45.45; + 10.0.0.3; + 1 : 2 : 3 : 4 : 5 : 6 : 7 : 8; + }; +}; + +key "non-viewkey" { + secret "YWFh"; + algorithm "zzz"; +}; + +view "test-view" in { + key "viewkey" { + algorithm "xxx"; + secret "eXl5"; + }; + also - notify { 10.2.2.3; }; + managed - keys { foo.com.static 4 3 2 "abdefghijklmnopqrstuvwxyz"; }; + sig - validity - interval 45; + max - cache - size 100000; + allow - query { 10.0.0.30; }; + additional - from - cache false; + additional - from - auth no; + match - clients { 10.0.0.1; }; + check - names master warn; + check - names slave ignore; + check - names response fail; + auth - nxdomain false; + recursion true; + provide - ixfr false; + request - ixfr true; + fetch - glue true; + notify false; + rfc2308 - type1 false; + transfer - source 10.0.0.55; + transfer - source - v6 4 : 3 : 8 : 1 : 5 : 6 : 7 : 8; + query - source port *address 10.0.0.54; + query - source - v6 address 6 : 6 : 6 : 6 : 6 : 6 : 6 : 6 port *; + max - transfer - time - out 45; + max - transfer - idle - out 55; + min - roots 3; + lame - ttl 477; + max - ncache - ttl 333; + max - cache - ttl 777; + transfer - format many - answers; + max - retry - time 7; + min - retry - time 4; + max - refresh - time 999; + min - refresh - time 111; + + zone "view-zone.com" { + type master; + allow - update - forwarding { 10.0.0.34; }; + file "view-zone-master"; + }; + + server 5.6.7.8 { keys "viewkey"; }; + + server 10.9.8.7 { keys "non-viewkey"; }; + dialup yes; +}; + +zone "stub.demo.zone" { + type stub; // stub zones are like slave zones, + // except that only the NS records + // are transferred. + dialup yes; + file "stub.demo.zone"; + masters { + 1.2.3.4; // where to zone transfer from + 5.6.7.8 port 999; + }; + check - names warn; + allow - update { none; }; + allow - transfer { any; }; + allow - query { any; }; + + max - retry - time 10; + min - retry - time 11; + max - refresh - time 12; + min - refresh - time 13; + + max - transfer - time - in 120; // if not set, global option is used. + pubkey 257 255 1 "a useless key"; + pubkey 257 255 1 "another useless key"; +}; + +zone "." { + type hint; // used to be specified w/ "cache" + file "cache.db"; + // pubkey 257 255 1 + //"AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q=="; +}; + +managed - keys { + "." static 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/" + "KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP" + "/rick6gvEer5VcDEkLR5Q=="; +}; + +acl can_query { + !1.2.3 / 24; + any; +}; // network 1.2.3.0 mask 255.255.255.0 + // is disallowed; rest are OK +acl can_axfr { + 1.2.3.4; + can_query; +}; // host 1.2.3.4 and any host allowed + // by can_query are OK + +zone "disabled-zone.com" { + type master; + file "bar"; + + max - retry - time 100; + min - retry - time 110; + max - refresh - time 120; + min - refresh - time 130; +}; + +zone "non-default-acl.demo.zone" { + type master; + file "foo"; + allow - query { can_query; }; + allow - transfer { can_axfr; }; + allow - update { + 1.2.3.4; + 5.6.7.8; + }; + pubkey 666 665 664 "key of the beast"; + // Errors trapped by parser: + // identity or name not absolute + // 'wildcard' match type and no wildcard character in name + // + // issues: + // - certain rdatatype values (such as "key") are config file + // keywords and + // must be quoted or a syntax error will occur. + // + + update - policy { + grant root.domain.subdomain host.domain.A MX CNAME; + grant sub.root.domain.wildcard *.host.domain.A; + grant root.domain.name host.domain.a ns md mf cname soa mb mg mr + "null" wks ptr hinfo minfo mx txt rp afsdb x25 isdn rt + nsap sig "key" px gpos aaaa loc nxt srv naptr kx + cert a6 dname opt unspec uri tkey tsig; + grant foo.bar.com.self foo.bar.com.a; + }; +}; + +key sample_key { // for TSIG; supported by parser + algorithm hmac - md5; // but not yet implemented in the + secret "eW91ciBzZWNyZXQgaGVyZQ=="; // rest of the server +}; + +key key2 { + algorithm hmac - md5; + secret "ZXJlaCB0ZXJjZXMgcm91eQ=="; +}; + +acl key_acl { key sample_key; }; // a request signed with sample_key + +server 1.2.3.4 { + request - ixfr no; + provide - ixfr no; + bogus no; // if yes, we won't query or listen + // to this server + transfer - format one - answer; // set transfer format for this + // server (see the description of + // 'transfer-format' above) + // if not specified, the global option + // will be used + transfers 0; // not implemented + keys{ "sample_key" }; // for TSIG; supported by the parser + // but not yet implemented in the + // rest of the server +#Now called 'request-ixfr' +#support - ixfr yes; // for IXFR supported by server + // if yes, the listed server talks IXFR +}; + +logging { + /* + * All log output goes to one or more "channels"; you can make as + * many of them as you want. + */ + + channel syslog_errors { // this channel will send errors or + syslog user; // or worse to syslog (user facility) + severity error; + }; + + channel stderr_errors { stderr; }; + + /* + * Channels have a severity level. Messages at severity levels + * greater than or equal to the channel's level will be logged on + * the channel. In order of decreasing severity, the levels are: + * + * critical a fatal error + * error + * warning + * notice a normal, but significant event + * info an informational message + * debug 1 the least detailed debugging info + * ... + * debug 99 the most detailed debugging info + */ + + /* + * Here are the built-in channels: + * + * channel default_syslog { + * syslog daemon; + * severity info; + * }; + * + * channel default_debug { + * file "named.run"; // note: stderr is used instead + * // of "named.run" if the server + * // is started with the "-f" + * // option. + * severity dynamic; // this means log debugging + * // at whatever debugging level + * // the server is at, and don't + * // log anything if not + * // debugging. + * }; + * + * channel null { // this is the bit bucket; + * file "/dev/null"; // any logging to this channel + * // is discarded. + * }; + * + * channel default_stderr { // writes to stderr + * file ""; // this is illustrative only; + * // there's currently no way + * // of saying "stderr" in the + * // configuration language. + * // i.e. don't try this at home. + * severity info; + * }; + * + * default_stderr only works before the server daemonizes (i.e. + * during initial startup) or when it is running in foreground + * mode (-f command line option). + */ + + /* + * There are many categories, so you can send the logs + * you want to see wherever you want, without seeing logs you + * don't want. Right now the categories are + * + * default the catch-all. many things still + * aren't classified into categories, and + * they all end up here. also, if you + * don't specify any channels for a + * category, the default category is used + * instead. + * config high-level configuration file + * processing + * parser low-level configuration file processing + * queries what used to be called "query logging" + * lame-servers messages like "Lame server on ..." + * statistics + * panic if the server has to shut itself + * down due to an internal problem, it + * logs the problem here (as well as + * in the problem's native category) + * update dynamic update + * ncache negative caching + * xfer-in zone transfers we're receiving + * xfer-out zone transfers we're sending + * db all database operations + * eventlib debugging info from the event system + * (see below) + * packet dumps of packets received and sent + * (see below) + * notify the NOTIFY protocol + * cname messages like "XX points to a CNAME" + * security approved/unapproved requests + * os operating system problems + * insist consistency check failures + * maintenance periodic maintenance + * load zone loading + * response-checks messages like + * "Malformed response ..." + * "wrong ans. name ..." + * "unrelated additional info ..." + * "invalid RR