xref: /netbsd-src/external/mpl/bind/dist/fuzz/dns_rdata_fromwire_text.c (revision 9fb66d812c00ebfb445c0b47dea128f32aa6fe96) 
1 /*	$NetBSD: dns_rdata_fromwire_text.c,v 1.5 2021/02/19 16:42:15 christos Exp $	*/
2 
3 /*
4  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
5  *
6  * This Source Code Form is subject to the terms of the Mozilla Public
7  * License, v. 2.0. If a copy of the MPL was not distributed with this
8  * file, you can obtain one at https://mozilla.org/MPL/2.0/.
9  *
10  * See the COPYRIGHT file distributed with this work for additional
11  * information regarding copyright ownership.
12  */
13 
14 #include <assert.h>
15 #include <stddef.h>
16 #include <stdint.h>
17 #include <string.h>
18 
19 #include <isc/buffer.h>
20 #include <isc/lex.h>
21 #include <isc/mem.h>
22 #include <isc/result.h>
23 #include <isc/util.h>
24 
25 #include <dns/callbacks.h>
26 #include <dns/compress.h>
27 #include <dns/master.h>
28 #include <dns/rdata.h>
29 #include <dns/rdatatype.h>
30 
31 #define CHECK(x)                                     \
32 	({                                           \
33 		if ((result = (x)) != ISC_R_SUCCESS) \
34 			goto done;                   \
35 	})
36 
37 extern bool debug;
38 
39 /*
40  * Fuzz input to dns_rdata_fromwire(). Then convert the result
41  * to text, back to wire format, to multiline text, and back to wire
42  * format again, checking for consistency throughout the sequence.
43  */
44 
45 int
46 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
47 
48 static void
49 nullmsg(dns_rdatacallbacks_t *cb, const char *fmt, ...) {
50 	va_list args;
51 
52 	UNUSED(cb);
53 
54 	if (debug) {
55 		va_start(args, fmt);
56 		vfprintf(stderr, fmt, args);
57 		fprintf(stderr, "\n");
58 		va_end(args);
59 	}
60 }
61 
62 int
63 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
64 	char totext[64 * 1044 * 4];
65 	dns_compress_t cctx;
66 	dns_decompress_t dctx;
67 	dns_rdatatype_t rdtype;
68 	dns_rdataclass_t rdclass;
69 	dns_rdatatype_t typelist[256] = { 1000 }; /* unknown */
70 	dns_rdataclass_t classlist[] = { dns_rdataclass_in, dns_rdataclass_hs,
71 					 dns_rdataclass_ch, dns_rdataclass_any,
72 					 60 };
73 	dns_rdata_t rdata1 = DNS_RDATA_INIT, rdata2 = DNS_RDATA_INIT,
74 		    rdata3 = DNS_RDATA_INIT;
75 	dns_rdatacallbacks_t callbacks;
76 	isc_buffer_t source, target;
77 	isc_lex_t *lex = NULL;
78 	isc_lexspecials_t specials;
79 	isc_mem_t *mctx = NULL;
80 	isc_result_t result;
81 	unsigned char fromtext[1024];
82 	unsigned char fromwire[1024];
83 	unsigned char towire[1024];
84 	unsigned int classes = (sizeof(classlist) / sizeof(classlist[0]));
85 	unsigned int types = 1, flags, t;
86 
87 	/*
88 	 * First 2 bytes are used to select type and class.
89 	 * dns_rdata_fromwire() only accepts input up to 2^16-1 octets.
90 	 */
91 	if (size < 2 || size > 0xffff + 2) {
92 		return (0);
93 	}
94 
95 	/*
96 	 * Append known types to list.
97 	 */
98 	for (t = 1; t <= 0x10000; t++) {
99 		char typebuf[256];
100 		if (dns_rdatatype_ismeta(t)) {
101 			continue;
102 		}
103 		dns_rdatatype_format(t, typebuf, sizeof(typebuf));
104 		if (strncmp(typebuf, "TYPE", 4) != 0) {
105 			/* Assert when we need to grow typelist. */
106 			assert(types < sizeof(typelist) / sizeof(typelist[0]));
107 			typelist[types++] = t;
108 		}
109 	}
110 
111 	/*
112 	 * Random type and class from a limited set.
