oss-fuzz integration
Description
Continual fuzzing may help catch potential security vulnerabilities in bind at an early stage. To this end, it might be useful to enrol bind in oss-fuzz, a free continual fuzzing initiative offered by Google. I have a test case (see below) that can be used as a starting point for this integration. The short-term plan would be to augment this test case or write new ones using the libFuzzer API.
#include <stddef.h>
#include <stdint.h>
#include <isc/buffer.h>
#include <dns/fixedname.h>
#include <dns/name.h>
int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
isc_buffer_t buf;
isc_result_t result;
dns_fixedname_t origin;
if (size < 5) return 0;
dns_fixedname_init(&origin);
isc_buffer_init(&buf, (void *)data, size);
isc_buffer_add(&buf, size);
result = dns_name_fromtext(dns_fixedname_name(&origin), &buf, dns_rootname, 0, NULL);
return 0;
}
Request
Ideally, oss-fuzz integration would create a sub-folder like tests/oss-fuzz
that would house oss-fuzz specific test harnesses such as above. Once this test harness is approved and merged into the bind repo, I can send a pull request to oss-fuzz to fetch bind sources, build and run bind fuzzers on a continual basis.
For this to happen, the following is required:
- The oss-fuzz test harness (such as the one shown above) is merged into bind source tree
- one person from Bind development team would serve as the primary contact
- one Google linked ID (e.g., from a Bind dev team) to view bug reports needs to be provided
- [optional] one or more additional people may be CCed