1 /* Copyright 2021 Google LLC
2 Licensed under the Apache License, Version 2.0 (the "License");
3 you may not use this file except in compliance with the License.
4 You may obtain a copy of the License at
5 http://www.apache.org/licenses/LICENSE-2.0
6 Unless required by applicable law or agreed to in writing, software
7 distributed under the License is distributed on an "AS IS" BASIS,
8 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9 See the License for the specific language governing permissions and
10 limitations under the License.
11 */
12
13 #include "fuzz_header.h"
14
15 /*
16 * Targets answer_auth
17 */
FuzzAuth(const uint8_t ** data2,size_t * size2)18 void FuzzAuth(const uint8_t **data2, size_t *size2) {
19 const uint8_t *data = *data2;
20 size_t size = *size2;
21
22 int i1 = get_int(&data, &size);
23 int i2 = get_int(&data, &size);
24 int i3 = get_int(&data, &size);
25
26 if (size > (sizeof(struct dns_header) +50)) {
27 char *new_data = malloc(size+1);
28 memset(new_data, 0, size);
29 memcpy(new_data, data, size);
30 new_data[size] = '\0';
31 pointer_arr[pointer_idx++] = (void*)new_data;
32
33 time_t now;
34 union mysockaddr peer_addr;
35 answer_auth((struct dns_header *)new_data, new_data + size, size, now, &peer_addr, i1, i2, i3);
36 }
37 }
38
39 /*
40 * Fuzzer entrypoint.
41 */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)42 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
43 daemon = NULL;
44 if (size < 1) {
45 return 0;
46 }
47
48 // Initialize mini garbage collector
49 gb_init();
50
51 // Get a value we can use to decide which target to hit.
52 int i = (int)data[0];
53 data += 1;
54 size -= 1;
55
56 int succ = init_daemon(&data, &size);
57
58 if (succ == 0) {
59 cache_init();
60 blockdata_init();
61
62 FuzzAuth(&data, &size);
63
64 cache_start_insert();
65 fuzz_blockdata_cleanup();
66 }
67
68 // Free data in mini garbage collector.
69 gb_cleanup();
70
71 return 0;
72 }
73