mirror of https://gitlab.nic.cz/knot/knot-dns.git synced 2026-02-03 18:49:28 -05:00

History

Daniel Salzman 564af146c7 tests-fuzz: relicense to GPL-2.0-or-later		2025-03-24 09:53:50 +01:00
..
check	tests-fuzz: remove _libfuzzer from fuzz binaries	2018-01-03 11:21:41 +01:00
fuzz_dname_from_str.in	tests-fuzz: add tests for dname to/from string operations	2018-07-02 17:00:43 +02:00
fuzz_dname_to_str.in	tests-fuzz: add tests for dname to/from string operations	2018-07-02 17:00:43 +02:00
fuzz_packet.in@69e4a98151	tests-fuzz: update and rename submodules	2018-03-02 09:37:06 +01:00
fuzz_zscanner.in@4cf63e8894	tests-fuzz: update and rename submodules	2018-03-02 09:37:06 +01:00
knotd_wrap	tests-fuzz: relicense to GPL-2.0-or-later	2025-03-24 09:53:50 +01:00
.gitignore	tests-fuzz: add tests for dname to/from string operations	2018-07-02 17:00:43 +02:00
fuzz_dname_from_str.c	tests-fuzz: relicense to GPL-2.0-or-later	2025-03-24 09:53:50 +01:00
fuzz_dname_to_str.c	tests-fuzz: relicense to GPL-2.0-or-later	2025-03-24 09:53:50 +01:00
fuzz_packet.c	tests-fuzz: relicense to GPL-2.0-or-later	2025-03-24 09:53:50 +01:00
fuzz_zscanner.c	tests-fuzz: relicense to GPL-2.0-or-later	2025-03-24 09:53:50 +01:00
main.c	tests-fuzz: replace asserts with regular checks to mute warnings	2018-03-02 15:49:27 +01:00
Makefile.am	tests-fuzz: add libdbus parameters to Makefile	2024-02-20 17:02:12 +01:00
README.md	Update README.md	2018-11-07 13:43:20 +00:00

Fuzzing stdio-wrapped knotd with AFL

Ensure Clang
Ensure AFL 1.83b+ or install a fresh one
1. curl -O -L http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz
2. tar -xzf afl-latest.tgz
3. cd afl-*/
4. make
5. make -C llvm_mode
6. sudo make install
Compile Knot DNS with afl-clang compiler
1. CC=afl-clang-fast ./configure --disable-shared --disable-utilities --disable-documentation
2. (Add --with-sanitizer=address for ASAN)
3. make
Try running knotd_stdio
1. cd tests-fuzz
2. make check-compile
3. mkdir -p /tmp/knotd-fuzz/rundir /tmp/knotd-fuzz/storage
4. ./knotd_stdio -c ./knotd_wrap/knot_stdio.conf
5. (Consider adding zones or modules to the configuration)
Prepare an initial corpus
1. Checkout the dns-fuzzing repository git clone https://github.com/CZ-NIC/dns-fuzzing in
2. (Add more custom test cases to in/packet/)
Minimize the tested corpus with afl-cmin and simple packet parser (doesn't work with ASAN!)
1. afl-cmin -i in/packet/ -o min -- ./fuzz_packet
Run the fuzzer
1. AFL_PERSISTENT=1 afl-fuzz -m 1000M -i min -o out -- ./knotd_stdio -c knotd_wrap/knot_stdio.conf
2. (Add AFL_USE_ASAN=1 and use -m none if compiled with ASAN)
3. (Consider parallel fuzzing, see afl-fuzz -h)

NOTE: Sanitizer utilization is a bit problematical with AFL, see [notes_for_asan.txt] (https://github.com/mirrorer/afl/blob/master/docs/notes_for_asan.txt).

Fuzzing with libFuzzer (requires Clang 6.0+)

Ensure Clang with -fsanitize=fuzzer support (e.g. LLVM)
Configure with
1. ./configure --with-fuzzer --disable-shared --disable-documentation
2. (You should also add --with-sanitizer= address for ASAN or undefined for UBSAN)
3. (Add proper CC=clang-6.0 if necessary)
Compile Knot DNS:
1. make
Create and check the fuzzing binaries
1. cd tests-fuzz
2. make check
Download the corpora
1. git submodule init
2. git submodule update --recursive --remote
(Optional) add more test cases
1. ./fuzz_packet -merge=1 fuzz_packet.in <DIR_WITH_NEW_PACKET_TEST_CASES>
2. ./fuzz_zscanner -merge=1 fuzz_zscanner.in <DIR_WITH_NEW_ZSCANNER_TEST_CASES>
Run the fuzzer
1. (Set proper symbolizer if necessary export ASAN_SYMBOLIZER_PATH=$(readlink -f `which llvm-symbolizer-6.0`) for ASAN or export UBSAN_SYMBOLIZER_PATH=$(readlink -f `which llvm-symbolizer-6.0`) for UBSAN)
2. ./fuzz_packet fuzz_packet.in or ./fuzz_zscanner fuzz_zscanner.in
3. (Add parallel fuzzing -jobs=<CPUS>