Chiebot-Mirror
/
c-ares
mirror of https://github.com/c-ares/c-ares.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
A C library for asynchronous DNS requests (grpc依赖)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
838 Commits
14 Branches
96 Tags
22 MiB
 
 
 
 
 
Tag: Branch: Tree: 02745437e6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '02745437e6'
${ noResults }
c-ares/test/ares-test-fuzz.c

316 lines
11 KiB
Raw Blame History

/* MIT License
*
* Copyright (c) The c-ares project and its contributors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice (including the next
* paragraph) shall be included in all copies or substantial portions of the
* Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* SPDX-License-Identifier: MIT
*/
#include <stddef.h>
#include <stdio.h>
#include "ares.h"
#include "include/ares_buf.h"
#include "include/ares_mem.h"
int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size);
#ifdef USE_LEGACY_FUZZERS
/* This implementation calls the legacy c-ares parsers, which historically
* all used different logic and parsing. As of c-ares 1.21.0 these are
* simply wrappers around a single parser, and simply convert the parsed
* DNS response into the data structures the legacy parsers used which is a
* small amount of code and not likely going to vary based on the input data.
*
* Instead, these days, it makes more sense to test the new parser directly
* instead of calling it 10 or 11 times with the same input data to speed up
* the number of iterations per second the fuzzer can perform.
*
* We are keeping this legacy fuzzer test for historic reasons or if someone
* finds them of use.
*/
int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
{
/* Feed the data into each of the ares_parse_*_reply functions. */
struct hostent *host = NULL;
struct ares_addrttl info[5];
struct ares_addr6ttl info6[5];
unsigned char addrv4[4] = { 0x10, 0x20, 0x30, 0x40 };
struct ares_srv_reply *srv = NULL;
struct ares_mx_reply *mx = NULL;
struct ares_txt_reply *txt = NULL;
struct ares_soa_reply *soa = NULL;
struct ares_naptr_reply *naptr = NULL;
struct ares_caa_reply *caa = NULL;
struct ares_uri_reply *uri = NULL;
int count = 5;
ares_parse_a_reply(data, (int)size, &host, info, &count);
if (host) {
ares_free_hostent(host);
}
host = NULL;
count = 5;
ares_parse_aaaa_reply(data, (int)size, &host, info6, &count);
if (host) {
ares_free_hostent(host);
}
host = NULL;
ares_parse_ptr_reply(data, (int)size, addrv4, sizeof(addrv4), AF_INET, &host);
if (host) {
ares_free_hostent(host);
}
host = NULL;
ares_parse_ns_reply(data, (int)size, &host);
if (host) {
ares_free_hostent(host);
}
ares_parse_srv_reply(data, (int)size, &srv);
if (srv) {
ares_free_data(srv);
}
ares_parse_mx_reply(data, (int)size, &mx);
if (mx) {
ares_free_data(mx);
}
ares_parse_txt_reply(data, (int)size, &txt);
if (txt) {
ares_free_data(txt);
}
ares_parse_soa_reply(data, (int)size, &soa);
if (soa) {
ares_free_data(soa);
}
ares_parse_naptr_reply(data, (int)size, &naptr);
if (naptr) {
ares_free_data(naptr);
}
ares_parse_caa_reply(data, (int)size, &caa);
if (caa) {
ares_free_data(caa);
}
ares_parse_uri_reply(data, (int)size, &uri);
if (uri) {
ares_free_data(uri);
}
return 0;
}
#else
int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
{
ares_dns_record_t *dnsrec = NULL;
char *printdata = NULL;
ares_buf_t *printmsg = NULL;
size_t i;
unsigned char *datadup = NULL;
size_t datadup_len = 0;
/* There is never a reason to have a size > 65535, it is immediately
* rejected by the parser */
if (size > 65535) {
return -1;
}
if (ares_dns_parse(data, size, 0, &dnsrec) != ARES_SUCCESS) {
goto done;
}
/* Lets test the message fetchers */
printmsg = ares_buf_create();
if (printmsg == NULL) {
goto done;
}
ares_buf_append_str(printmsg, ";; ->>HEADER<<- opcode: ");
ares_buf_append_str(
printmsg, ares_dns_opcode_tostr(ares_dns_record_get_opcode(dnsrec)));
ares_buf_append_str(printmsg, ", status: ");
ares_buf_append_str(printmsg,
ares_dns_rcode_tostr(ares_dns_record_get_rcode(dnsrec)));
ares_buf_append_str(printmsg, ", id: ");
ares_buf_append_num_dec(printmsg, (size_t)ares_dns_record_get_id(dnsrec), 0);
ares_buf_append_str(printmsg, "\n;; flags: ");
ares_buf_append_num_hex(printmsg, (size_t)ares_dns_record_get_flags(dnsrec),
0);
ares_buf_append_str(printmsg, "; QUERY: ");