type ..." + * "bad referral ..." + */ + + category parser { + syslog_errors; // you can log to as many channels + default_syslog; // as you want + }; + + category lame - servers { null; }; // don't log these at all + + channel moderate_debug { + file "foo"; // foo + severity debug 3; // level 3 debugging to file + print - time yes; // timestamp log entries + print - category yes; // print category name + print - severity yes; // print severity level + /* + * Note that debugging must have been turned on either + * on the command line or with a signal to get debugging + * output (non-debugging output will still be written to + * this channel). + */ + }; + + channel another { + file "bar" versions 99 size 10M; + severity info; + }; + + channel third { + file "bar" size 100000 versions unlimited; + severity debug; // use default debug level + }; + + /* + * If you don't want to see "zone XXXX loaded" messages but do + * want to see any problems, you could do the following. + */ + channel no_info_messages { + syslog; + severity notice; + }; + + category load { no_info_messages; }; + + /* + * You can also define category "default"; it gets used when no + * "category" statement has been given for a category. + */ + category default { + default_syslog; + moderate_debug; + }; + + /* + * If you don't define category default yourself, the default + * default category will be used. It is + * + * category default { default_syslog; default_debug; }; + */ + + /* + * If you don't define category panic yourself, the default + * panic category will be used. It is + * + * category panic { default_syslog; default_stderr; }; + */ + + /* + * Two categories, 'packet' and 'eventlib', are special. Only one + * channel may be assigned to each of them, and it must be a + * file channel. If you don't define them yourself, they default to + * + * category eventlib { default_debug; }; + * + * category packet { default_debug; }; + */ +}; + +#include "filename"; // can't do within a statement diff --git a/fuzz/isc_lex_gettoken.in/simple b/fuzz/isc_lex_gettoken.in/simple new file mode 100644 index 0000000000..105e53a3dc --- /dev/null +++ b/fuzz/isc_lex_gettoken.in/simple @@ -0,0 +1,6 @@ +text +to +be +processed +by +lexer diff --git a/fuzz/libfuzzer.sh b/fuzz/libfuzzer.sh new file mode 100755 index 0000000000..e925480e55 --- /dev/null +++ b/fuzz/libfuzzer.sh @@ -0,0 +1,12 @@ +#!/bin/sh -ex +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +exec "${2}" "${1}/$(basename "${2}").in" -max_total_time=5 -print_pcs=1 -print_final_stats=1 -print_corpus_stats=1 -print_coverage=1 diff --git a/fuzz/main.c b/fuzz/main.c index 607c830b96..d1ae9492df 100644 --- a/fuzz/main.c +++ b/fuzz/main.c @@ -93,6 +93,8 @@ main(int argc, char **argv) { char corpusdir[PATH_MAX]; const char *target = strrchr(argv[0], '/'); + (void)LLVMFuzzerInitialize(&argc, &argv); + UNUSED(argc); UNUSED(argv); @@ -115,8 +117,7 @@ main(int argc, char **argv) { int ret; unsigned char buf[64 * 1024]; - UNUSED(argc); - UNUSED(argv); + (void)LLVMFuzzerInitialize(&argc, &argv); #ifdef __AFL_LOOP while (__AFL_LOOP(10000)) { /* only works with afl-clang-fast */ diff --git a/util/copyrights b/util/copyrights index 7b80b03a7f..00608021d9 100644 --- a/util/copyrights +++ b/util/copyrights @@ -1236,9 +1236,13 @@ ./docutil/patch-db2latex-duplicate-template-bug X 2007,2018,2019,2020 ./docutil/patch-db2latex-nested-param-bug X 2007,2018,2019,2020 ./docutil/patch-db2latex-xsltproc-title-bug X 2007,2018,2019,2020 +./fuzz/afl.sh SH 2020 ./fuzz/dns_name_fromtext_target.c C 2018,2019,2020 ./fuzz/dns_rdata_fromwire_text.c C 2019,2020 ./fuzz/fuzz.h C 2018,2019,2020 +./fuzz/isc_lex_getmastertoken.c C 2020 +./fuzz/isc_lex_gettoken.c C 2020 +./fuzz/libfuzzer.sh SH 2020 ./fuzz/main.c C 2018,2019,2020 ./lib/bind9/api X 2001,2006,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020 ./lib/bind9/check.c C 2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020