/src/unbound/fuzz_4.c

Source
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

/*
 * unbound-fuzzme.c - parse a packet provided on stdin (for fuzzing).
 *
 */
#include "config.h"
#include "util/regional.h"
#include "util/module.h"
#include "util/config_file.h"
#include "iterator/iterator.h"
#include "iterator/iter_priv.h"
#include "iterator/iter_scrub.h"
#include "util/log.h"
#include "util/netevent.h"
#include "util/alloc.h"
#include "sldns/sbuffer.h"
#include "services/cache/rrset.h"

int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t nr) {
  log_init("/tmp/foo", 0, NULL);
  struct regional* reg;

  struct sldns_buffer *pkt = sldns_buffer_new(1);
  sldns_buffer_new_frm_data(pkt, buf, nr);

  reg = regional_create();

  struct msg_parse msg;
  struct edns_data edns;
  memset(&msg, 0, sizeof(struct msg_parse));
  memset(&edns, 0, sizeof(edns));

  struct query_info qinfo_out;
  memset(&qinfo_out, 0, sizeof(struct query_info));
  qinfo_out.qname = (unsigned char *) "\03nic\02de";
  uint8_t *peter = (unsigned char *) "\02de";   // zonename  
  struct module_env env;
  memset(&env, 0, sizeof(struct module_env));
  struct config_file cfg;
  memset(&cfg, 0, sizeof(struct config_file));

  cfg.harden_glue = 0;    // crashes now, want to remove that later
  env.cfg = &cfg;
  cfg.rrset_cache_slabs = HASH_DEFAULT_SLABS;
  cfg.rrset_cache_size = HASH_DEFAULT_MAXMEM;

  struct comm_base* base = comm_base_create(0);
  comm_base_timept(base, &env.now, &env.now_tv);

  env.alloc = malloc(sizeof(struct alloc_cache));
  alloc_init(env.alloc, NULL, 0);

  env.rrset_cache = rrset_cache_create(env.cfg, env.alloc);
  

  struct iter_env ie;
  memset(&ie, 0, sizeof(struct iter_env));

  struct iter_priv priv;
  memset(&priv, 0, sizeof(struct iter_priv));
  ie.priv = &priv;

  struct module_qstate qstate;
  memset(&qstate, 0, sizeof(struct module_qstate));
  qstate.env = &env;
  qstate.region = reg;

  if (parse_packet(pkt, &msg, reg) != LDNS_RCODE_NOERROR) {    
    goto out;
  }
  if (parse_extract_edns_from_response_msg(&msg, &edns, reg) != LDNS_RCODE_NOERROR) {
    goto out;
  }


  scrub_message(pkt, &msg, &qinfo_out, peter, reg, &env, &qstate, &ie);

out:
  rrset_cache_delete(env.rrset_cache);
  alloc_clear(env.alloc);
  free(env.alloc);
  comm_base_delete(base);
  regional_destroy(reg);
  sldns_buffer_free(pkt);
  return 0;
}

Line	Count	Source
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12
13		/*
14		* unbound-fuzzme.c - parse a packet provided on stdin (for fuzzing).
15		*
16		*/
17		#include "config.h"
18		#include "util/regional.h"
19		#include "util/module.h"
20		#include "util/config_file.h"
21		#include "iterator/iterator.h"
22		#include "iterator/iter_priv.h"
23		#include "iterator/iter_scrub.h"
24		#include "util/log.h"
25		#include "util/netevent.h"
26		#include "util/alloc.h"
27		#include "sldns/sbuffer.h"
28		#include "services/cache/rrset.h"
29
30	8.14k	int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t nr) {
31	8.14k	log_init("/tmp/foo", 0, NULL);
32	8.14k	struct regional* reg;
33
34	8.14k	struct sldns_buffer *pkt = sldns_buffer_new(1);
35	8.14k	sldns_buffer_new_frm_data(pkt, buf, nr);
36
37	8.14k	reg = regional_create();
38
39	8.14k	struct msg_parse msg;
40	8.14k	struct edns_data edns;
41	8.14k	memset(&msg, 0, sizeof(struct msg_parse));
42	8.14k	memset(&edns, 0, sizeof(edns));
43
44	8.14k	struct query_info qinfo_out;
45	8.14k	memset(&qinfo_out, 0, sizeof(struct query_info));
46	8.14k	qinfo_out.qname = (unsigned char *) "\03nic\02de";
47	8.14k	uint8_t peter = (unsigned char ) "\02de"; // zonename
48	8.14k	struct module_env env;
49	8.14k	memset(&env, 0, sizeof(struct module_env));
50	8.14k	struct config_file cfg;
51	8.14k	memset(&cfg, 0, sizeof(struct config_file));
52
53	8.14k	cfg.harden_glue = 0; // crashes now, want to remove that later
54	8.14k	env.cfg = &cfg;
55	8.14k	cfg.rrset_cache_slabs = HASH_DEFAULT_SLABS;
56	8.14k	cfg.rrset_cache_size = HASH_DEFAULT_MAXMEM;
57
58	8.14k	struct comm_base* base = comm_base_create(0);
59	8.14k	comm_base_timept(base, &env.now, &env.now_tv);
60
61	8.14k	env.alloc = malloc(sizeof(struct alloc_cache));
62	8.14k	alloc_init(env.alloc, NULL, 0);
63
64	8.14k	env.rrset_cache = rrset_cache_create(env.cfg, env.alloc);
65
66
67	8.14k	struct iter_env ie;
68	8.14k	memset(&ie, 0, sizeof(struct iter_env));
69
70	8.14k	struct iter_priv priv;
71	8.14k	memset(&priv, 0, sizeof(struct iter_priv));
72	8.14k	ie.priv = &priv;
73
74	8.14k	struct module_qstate qstate;
75	8.14k	memset(&qstate, 0, sizeof(struct module_qstate));
76	8.14k	qstate.env = &env;
77	8.14k	qstate.region = reg;
78
79	8.14k	if (parse_packet(pkt, &msg, reg) != LDNS_RCODE_NOERROR) {
80	5.00k	goto out;
81	5.00k	}
82	3.14k	if (parse_extract_edns_from_response_msg(&msg, &edns, reg) != LDNS_RCODE_NOERROR) {
83	5	goto out;
84	5	}
85
86
87	3.13k	scrub_message(pkt, &msg, &qinfo_out, peter, reg, &env, &qstate, &ie);
88
89	8.14k	out:
90	8.14k	rrset_cache_delete(env.rrset_cache);
91	8.14k	alloc_clear(env.alloc);
92	8.14k	free(env.alloc);
93	8.14k	comm_base_delete(base);
94	8.14k	regional_destroy(reg);
95	8.14k	sldns_buffer_free(pkt);
96	8.14k	return 0;
97	3.13k	}

Coverage Report

Created: 2025-07-12 06:29