diff options
| author | Robert Swiecki <robert@swiecki.net> | 2019-05-09 16:30:42 +0200 |
|---|---|---|
| committer | Robert Swiecki <robert@swiecki.net> | 2019-05-09 16:30:42 +0200 |
| commit | 4c29368414a3a2b9dd4897f558f4f8b700dd2b53 (patch) | |
| tree | 90d49b4fc6bbf6a104993f3773224d4093401bca | |
| parent | 0731ac44ff79b6022e055fad1c395797c36aecc6 (diff) | |
| download | honggfuzz-4c29368414a3a2b9dd4897f558f4f8b700dd2b53.tar.gz | |
examples/bind: patch for 9.14.1 #2
| -rw-r--r-- | examples/bind/bind-9.14.1.patch | 238 |
1 files changed, 83 insertions, 155 deletions
diff --git a/examples/bind/bind-9.14.1.patch b/examples/bind/bind-9.14.1.patch index 3ab7b218..ba09db56 100644 --- a/examples/bind/bind-9.14.1.patch +++ b/examples/bind/bind-9.14.1.patch @@ -1,28 +1,7 @@ -diff -Nur ORIG.bind-9.14.1/bin/named/fuzz.c bind-9.14.1/bin/named/fuzz.c ---- ORIG.bind-9.14.1/bin/named/fuzz.c 2019-04-06 22:09:59.000000000 +0200 -+++ bind-9.14.1/bin/named/fuzz.c 2019-05-09 16:09:56.131889311 +0200 -@@ -738,7 +738,7 @@ - */ - void - named_fuzz_notify(void) { --#ifdef ENABLE_AFL -+#if 0 - if (getenv("AFL_CMIN")) { - named_server_flushonshutdown(named_g_server, false); - isc_app_shutdown(); -@@ -758,7 +758,7 @@ - - void - named_fuzz_setup(void) { --#ifdef ENABLE_AFL -+#if 0 - if (getenv("__AFL_PERSISTENT") || getenv("AFL_CMIN")) { - pthread_t thread; - void *(fn) = NULL; diff -Nur ORIG.bind-9.14.1/bin/named/main.c bind-9.14.1/bin/named/main.c --- ORIG.bind-9.14.1/bin/named/main.c 2019-04-06 22:09:59.000000000 +0200 -+++ bind-9.14.1/bin/named/main.c 2019-05-09 16:09:56.131889311 +0200 -@@ -1347,13 +1347,262 @@ ++++ bind-9.14.1/bin/named/main.c 2019-05-09 16:26:27.615239219 +0200 +@@ -1347,11 +1347,285 @@ } #endif /* HAVE_LIBSCF */ @@ -50,7 +29,8 @@ diff -Nur ORIG.bind-9.14.1/bin/named/main.c bind-9.14.1/bin/named/main.c +#include <libhfcommon/util.h> +#include <libhfuzz/libhfuzz.h> + -+static void enter_namespaces(void) { ++static void enter_namespaces(void) ++{ + if (linuxEnterNs(CLONE_NEWUSER | CLONE_NEWNET | CLONE_NEWNS | CLONE_NEWIPC) == false) { + exit(1); + } @@ -63,12 +43,14 @@ diff -Nur ORIG.bind-9.14.1/bin/named/main.c bind-9.14.1/bin/named/main.c +} + +static size_t rlen = 0; -+static const uint8_t *rbuf = NULL; ++static const uint8_t* rbuf = NULL; + -+__attribute__((no_sanitize("memory"))) __attribute__((no_sanitize("address"))) static void * -+bind_thr(void *unused __attribute__((unused))) { ++__attribute__((no_sanitize("memory"))) ++__attribute__((no_sanitize("address"))) static void* ++bind_thr(void* unused __attribute__((unused))) ++{ + while (!named_g_run_done) { -+ usleep(10000); ++ usleep(300000); + } + + int myfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); @@ -116,9 +98,13 @@ diff -Nur ORIG.bind-9.14.1/bin/named/main.c bind-9.14.1/bin/named/main.c + close(nfd); + continue; + } ++ if (rlen < 