113 	 */
114 	rdtype = typelist[(*data++) % types];
115 	size--;
116 	rdclass = classlist[(*data++) % classes];
117 	size--;
118 
119 	isc_mem_create(&mctx);
120 
121 	CHECK(isc_lex_create(mctx, 64, &lex));
122 	memset(specials, 0, sizeof(specials));
123 	specials[0] = 1;
124 	specials['('] = 1;
125 	specials[')'] = 1;
126 	specials['"'] = 1;
127 	isc_lex_setspecials(lex, specials);
128 	isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
129 
130 	if (debug) {
131 		fprintf(stderr, "type=%u, class=%u\n", rdtype, rdclass);
132 	}
133 
134 	dns_rdatacallbacks_init(&callbacks);
135 	callbacks.warn = callbacks.error = nullmsg;
136 
137 	/* Disallow decompression as we are reading a packet */
138 	dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_NONE);
139 
140 	isc_buffer_constinit(&source, data, size);
141 	isc_buffer_add(&source, size);
142 	isc_buffer_setactive(&source, size);
143 
144 	isc_buffer_init(&target, fromwire, sizeof(fromwire));
145 
146 	/*
147 	 * Reject invalid rdata.
148 	 */
149 	CHECK(dns_rdata_fromwire(&rdata1, rdclass, rdtype, &source, &dctx, 0,
150 				 &target));
151 	assert(rdata1.length == size);
152 
153 	/*
154 	 * Convert to text from wire.
155 	 */
156 	isc_buffer_init(&target, totext, sizeof(totext) - 1);
157 	result = dns_rdata_totext(&rdata1, NULL, &target);
158 	assert(result == ISC_R_SUCCESS);
159 
160 	/*
161 	 * Make debugging easier by NUL terminating.
162 	 */
163 	totext[isc_buffer_usedlength(&target)] = 0;
164 
165 	/*
166 	 * Convert to wire from text.
167 	 */
168 	isc_buffer_constinit(&source, totext, isc_buffer_usedlength(&target));
169 	isc_buffer_add(&source, isc_buffer_usedlength(&target));
170 	CHECK(isc_lex_openbuffer(lex, &source));
171 
172 	isc_buffer_init(&target, fromtext, sizeof(fromtext));
173 	result = dns_rdata_fromtext(&rdata2, rdclass, rdtype, lex, dns_rootname,
174 				    0, mctx, &target, &callbacks);
175 	if (debug && result != ISC_R_SUCCESS) {
176 		fprintf(stderr, "'%s'\n", totext);
177 	}
178 	assert(result == ISC_R_SUCCESS);
179 	assert(rdata2.length == size);
180 	assert(!memcmp(rdata2.data, data, size));
181 
182 	/*
183 	 * Convert to multi-line text from wire.
184 	 */
185 	isc_buffer_init(&target, totext, sizeof(totext));
186 	flags = dns_master_styleflags(&dns_master_style_default);
187 	result = dns_rdata_tofmttext(&rdata1, dns_rootname, flags, 80 - 32, 4,
188 				     "\n", &target);
189 	assert(result == ISC_R_SUCCESS);
190 
191 	/*
192 	 * Convert to wire from text.
193 	 */
194 	isc_buffer_constinit(&source, totext, isc_buffer_usedlength(&target));
195 	isc_buffer_add(&source, isc_buffer_usedlength(&target));
196 	CHECK(isc_lex_openbuffer(lex, &source));
197 
198 	isc_buffer_init(&target, fromtext, sizeof(fromtext));
199 	result = dns_rdata_fromtext(&rdata3, rdclass, rdtype, lex, dns_rootname,
200 				    0, mctx, &target, &callbacks);
201 	assert(result == ISC_R_SUCCESS);
202 	assert(rdata3.length == size);
203 	assert(!memcmp(rdata3.data, data, size));
204 
205 	/*
206 	 * Convert rdata back to wire.
207 	 */
208 	CHECK(dns_compress_init(&cctx, -1, mctx));
209 	dns_compress_disable(&cctx);
210 	isc_buffer_init(&target, towire, sizeof(towire));
211 	result = dns_rdata_towire(&rdata1, &cctx, &target);
212 	dns_compress_invalidate(&cctx);
213 	assert(result == ISC_R_SUCCESS);
214 	assert(target.used == size);
215 	assert(!memcmp(target.base, data, size));
216 
217 done:
218 	if (lex != NULL) {
219 		isc_lex_destroy(&lex);
220 	}
221 	if (lex != NULL) {
222 		isc_mem_detach(&mctx);
223 	}
224 	return (0);
225 }
226