ares_buf_append_num_dec(printmsg, ares_dns_record_query_cnt(dnsrec), 0);
ares_buf_append_str(printmsg, ", ANSWER: ");
ares_buf_append_num_dec(
printmsg, ares_dns_record_rr_cnt(dnsrec, ARES_SECTION_ANSWER), 0);
ares_buf_append_str(printmsg, ", AUTHORITY: ");
ares_buf_append_num_dec(
printmsg, ares_dns_record_rr_cnt(dnsrec, ARES_SECTION_AUTHORITY), 0);
ares_buf_append_str(printmsg, ", ADDITIONAL: ");
ares_buf_append_num_dec(
printmsg, ares_dns_record_rr_cnt(dnsrec, ARES_SECTION_ADDITIONAL), 0);
ares_buf_append_str(printmsg, "\n\n");
ares_buf_append_str(printmsg, ";; QUESTION SECTION:\n");
for (i = 0; i < ares_dns_record_query_cnt(dnsrec); i++) {
const char *name;
ares_dns_rec_type_t qtype;
ares_dns_class_t qclass;
if (ares_dns_record_query_get(dnsrec, i, &name, &qtype, &qclass) !=
ARES_SUCCESS) {
goto done;
}
ares_buf_append_str(printmsg, ";");
ares_buf_append_str(printmsg, name);
ares_buf_append_str(printmsg, ".\t\t\t");
ares_buf_append_str(printmsg, ares_dns_class_tostr(qclass));
ares_buf_append_str(printmsg, "\t");
ares_buf_append_str(printmsg, ares_dns_rec_type_tostr(qtype));
ares_buf_append_str(printmsg, "\n");
}
ares_buf_append_str(printmsg, "\n");
for (i = ARES_SECTION_ANSWER; i < ARES_SECTION_ADDITIONAL + 1; i++) {
size_t j;
ares_buf_append_str(printmsg, ";; ");
ares_buf_append_str(printmsg,
ares_dns_section_tostr((ares_dns_section_t)i));
ares_buf_append_str(printmsg, " SECTION:\n");
for (j = 0; j < ares_dns_record_rr_cnt(dnsrec, (ares_dns_section_t)i);
j++) {
size_t keys_cnt = 0;
const ares_dns_rr_key_t *keys = NULL;
ares_dns_rr_t *rr = NULL;
size_t k;
rr = ares_dns_record_rr_get(dnsrec, (ares_dns_section_t)i, j);
ares_buf_append_str(printmsg, ares_dns_rr_get_name(rr));
ares_buf_append_str(printmsg, ".\t\t\t");
ares_buf_append_str(printmsg,
ares_dns_class_tostr(ares_dns_rr_get_class(rr)));
ares_buf_append_str(printmsg, "\t");
ares_buf_append_str(printmsg,
ares_dns_rec_type_tostr(ares_dns_rr_get_type(rr)));
ares_buf_append_str(printmsg, "\t");
ares_buf_append_num_dec(printmsg, ares_dns_rr_get_ttl(rr), 0);
ares_buf_append_str(printmsg, "\t");
keys = ares_dns_rr_get_keys(ares_dns_rr_get_type(rr), &keys_cnt);
for (k = 0; k < keys_cnt; k++) {
char buf[256] = "";
ares_buf_append_str(printmsg, ares_dns_rr_key_tostr(keys[k]));
ares_buf_append_str(printmsg, "=");
switch (ares_dns_rr_key_datatype(keys[k])) {
case ARES_DATATYPE_INADDR:
ares_inet_ntop(AF_INET, ares_dns_rr_get_addr(rr, keys[k]), buf,
sizeof(buf));
ares_buf_append_str(printmsg, buf);
break;
case ARES_DATATYPE_INADDR6:
ares_inet_ntop(AF_INET6, ares_dns_rr_get_addr6(rr, keys[k]), buf,
sizeof(buf));
ares_buf_append_str(printmsg, buf);
break;
case ARES_DATATYPE_U8:
ares_buf_append_num_dec(printmsg, ares_dns_rr_get_u8(rr, keys[k]),
0);
break;
case ARES_DATATYPE_U16:
ares_buf_append_num_dec(printmsg, ares_dns_rr_get_u16(rr, keys[k]),
0);
break;
case ARES_DATATYPE_U32:
ares_buf_append_num_dec(printmsg, ares_dns_rr_get_u32(rr, keys[k]),
0);
break;
case ARES_DATATYPE_NAME:
case ARES_DATATYPE_STR:
ares_buf_append_byte(printmsg, '"');
ares_buf_append_str(printmsg, ares_dns_rr_get_str(rr, keys[k]));
ares_buf_append_byte(printmsg, '"');
break;
case ARES_DATATYPE_BIN:
/* TODO */
break;
case ARES_DATATYPE_BINP:
{
size_t templen;
ares_buf_append_byte(printmsg, '"');
ares_buf_append_str(printmsg, (const char *)ares_dns_rr_get_bin(
rr, keys[k], &templen));
ares_buf_append_byte(printmsg, '"');
}
break;
case ARES_DATATYPE_ABINP:
{
size_t a;
for (a = 0; a < ares_dns_rr_get_abin_cnt(rr, keys[k]); a++) {
size_t templen;
if (a != 0) {
ares_buf_append_byte(printmsg, ' ');
}
ares_buf_append_byte(printmsg, '"');
ares_buf_append_str(
printmsg,
(const char *)ares_dns_rr_get_abin(rr, keys[k], a, &templen));
ares_buf_append_byte(printmsg, '"');
}
}
break;
case ARES_DATATYPE_OPT:
/* TODO */
break;
}
ares_buf_append_str(printmsg, " ");
}
ares_buf_append_str(printmsg, "\n");
}
}
ares_buf_append_str(printmsg, ";; SIZE: ");
ares_buf_append_num_dec(printmsg, size, 0);
ares_buf_append_str(printmsg, "\n\n");
printdata = ares_buf_finish_str(printmsg, NULL);
printmsg = NULL;
/* Write it back out as a dns message to test writer */
if (ares_dns_write(dnsrec, &datadup, &datadup_len) != ARES_SUCCESS) {
goto done;
}
done:
ares_dns_record_destroy(dnsrec);
ares_buf_destroy(printmsg);
ares_free(printdata);
ares_free(datadup);
return 0;
}
#endif