diff --git a/fuzz/.gitignore b/fuzz/.gitignore index 5148e33eac..8edb50ea2f 100644 --- a/fuzz/.gitignore +++ b/fuzz/.gitignore @@ -1,3 +1,4 @@ /*.dSYM/ dns_name_fromtext_target +dns_rdata_fromwire_text /*.out/ diff --git a/fuzz/Makefile.in b/fuzz/Makefile.in index 6757f17910..84ad6c1ebf 100644 --- a/fuzz/Makefile.in +++ b/fuzz/Makefile.in @@ -17,10 +17,11 @@ DNSDEPLIBS = ../lib/dns/libdns.@A@ LIBS = @LIBS@ OBJS = main.@O@ -SRCS = main.c dns_name_fromtext_target.c +SRCS = main.c dns_name_fromtext_target.c dns_rdata_fromwire_text.c SUBDIRS = -TARGETS = dns_name_fromtext_target@EXEEXT@ +TARGETS = dns_name_fromtext_target@EXEEXT@ \ + dns_rdata_fromwire_text@EXEEXT@ @BIND9_MAKE_RULES@ @@ -28,6 +29,10 @@ dns_name_fromtext_target@EXEEXT@: dns_name_fromtext_target.@O@ main.@O@ ${ISCDEP ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \ dns_name_fromtext_target.@O@ main.@O@ ${DNSLIBS} ${ISCLIBS} ${LIBS} +dns_rdata_fromwire_text@EXEEXT@: dns_rdata_fromwire_text.@O@ main.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \ + dns_rdata_fromwire_text.@O@ main.@O@ ${DNSLIBS} ${ISCLIBS} ${LIBS} + check: ${TARGETS} for fuzzer in ${TARGETS}; do \ ./$${fuzzer} ; \ diff --git a/fuzz/dns_rdata_fromwire_text.c b/fuzz/dns_rdata_fromwire_text.c new file mode 100644 index 0000000000..628c71ed27 --- /dev/null +++ b/fuzz/dns_rdata_fromwire_text.c @@ -0,0 +1,195 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +#define CHECK(x) ({ if ((result = (x)) != ISC_R_SUCCESS) goto done; }) + +/* + * Fuzz input to dns_rdata_fromwire(). Then convert the result + * to text, back to wire format, to multiline text, and back to wire + * format again, checking for consistency throughout the sequence. + */ + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +static void +nullmsg(dns_rdatacallbacks_t *cb, const char *fmt, ...) { + va_list ap; + + UNUSED(cb); + UNUSED(fmt); + UNUSED(ap); +} + +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + char totext[1024]; + dns_compress_t cctx; + dns_decompress_t dctx; + dns_rdatatype_t rdtype; + dns_rdataclass_t rdclass; + dns_rdatatype_t typelist[256] = { 1000 }; /* unknown */ + dns_rdataclass_t classlist[] = { dns_rdataclass_in, + dns_rdataclass_hs, + dns_rdataclass_ch, + dns_rdataclass_any, + 60 }; + dns_rdata_t rdata1 = DNS_RDATA_INIT, + rdata2 = DNS_RDATA_INIT, + rdata3 = DNS_RDATA_INIT; + dns_rdatacallbacks_t callbacks; + isc_buffer_t source, target; + isc_lex_t *lex = NULL; + isc_lexspecials_t specials; + isc_mem_t *mctx = NULL; + isc_result_t result; + unsigned char fromtext[1024]; + unsigned char fromwire[1024]; + unsigned char towire[1024]; + unsigned int classes = (sizeof(classlist)/sizeof(classlist[0])); + unsigned int types = 1, flags, t; + + if (size < 2) { + goto done; + } + + /* + * Append known types to list. + */ + for (t = 1; t <= 0x10000; t++) { + char typebuf[256]; + if (dns_rdatatype_ismeta(t)) { + continue; + } + dns_rdatatype_format(t, typebuf, sizeof(typebuf)); + if (strncmp(typebuf, "TYPE", 4) != 0) { + /* Assert when we need to grow typelist. */ + assert(types < sizeof(typelist)/sizeof(typelist[0])); + typelist[types++] = t; + } + } + + /* + * Random type and class from a limited set. + */ + rdtype = typelist[(*data++) % types]; size--; + rdclass = classlist[(*data++) % classes]; size--; + + CHECK(isc_mem_create(0, 0, &mctx)); + + CHECK(isc_lex_create(mctx, 64, &lex)); + memset(specials, 0, sizeof(specials)); + specials[0] = 1; + specials['('] = 1; + specials[')'] = 1; + specials['"'] = 1; + isc_lex_setspecials(lex, specials); + isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE); + + dns_rdatacallbacks_init(&callbacks); + callbacks.warn = callbacks.error = nullmsg; + + dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_ANY); + + isc_buffer_constinit(&source, data, size); + isc_buffer_add(&source, size); + isc_buffer_setactive(&source, size); + + isc_buffer_init(&target, fromwire, sizeof(fromwire)); + + /* + * Reject invalid rdata. + */ + CHECK(dns_rdata_fromwire(&rdata1, rdclass, rdtype, &source, &dctx, + 0, &target)); + + /* + * Convert to text from wire. + */ + isc_buffer_init(&target, totext, sizeof(totext)); + result = dns_rdata_totext(&rdata1, NULL, &target); + assert(result == ISC_R_SUCCESS); + + /* + * Convert to wire from text. + */ + isc_buffer_constinit(&source, totext, isc_buffer_usedlength(&target)); + isc_buffer_add(&source, isc_buffer_usedlength(&target)); + CHECK(isc_lex_openbuffer(lex, &source)); + + isc_buffer_init(&target, fromtext, sizeof(fromtext)); + result = dns_rdata_fromtext(&rdata2, rdclass, rdtype, lex, + dns_rootname, 0, mctx, &target, + &callbacks); + assert(result == ISC_R_SUCCESS); + assert(rdata2.length == size); + assert(!memcmp(rdata2.data, data, size)); + + /* + * Convert to multi-line text from wire. + */ + isc_buffer_init(&target, totext, sizeof(totext)); + flags = dns_master_styleflags(&dns_master_style_default); + result = dns_rdata_tofmttext(&rdata1, dns_rootname, flags, + 80 - 32, 4, "\n", &target); + assert(result == ISC_R_SUCCESS); + + /* + * Convert to wire from text. + */ + isc_buffer_constinit(&source, totext, isc_buffer_usedlength(&target)); + isc_buffer_add(&source, isc_buffer_usedlength(&target)); + CHECK(isc_lex_openbuffer(lex, &source)); + + isc_buffer_init(&target, fromtext, sizeof(fromtext)); + result = dns_rdata_fromtext(&rdata3, rdclass, rdtype, lex, + dns_rootname, 0, mctx, &target, + &callbacks); + assert(result == ISC_R_SUCCESS); + assert(rdata3.length == size); + assert(!memcmp(rdata3.data, data, size)); + + /* + * Convert rdata back to wire. + */ + CHECK(dns_compress_init(&cctx, -1, mctx)); + dns_compress_setsensitive(&cctx, true); + isc_buffer_init(&target, towire, sizeof(towire)); + result = dns_rdata_towire(&rdata1, &cctx, &target); + dns_compress_invalidate(&cctx); + assert(result == ISC_R_SUCCESS); + assert(target.used == size); + assert(!memcmp(target.base, data, size)); + + done: + if (lex != NULL) { + isc_lex_destroy(&lex); + } + if (lex != NULL) { + isc_mem_detach(&mctx); + } + return (0); +} diff --git a/fuzz/dns_rdata_fromwire_text.in/cdnskey b/fuzz/dns_rdata_fromwire_text.in/cdnskey new file mode 100644 index 0000000000..9eb47d5691 Binary files /dev/null and b/fuzz/dns_rdata_fromwire_text.in/cdnskey differ diff --git a/fuzz/dns_rdata_fromwire_text.in/smimea b/fuzz/dns_rdata_fromwire_text.in/smimea new file mode 100644 index 0000000000..528472da19 --- /dev/null +++ b/fuzz/dns_rdata_fromwire_text.in/smimea @@ -0,0 +1 @@ +…-Ņeœ< \ No newline at end of file diff --git a/fuzz/dns_rdata_fromwire_text.in/sshfp b/fuzz/dns_rdata_fromwire_text.in/sshfp new file mode 100644 index 0000000000..b3007cdb0f --- /dev/null +++ b/fuzz/dns_rdata_fromwire_text.in/sshfp @@ -0,0 +1 @@ +|‡°|8 \ No newline at end of file diff --git a/util/copyrights b/util/copyrights index 0744c9006b..f1e450d300 100644 --- a/util/copyrights +++ b/util/copyrights @@ -1578,6 +1578,7 @@ ./docutil/patch-db2latex-nested-param-bug X 2007,2018,2019 ./docutil/patch-db2latex-xsltproc-title-bug X 2007,2018,2019 ./fuzz/dns_name_fromtext_target.c C 2018,2019 +./fuzz/dns_rdata_fromwire_text.c C 2019 ./fuzz/fuzz.h C 2018,2019 ./fuzz/main.c C 2018,2019 ./install-sh X 1998,1999,2000,2001,2018,2019