/src/unbound/fuzz_4.c

Source
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

/*
 * unbound-fuzzme.c - parse a packet provided on stdin (for fuzzing).
 *
 */
#include "config.h"
#include "util/regional.h"
#include "util/module.h"
#include "util/config_file.h"
#include "iterator/iterator.h"
#include "iterator/iter_priv.h"
#include "iterator/iter_scrub.h"
#include "util/log.h"
#include "util/netevent.h"
#include "util/alloc.h"
#include "sldns/sbuffer.h"
#include "services/cache/rrset.h"

int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t nr) {
  log_init("/tmp/foo", 0, NULL);
  struct regional* reg;

  struct sldns_buffer *pkt = sldns_buffer_new(1);
  sldns_buffer_new_frm_data(pkt, buf, nr);

  reg = regional_create();

  struct msg_parse msg;
  struct edns_data edns;
  memset(&msg, 0, sizeof(struct msg_parse));
  memset(&edns, 0, sizeof(edns));

  struct query_info qinfo_out;
  memset(&qinfo_out, 0, sizeof(struct query_info));
  qinfo_out.qname = (unsigned char *) "\03nic\02de";
  uint8_t *peter = (unsigned char *) "\02de";   // zonename  
  struct module_env env;
  memset(&env, 0, sizeof(struct module_env));
  struct config_file cfg;
  memset(&cfg, 0, sizeof(struct config_file));

  cfg.harden_glue = 0;    // crashes now, want to remove that later
  env.cfg = &cfg;
  cfg.rrset_cache_slabs = HASH_DEFAULT_SLABS;
  cfg.rrset_cache_size = HASH_DEFAULT_MAXMEM;

  struct comm_base* base = comm_base_create(0);
  comm_base_timept(base, &env.now, &env.now_tv);

  env.alloc = malloc(sizeof(struct alloc_cache));
  alloc_init(env.alloc, NULL, 0);

  env.rrset_cache = rrset_cache_create(env.cfg, env.alloc);
  

  struct iter_env ie;
  memset(&ie, 0, sizeof(struct iter_env));

  struct iter_priv priv;
  memset(&priv, 0, sizeof(struct iter_priv));
  ie.priv = &priv;


  if (parse_packet(pkt, &msg, reg) != LDNS_RCODE_NOERROR) {    
    goto out;
  }
  if (parse_extract_edns_from_response_msg(&msg, &edns, reg) != LDNS_RCODE_NOERROR) {
    goto out;
  }


  scrub_message(pkt, &msg, &qinfo_out, peter, reg, &env, &ie);   

out:
  rrset_cache_delete(env.rrset_cache);
  alloc_clear(env.alloc);
  free(env.alloc);
  comm_base_delete(base);
  regional_destroy(reg);
  sldns_buffer_free(pkt);
  return 0;
}

Line	Count	Source
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12
13		/*
14		* unbound-fuzzme.c - parse a packet provided on stdin (for fuzzing).
15		*
16		*/
17		#include "config.h"
18		#include "util/regional.h"
19		#include "util/module.h"
20		#include "util/config_file.h"
21		#include "iterator/iterator.h"
22		#include "iterator/iter_priv.h"
23		#include "iterator/iter_scrub.h"
24		#include "util/log.h"
25		#include "util/netevent.h"
26		#include "util/alloc.h"
27		#include "sldns/sbuffer.h"
28		#include "services/cache/rrset.h"
29
30	4.66k	int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t nr) {
31	4.66k	log_init("/tmp/foo", 0, NULL);
32	4.66k	struct regional* reg;
33
34	4.66k	struct sldns_buffer *pkt = sldns_buffer_new(1);
35	4.66k	sldns_buffer_new_frm_data(pkt, buf, nr);
36
37	4.66k	reg = regional_create();
38
39	4.66k	struct msg_parse msg;
40	4.66k	struct edns_data edns;
41	4.66k	memset(&msg, 0, sizeof(struct msg_parse));
42	4.66k	memset(&edns, 0, sizeof(edns));
43
44	4.66k	struct query_info qinfo_out;
45	4.66k	memset(&qinfo_out, 0, sizeof(struct query_info));
46	4.66k	qinfo_out.qname = (unsigned char *) "\03nic\02de";
47	4.66k	uint8_t peter = (unsigned char ) "\02de"; // zonename
48	4.66k	struct module_env env;
49	4.66k	memset(&env, 0, sizeof(struct module_env));
50	4.66k	struct config_file cfg;
51	4.66k	memset(&cfg, 0, sizeof(struct config_file));
52
53	4.66k	cfg.harden_glue = 0; // crashes now, want to remove that later
54	4.66k	env.cfg = &cfg;
55	4.66k	cfg.rrset_cache_slabs = HASH_DEFAULT_SLABS;
56	4.66k	cfg.rrset_cache_size = HASH_DEFAULT_MAXMEM;
57
58	4.66k	struct comm_base* base = comm_base_create(0);
59	4.66k	comm_base_timept(base, &env.now, &env.now_tv);
60
61	4.66k	env.alloc = malloc(sizeof(struct alloc_cache));
62	4.66k	alloc_init(env.alloc, NULL, 0);
63
64	4.66k	env.rrset_cache = rrset_cache_create(env.cfg, env.alloc);
65
66
67	4.66k	struct iter_env ie;
68	4.66k	memset(&ie, 0, sizeof(struct iter_env));
69
70	4.66k	struct iter_priv priv;
71	4.66k	memset(&priv, 0, sizeof(struct iter_priv));
72	4.66k	ie.priv = &priv;
73
74
75	4.66k	if (parse_packet(pkt, &msg, reg) != LDNS_RCODE_NOERROR) {
76	2.61k	goto out;
77	2.61k	}
78	2.05k	if (parse_extract_edns_from_response_msg(&msg, &edns, reg) != LDNS_RCODE_NOERROR) {
79	5	goto out;
80	5	}
81
82
83	2.04k	scrub_message(pkt, &msg, &qinfo_out, peter, reg, &env, &ie);
84
85	4.66k	out:
86	4.66k	rrset_cache_delete(env.rrset_cache);
87	4.66k	alloc_clear(env.alloc);
88	4.66k	free(env.alloc);
89	4.66k	comm_base_delete(base);
90	4.66k	regional_destroy(reg);
91	4.66k	sldns_buffer_free(pkt);
92	4.66k	return 0;
93	2.04k	}

Coverage Report

Created: 2023-06-07 06:25