Fuzzing DNS zone parsers

In my never-ending quest to improve the quality of my C codebases, I’ve been using AFL to fuzz statzone, the zone parser I use to generate monthly statistics on StatDNS. It helped me to find and fix a NULL pointer dereference. I initially used the .arpa zone file as input, but then remembered that OpenDNSSEC bundles a special zone for testing purposes, containing a lot of seldom used resource records types, and decided to use this one too....

July 11, 2019 · 5 min