1) { ++ close(nfd); ++ continue; ++ } + -+ /* It's a response, so set QR bit to 1 */ -+ uint8_t qr = rbuf[0] | 0x80; ++ /* It's a response, so set QR bit to 1 */ ++ uint8_t qr = rbuf[0] | 0x80; + + uint16_t t_l = htons(rlen + 2); + const struct iovec iov[] = { @@ -135,7 +121,7 @@ diff -Nur ORIG.bind-9.14.1/bin/named/main.c bind-9.14.1/bin/named/main.c + .iov_len = 1, + }, + { -+ .iov_base = (void *)&rbuf[1], ++ .iov_base = (void*)&rbuf[1], + .iov_len = rlen - 1, + }, + }; @@ -150,23 +136,25 @@ diff -Nur ORIG.bind-9.14.1/bin/named/main.c bind-9.14.1/bin/named/main.c + return NULL; +} + -+static void rndloop(int sock) { ++static void rndloop(int sock) ++{ + const struct sockaddr_in bsaddr = { + .sin_family = AF_INET, + .sin_port = htons(0), + .sin_addr.s_addr = htonl((((uint32_t)util_rnd64()) & 0x00FFFFFF) | 0x7F000000), + }; -+ if (bind(sock, (const struct sockaddr *)&bsaddr, sizeof(bsaddr)) == -1) { ++ if (bind(sock, (const struct sockaddr*)&bsaddr, sizeof(bsaddr)) == -1) { + perror("bind"); + } +} + -+__attribute__((no_sanitize("memory"))) __attribute__((no_sanitize("address"))) static void * -+connect_thr(void *unused __attribute__((unused))) { ++__attribute__((no_sanitize("memory"))) ++__attribute__((no_sanitize("address"))) static void* ++connect_thr(void* unused __attribute__((unused))) ++{ + while (!named_g_run_done) { -+ usleep(10000); ++ usleep(300000); + } -+ usleep(100000); + + for (;;) { + int myfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); @@ -191,28 +179,42 @@ diff -Nur ORIG.bind-9.14.1/bin/named/main.c bind-9.14.1/bin/named/main.c + continue; + } + -+ const uint8_t *buf; ++ const uint8_t* buf; + size_t len; -+ HF_ITER(&buf, &len); -+ -+ rlen = 0; -+ rbuf = NULL; -+ -+ if (len < 32) { -+ close(myfd); -+ continue; -+ } + -+ uint32_t tmplen = *((const uint32_t *)buf); ++ if (named_g_fuzz_type == isc_fuzz_client) { ++ HF_ITER(&buf, &len); + -+ buf = &buf[sizeof(uint32_t)]; -+ len -= sizeof(uint32_t); ++ rlen = 0; ++ rbuf = NULL; + -+ tmplen %= len; ++ if (len < 32) { ++ close(myfd); ++ continue; ++ } + -+ rbuf = &buf[tmplen]; -+ rlen = len - tmplen; -+ len = tmplen; ++ uint32_t tmplen = *((const uint32_t*)buf); ++ ++ buf = &buf[sizeof(uint32_t)]; ++ len -= sizeof(uint32_t); ++ ++ tmplen %= len; ++ ++ rbuf = &buf[tmplen]; ++ rlen = len - tmplen; ++ len = tmplen; ++ } else { ++ static const uint8_t qbuf[] = { ++ 0x88, 0x0c, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x01, 0x0a, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, ++ 0x61, 0x61, 0x61, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, ++ 0x65, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x29, 0x10, ++ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00 ++ }; ++ buf = qbuf; ++ len = sizeof(qbuf); ++ HF_ITER(&rbuf, &rlen); ++ } + + uint16_t t_l = htons(len); + const struct iovec iov[] = { @@ -221,7 +223,7 @@ diff -Nur ORIG.bind-9.14.1/bin/named/main.c bind-9.14.1/bin/named/main.c + .iov_len = sizeof(t_l), + }, + { -+ .iov_base = (void *)buf, ++ .iov_base = (void*)buf, + .iov_len = len, + }, + }; @@ -248,7 +250,8 @@ diff -Nur ORIG.bind-9.14.1/bin/named/main.c bind-9.14.1/bin/named/main.c + } +} + -+static void launch_thr(void) { ++static void launch_thr(void) ++{ + pthread_attr_t attr; + pthread_attr_init(&attr); + pthread_attr_setstacksize(&attr, 1024 * 1024 * 4); @@ -274,7 +277,8 @@ diff -Nur ORIG.bind-9.14.1/bin/named/main.c bind-9.14.1/bin/named/main.c -int -main(int argc, char *argv[]) { - isc_result_t result; -+int main(int argc, char *argv[]) { ++int main(int argc, char* argv[]) ++{ + if (!getenv("NO_FUZZ")) { + named_g_fuzz_addr = "127.0.0.1:53"; + named_g_fuzz_type = isc_fuzz_client; @@ -284,34 +288,11 @@ diff -Nur ORIG.bind-9.14.1/bin/named/main.c bind-9.14.1/bin/named/main.c + + isc_result_t result; #ifdef HAVE_LIBSCF -- char *instance = NULL; -+ char *instance = NULL; + char *instance = NULL; #endif - - #ifdef HAVE_GPERFTOOLS_PROFILER -@@ -1399,17 +1648,17 @@ - - parse_command_line(argc, argv); - --#ifdef ENABLE_AFL -+#if 0 - if (named_g_fuzz_type != isc_fuzz_none) { - named_fuzz_setup(); - } -+#endif - - if (named_g_fuzz_type == isc_fuzz_resolver) { - dns_resolver_setfuzzing(); - } else if (named_g_fuzz_type == isc_fuzz_http) { - isc_httpd_setfinishhook(named_fuzz_notify); - } --#endif - /* - * Warn about common configuration error. - */ diff -Nur ORIG.bind-9.14.1/compile.sh bind-9.14.1/compile.sh --- ORIG.bind-9.14.1/compile.sh 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.14.1/compile.sh 2019-05-09 16:10:05.455881725 +0200 ++++ bind-9.14.1/compile.sh 2019-05-09 16:27:15.139211816 +0200 @@ -0,0 +1,20 @@ +#!/bin/sh + @@ -333,46 +314,9 @@ diff -Nur ORIG.bind-9.14.1/compile.sh bind-9.14.1/compile.sh + +make clean +make -j$(nproc) -diff -Nur ORIG.bind-9.14.1/configure bind-9.14.1/configure ---- ORIG.bind-9.14.1/configure 2019-04-06 22:09:59.000000000 +0200 -+++ bind-9.14.1/configure 2019-05-09 16:09:56.135889307 +0200 -@@ -11948,33 +11948,6 @@ - ;; - esac - --if test "$enable_fuzzing" = "afl"; then : -- { $as_echo "$as_me:${as_lineno-$LINENO}: checking \"for AFL enabled compiler\"" >&5 --$as_echo_n "checking \"for AFL enabled compiler\"... " >&6; } -- cat confdefs.h - <<_ACEOF >conftest.$ac_ext --/* end confdefs.h. */ -- --int --main () --{ --#ifndef __AFL_COMPILER -- #error AFL compiler required -- #endif -- -- ; -- return 0; --} --_ACEOF --if ac_fn_c_try_compile "$LINENO"; then : -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 --$as_echo "yes" >&6; } --else -- as_fn_error $? "set CC=afl-<gcc|clang> when --enable-fuzzing=afl is used" "$LINENO" 5 --fi --rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -- --fi -- - # - # Make very sure that these are the first files processed