Merge branch 'pspacek/fix-dns_message_checksig-out-of-tree' into 'main'

Fix dns_message_checksig fuzzer Closes #3565 See merge request isc-projects/bind9!6822
2026-05-28 04:34:54 -04:00 · 2022-09-27 11:22:56 +00:00 · 2022-09-27 11:22:56 +00:00 · 75424ec23a
commit 75424ec23a
parent 547f15ff11 16377100ae
2 changed files with 19 additions and 6 deletions
--- a/fuzz/dns_message_checksig.c
+++ b/fuzz/dns_message_checksig.c
@ -119,6 +119,7 @@ LLVMFuzzerInitialize(int *argc __attribute__((unused)),
 				     0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
 				     0xff, 0xff, 0xff, 0xff };
 	dns_zone_t *zone = NULL;
+	char pathbuf[PATH_MAX];

 	atexit(cleanup);

@ -174,13 +175,16 @@ LLVMFuzzerInitialize(int *argc __attribute__((unused)),
 	dns_zone_setclass(zone, view->rdclass);
 	dns_zone_settype(zone, dns_zone_primary);

-	result = dns_zone_setkeydirectory(zone, "dns_message_checksig.data");
+	snprintf(pathbuf, sizeof(pathbuf), FUZZDIR "/%s",
+		 "dns_message_checksig.data");
+	result = dns_zone_setkeydirectory(zone, pathbuf);
 	if (result != ISC_R_SUCCESS) {
 		return (1);
 	}

-	result = dns_zone_setfile(zone, "dns_message_checksig.data/sig0key.db",
-				  dns_masterformat_text,
+	snprintf(pathbuf, sizeof(pathbuf), FUZZDIR "/%s",
+		 "dns_message_checksig.data/sig0key.db");
+	result = dns_zone_setfile(zone, pathbuf, dns_masterformat_text,
 				  &dns_master_style_default);
 	if (result != ISC_R_SUCCESS) {
 		return (1);
@ -209,7 +213,7 @@ create_message(dns_message_t **messagep, const uint8_t *data, size_t size,
 	isc_result_t result;
 	dns_message_t *message = NULL;
 	isc_buffer_t b;
-	unsigned char buf[65535];
+	static unsigned char buf[65535];

 	isc_buffer_init(&b, buf, sizeof(buf));

--- a/fuzz/main.c
+++ b/fuzz/main.c
@ -94,10 +94,15 @@ test_all_from(const char *dirname) {

 int
 main(int argc, char **argv) {
+	int ret;
 	char corpusdir[PATH_MAX];
 	const char *target = strrchr(argv[0], '/');

-	(void)LLVMFuzzerInitialize(&argc, &argv);
+	ret = LLVMFuzzerInitialize(&argc, &argv);
+	if (ret != 0) {
+		fprintf(stderr, "LLVMFuzzerInitialize failure: %d\n", ret);
+		return 1;
+	}

 	if (argv[1] != NULL && strcmp(argv[1], "-d") == 0) {
 		debug = true;
@ -134,7 +139,11 @@ main(int argc, char **argv) {
 	int ret;
 	unsigned char buf[64 * 1024];

-	(void)LLVMFuzzerInitialize(&argc, &argv);
+	LLVMFuzzerInitialize(&argc, &argv);
+	if (ret != 0) {
+		fprintf(stderr, "LLVMFuzzerInitialize failure: %d\n", ret);
+		return 1;
+	}

 #ifdef __AFL_LOOP
 	while (__AFL_LOOP(10000)) { /* only works with afl-clang-fast */