Nice work! Could you post more about the basic mechanics of the testing setup itself with AFL + zonefiles? I’ve been meaning to get into AFL but haven’t quite gotten to it on my list yet. I’d love to try similar stuff on gdnsd’s zonefile parser, and eventually even use AFL to fuzz query packet parsing as well.
Sure, gdnsd can easily be fuzzed without any modifications.
Build it with AFL:
./configure CC=afl-gcc
make
Create some directories:
mkdir input output zones
Put a zone file in the ‘input’ directory, (I used a trimmed down version of all.rr.org, removing RR which gdnsd doesn’t support) and launch the fuzzer:
Nice work! Could you post more about the basic mechanics of the testing setup itself with AFL + zonefiles? I’ve been meaning to get into AFL but haven’t quite gotten to it on my list yet. I’d love to try similar stuff on gdnsd’s zonefile parser, and eventually even use AFL to fuzz query packet parsing as well.
Sure, gdnsd can easily be fuzzed without any modifications.
Build it with AFL:
Create some directories:
Put a zone file in the ‘input’ directory, (I used a trimmed down version of all.rr.org, removing RR which gdnsd doesn’t support) and launch the fuzzer:
While doing so, I found and reported two stack-based buffer overflows.