f89adb2c2a52b505501c3eaa2aec9fd4df6bd60aTinderbox User * Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * file, You can obtain one at http://mozilla.org/MPL/2.0/.
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki#error To use American Fuzzy Lop you have to set CC to afl-clang-fast!!!
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * We are using pthreads directly because we might be using it with unthreaded
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * version of BIND, where all thread functions are mocks. Since AFL for now only
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * works on Linux it's not a problem.
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * Parse named -A argument in the "address:port" syntax. Due to
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * the syntax used, this only supports IPv4 addresses.
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(inet_pton(AF_INET, host, &servaddr.sin_addr) == 1);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki /* Wait for named to start. */
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(pthread_mutex_lock(&mutex) == ISC_R_SUCCESS);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki (struct sockaddr *) &servaddr, sizeof(servaddr));
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki recvfrom(sockfd, buf, 65536, MSG_DONTWAIT, NULL, NULL);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(pthread_mutex_unlock(&mutex) == ISC_R_SUCCESS);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki ns_server_flushonshutdown(ns_g_server, ISC_FALSE);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki /* Query for A? aaaaaaaaaa.example. */
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki "\0\0\1 \0\1\0\0\0\0\0\0\naaaaaaaaaa\7example\0\0\1\0\1";
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki struct sockaddr_in servaddr, recaddr, recvaddr;
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * Parse named -A argument in the "laddress:sport:raddress:rport"
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * syntax. Due to the syntax used, this only supports IPv4 addresses.
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(inet_pton(AF_INET, shost, &servaddr.sin_addr) == 1);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(inet_pton(AF_INET, rhost, &recaddr.sin_addr) == 1);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki /* Wait for named to start */
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(bind(listenfd, (struct sockaddr *)&recaddr,
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki sizeof(struct sockaddr_in)) == 0);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(pthread_mutex_lock(&mutex) == ISC_R_SUCCESS);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki /* Randomize query ID. */
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki sent = recvfrom(listenfd, rbuf, 65536, MSG_DONTWAIT,
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki sent = sendto(sockfd, respacket, sizeof(respacket), 0,
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki (struct sockaddr *) &servaddr, sizeof(servaddr));
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki /* Copy QID and set QR so that response is always processed. */
f89adb2c2a52b505501c3eaa2aec9fd4df6bd60aTinderbox User (struct sockaddr *) &recvaddr, sizeof(recvaddr));
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki /* We might get additional questions here (e.g. for CNAME). */
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki max = (listenfd > sockfd ? listenfd : sockfd)+1;
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki /* It's the reply, we're done. */
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki recvfrom(sockfd, buf, 65536, 0, NULL, NULL);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * We've got additional question (eg. cname chain)
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * We are bouncing it - setting QR flag and NOERROR
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * rcode and sending it back.
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(pthread_mutex_unlock(&mutex) == 0);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki ns_server_flushonshutdown(ns_g_server, ISC_FALSE);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * It's here just for the signature, that's how AFL detects if it's
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * a 'persistent mode' binary.
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * Parse named -A argument in the "address:port" syntax. Due to
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * the syntax used, this only supports IPv4 addresses.
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(inet_pton(AF_INET, host, &servaddr.sin_addr) == 1);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki /* Wait for named to start */
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * To fuzz TCP client we have to put length at
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * the start of packet.
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki * This guarantees that the request will be processed.
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(pthread_mutex_lock(&mutex) == ISC_R_SUCCESS);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR,
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki &yes, sizeof(int)) == 0);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki r = connect(sockfd, (struct sockaddr*)&servaddr,
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki } while (r != 0);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki recvfrom(sockfd, buf, 65537, MSG_DONTWAIT, NULL, NULL);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(pthread_mutex_unlock(&mutex) == ISC_R_SUCCESS);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki ns_server_flushonshutdown(ns_g_server, ISC_FALSE);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki#endif /* ENABLE_AFL */
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki ns_server_flushonshutdown(ns_g_server, ISC_FALSE);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(pthread_mutex_lock(&mutex) == 0);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(pthread_cond_signal(&cond) == 0);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(pthread_mutex_unlock(&mutex) == 0);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki#endif /* ENABLE_AFL */
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki if (getenv("__AFL_PERSISTENT") || getenv("AFL_CMIN")) {
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(pthread_mutex_init(&mutex, NULL) == 0);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(pthread_cond_init(&cond, NULL) == 0);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki RUNTIME_CHECK(pthread_create(&thread, NULL, fn, NULL) == 0);
19d80ce5844e00a021643759adcbe27c11b485a0Witold Krecicki#endif /* ENABLE_AFL */