Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d3dd6915 authored by kfcchen's avatar kfcchen
Browse files

Add fuzzing test on function resolv_gethostbyaddr for DnsResolver. 

Bug: 240913174

Test: sees go/android-fuzzing-run or uses commands below

 # Build & run
FUZZER_NAME=resolv_gethostbyaddr_fuzzer
DEVICE_TRACE_PATH=/data/fuzz/$(get_build_var TARGET_ARCH)/${FUZZER_NAME}/data.profraw
CLANG_COVERAGE=true NATIVE_COVERAGE_PATHS='*' make ${FUZZER_NAME}
adb sync data && adb shell LLVM_PROFILE_FILE=${DEVICE_TRACE_PATH} /data/fuzz/$(get_build_var TARGET_ARCH)/${FUZZER_NAME}/${FUZZER_NAME} -runs=10000

 # Check results
adb pull ${DEVICE_TRACE_PATH} data.profraw
llvm-profdata merge --sparse data.profraw --output data.profdata
llvm-cov show --format=html --instr-profile=data.profdata ${ANDROID_PRODUCT_OUT}/symbols/data/fuzz/$(get_build_var TARGET_ARCH)/${FUZZER_NAME}/${FUZZER_NAME} --ignore-filename-regex='\/frameworks\/' --ignore-filename-regex='\/rust\/crates\/' --ignore-filename-regex='\/system\/' --ignore-filename-regex='\/external\/' --ignore-filename-regex='\/\.intermediates\/' --output-dir=coverage-html

Change-Id: I37759a1b135e15b4ae9d879616024eb4aa424a52
parent de6c787c

tests/Android.bp

+6 −0
Original line number Original line Diff line number Diff line
@@ -378,3 +378,9 @@ cc_fuzz { 
    defaults: ["resolv_fuzzer_defaults"],

    defaults: ["resolv_fuzzer_defaults"],

    srcs: ["fuzzer/resolv_gethostbyname_fuzzer.cpp"],

    srcs: ["fuzzer/resolv_gethostbyname_fuzzer.cpp"],

}

}



cc_fuzz {

    name: "resolv_gethostbyaddr_fuzzer",

    defaults: ["resolv_fuzzer_defaults"],

    srcs: ["fuzzer/resolv_gethostbyaddr_fuzzer.cpp"],

}

tests/fuzzer/resolv_gethostbyaddr_fuzzer.cpp

0 → 100644
+47 −0
Original line number Original line Diff line number Diff line 
#include "resolv_fuzzer_utils.h"



namespace android::net {

namespace {



// Tests resolv_gethostbyaddr.

void TestResolvGethostbyaddr(FuzzedDataProvider& fdp) {

    in6_addr v6addr;

    fdp.ConsumeBool() ? fdp.ConsumeData(&v6addr, sizeof(v6addr))    // Fuzzing data.

                      : inet_pton(AF_INET6, "::1.2.3.4", &v6addr);  // Correct data.

    // Fuzzs some values defined in nameser.h, e.g. NS_INADDRSZ.

    socklen_t mAddressLen = fdp.ConsumeIntegralInRange<int>(0, NS_IN6ADDRSZ + 1);

    // All valid address families in socket.h, e.g. AF_INET.

    int af = fdp.ConsumeIntegralInRange<int>(0, AF_MAX);

    hostent hbuf;

    char tmpbuf[MAXPACKET];

    hostent* hp;

    NetworkDnsEventReported event;



    resolv_gethostbyaddr(&v6addr, mAddressLen, af, &hbuf, tmpbuf, sizeof(tmpbuf), &mNetContext, &hp,

                         &event);

}



}  // namespace



// Entry point of fuzzing test.

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

    [[maybe_unused]] static bool initialized = DoInit();

    FuzzedDataProvider fdp(data, size);



    // Chooses doh or dot.

    std::string flag = fdp.PickValueInArray({"0", "1"});

    ScopedSystemProperties sp(kDohFlag, flag);

    android::net::Experiments::getInstance()->update();



    auto parcel = DnsResponderClient::GetDefaultResolverParamsParcel();

    // Chooses private DNS or not.

    if (fdp.ConsumeBool()) parcel.tlsServers = {};

    resolverCtrl.setResolverConfiguration(parcel);



    TestResolvGethostbyaddr(fdp);



    CleanUp();

    return 0;

}



}  // namespace android::net