OpenWrt MDNS daemon https://git.openwrt.org/project/mdnsd/atom?h=master 2020-10-13T13:27:49Z 2020-10-13T13:27:49Z Petr Štetiar 2020-10-12T15:40:19Z urn:sha1:4cece9cc7db428fa0e1af27d4dced91bf7c2cc50 Fixes following buffer overflow: ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000007338b8 at pc 0x0000004db339 bp 0x7ffe370e6140 sp 0x7ffe370e6138 READ of size 8 at 0x0000007338b8 thread T0 #0 0x4db338 in cache_record_find mdnsd/cache.c:197:17 #1 0x4d74b4 in cache_answer mdnsd/cache.c:336:6 #2 0x4cf04a in parse_answer mdnsd/dns.c:343:3 #3 0x4cb272 in dns_handle_packet mdnsd/dns.c:442:7 #4 0x4f508c in read_socket4 mdnsd/interface.c:253:3 #5 0x7fb81dddc73d in uloop_run_events libubox/uloop.c:198:4 #6 0x7fb81dddc73d in uloop_run_timeout libubox/uloop.c:555:3 #7 0x4c77cd in uloop_run libubox/uloop.h:111:9 #8 0x4c7757 in main mdnsd/main.c:99:2 0x0000007338b8 is located 8 bytes to the right of global variable 'records' defined in 'mdnsd/cache.c:45:1' (0x733880) of size 48 SUMMARY: AddressSanitizer: global-buffer-overflow mdnsd/cache.c:197:17 in cache_record_find Signed-off-by: Petr Štetiar <ynezz@true.cz> 2020-10-13T13:27:49Z Petr Štetiar 2020-10-13T12:59:38Z urn:sha1:bf01f2dd0089fd4a77a792ecf9f0fa45dbd66b50 So it can read packets from file, which is handy when using for example AFL or hongfuzz fuzzers. Signed-off-by: Petr Štetiar <ynezz@true.cz> 2020-10-13T13:27:49Z Petr Štetiar 2020-10-13T12:36:44Z urn:sha1:134afc7288461bf0ef0506dfd5430bf28de0880c LibFuzzer is in-process, coverage-guided, evolutionary fuzzing engine. LibFuzzer is linked with the library under test, and feeds fuzzed inputs to the library via a specific fuzzing entrypoint (aka "target function"); the fuzzer then tracks which areas of the code are reached, and generates mutations on the corpus of input data in order to maximize the code coverage. So lets use libFuzzer to fuzz dns_handle_packet for the start. Ref: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Petr Štetiar <ynezz@true.cz>