by - # config.status, since we use the processed output as the input for diff -Nur ORIG.bind-9.14.1/lib/dns/request.c bind-9.14.1/lib/dns/request.c --- ORIG.bind-9.14.1/lib/dns/request.c 2019-04-06 22:09:59.000000000 +0200 -+++ bind-9.14.1/lib/dns/request.c 2019-05-09 16:09:56.135889307 +0200 ++++ bind-9.14.1/lib/dns/request.c 2019-05-09 16:26:27.615239219 +0200 @@ -760,7 +760,7 @@ goto cleanup; } @@ -382,38 +326,30 @@ diff -Nur ORIG.bind-9.14.1/lib/dns/request.c bind-9.14.1/lib/dns/request.c tcp = true; share = (options & DNS_REQUESTOPT_SHARE); -@@ -1042,6 +1042,8 @@ - req_render(dns_message_t *message, isc_buffer_t **bufferp, - unsigned int options, isc_mem_t *mctx) - { +@@ -1050,6 +1050,8 @@ + dns_compress_t cctx; + bool cleanup_cctx = false; + + options |= DNS_REQUESTOPT_TCP; + - isc_buffer_t *buf1 = NULL; - isc_buffer_t *buf2 = NULL; - isc_result_t result; -@@ -1100,7 +1102,7 @@ - isc_buffer_usedregion(buf1, &r); - if ((options & DNS_REQUESTOPT_TCP) != 0) { - tcp = true; -- } else if (r.length > 512) { -+ } else if (r.length >= 0) { - result = DNS_R_USETCP; - goto cleanup; - } + REQUIRE(bufferp != NULL && *bufferp == NULL); + + req_log(ISC_LOG_DEBUG(3), "request_render"); diff -Nur ORIG.bind-9.14.1/lib/dns/resolver.c bind-9.14.1/lib/dns/resolver.c --- ORIG.bind-9.14.1/lib/dns/resolver.c 2019-04-06 22:09:59.000000000 +0200 -+++ bind-9.14.1/lib/dns/resolver.c 2019-05-09 16:09:56.135889307 +0200 -@@ -1952,6 +1952,7 @@ ++++ bind-9.14.1/lib/dns/resolver.c 2019-05-09 16:26:27.619239217 +0200 +@@ -1951,7 +1951,7 @@ + goto stop_idle_timer; } query->mctx = fctx->mctx; - query->options = options; +- query->options = options; + query->options = options | DNS_FETCHOPT_TCP; query->attributes = 0; query->sends = 0; query->connects = 0; diff -Nur ORIG.bind-9.14.1/lib/isc/random.c bind-9.14.1/lib/isc/random.c --- ORIG.bind-9.14.1/lib/isc/random.c 2019-04-06 22:09:59.000000000 +0200 -+++ bind-9.14.1/lib/isc/random.c 2019-05-09 16:09:56.135889307 +0200 ++++ bind-9.14.1/lib/isc/random.c 2019-05-09 16:26:27.619239217 +0200 @@ -96,6 +96,7 @@ isc_random8(void) { RUNTIME_CHECK(isc_once_do(&isc_random_once, @@ -438,25 +374,17 @@ diff -Nur ORIG.bind-9.14.1/lib/isc/random.c bind-9.14.1/lib/isc/random.c return (next()); } -@@ -124,6 +127,12 @@ +@@ -124,6 +127,13 @@ RUNTIME_CHECK(isc_once_do(&isc_random_once, isc_random_initialize) == ISC_R_SUCCESS); -+ for (size_t z = 0; z < buflen; z++) { -+ char * b = (char*)buf; -+ b[z] = z + 1; -+ } -+ return; ++ for (size_t z = 0; z < buflen; z++) { ++ char * b = (char*)buf; ++ b[z] = z + 1; ++ } ++ return; ++ + for (i = 0; i + sizeof(r) <= buflen; i += sizeof(r)) { r = next(); memmove((uint8_t *)buf + i, &r, sizeof(r)); -@@ -145,6 +154,8 @@ - return (0); - } - -+ return 1; -+ - #if (ULONG_MAX > 0xffffffffUL) - min = 0x100000000UL % upper_bound; - #else /* if (ULONG_MAX > 0xffffffffUL) */ |