mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 18:19:42 +00:00
Code Issues Releases Wiki Activity

Don't cleanup the dns_message_checksig fuzzer in atexit handler

Browse Source 
After the dns_badcache refactoring, the dns_badcache_destroy() would
call call_rcu().  The dns_message_checksig cleanup which calls
dns_view_detach() happens in the atexit handler, so there might be
call_rcu threads started very late in the process.  The liburcu
registers library destructor that destroys the data structured internal
to liburcu and this clashes with the call_rcu thread that just got
started in the atexit() handler causing either (depending on timing):

 - a normal run
 - a straight segfault
 - an assertion failure from liburcu

Instead of trying to cleanup the dns_message_checksig unit, ignore the
leaked memory as we do with all the other fuzzing tests.
This commit is contained in:
Ondřej Surý 2023-06-22 15:43:04 +02:00
parent b570750382
commit 1e3b6d2d83
No known key found for this signature in database
GPG Key ID: 2820F37E873DEA41
1 changed files with 0 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
fuzz/dns_message_checksig.c
View File

@ -126,57 +126,6 @@ sig0key. 0 IN KEY 512 3 8 AwEAAa22lgHi1vAbQvu5ETdTrm2H8rwga9tvyMa6LFiSDyevLvSv0U
static bool destroy_dst = false; static bool destroy_dst = false;
static void
cleanup(void) {
char pathbuf[PATH_MAX];
char *pwd = getcwd(pathbuf, sizeof(pathbuf));
if (view != NULL) {
dns_view_detach(&view);
}
if (tsigkey != NULL) {
dns_tsigkey_detach(&tsigkey);
}
if (ring != NULL) {
dns_tsigkeyring_detach(&ring);
}
if (emptyring != NULL) {
dns_tsigkeyring_detach(&emptyring);
}
if (destroy_dst) {
dst_lib_destroy();
}
if (mctx != NULL) {
isc_mem_detach(&mctx);
}
if (wd != NULL && chdir(wd) == 0) {
if (remove(f1) != 0) {
fprintf(stderr, "remove(%s) failed\n", f1);
}
if (remove(f2) != 0) {
fprintf(stderr, "remove(%s) failed\n", f2);
}
if (remove(f3) != 0) {
fprintf(stderr, "remove(%s) failed\n", f3);
}
/*
* Restore working directory if possible before cleaning
* up the key directory. This will help with any other
* cleanup routines as the directory should not be in use
* when rmdir() is called.
*/
if (pwd != NULL && chdir(pwd) != 0) {
fprintf(stderr, "can't restore working directory: %s\n",
pwd);
}
if (rmdir(wd) != 0) {
fprintf(stderr, "rmdir(%s) failed\n", wd);
}
} else {
fprintf(stderr, "cleanup of %s failed\n", wd ? wd : "(null)");
}
}
int int
LLVMFuzzerInitialize(int *argc ISC_ATTR_UNUSED, char ***argv ISC_ATTR_UNUSED) { LLVMFuzzerInitialize(int *argc ISC_ATTR_UNUSED, char ***argv ISC_ATTR_UNUSED) {
isc_result_t result; isc_result_t result;
@ -189,8 +138,6 @@ LLVMFuzzerInitialize(int *argc ISC_ATTR_UNUSED, char ***argv ISC_ATTR_UNUSED) {
char pathbuf[PATH_MAX]; char pathbuf[PATH_MAX];
FILE *fd; FILE *fd;
atexit(cleanup);
wd = mkdtemp(template); wd = mkdtemp(template);
if (wd == NULL) { if (wd == NULL) {
fprintf(stderr, "mkdtemp failed\n"); fprintf(stderr, "mkdtemp failed\n");