This directory holds unit tests for the c-ares library. To build the tests:
./configure --disable-symbol-hiding
.configure
file by running autoreconf -iv
(which requires a local installation of autotools)../configure
make
./arestest
, or ./arestest -v
for extra debug info.Points to note:
./arestest --gtest_filter=-*.Live*
.-p 5300
option to arestest
.The test suite includes various different types of test.
ares-test-live.cc
), which assume that the current machine has a valid DNS setup and connection to the internet; these tests issue queries for real domains but don't particularly check what gets returned. The tests will fail on an offline machine.ares-test-mock.cc
) that set up a fake DNS server and inject its port into the c-ares library configuration. These tests allow specific response messages to be crafted and injected, and so are likely to be used for many more tests in future.dns-proto.h
file includes C++ helper classes for building DNS packets.ares_parse_*_reply
) are tested directly.malloc
/free
.ares-test-internal.c
), but these are only enabled if the library was configured with --disable-symbol-hiding
and/or --enable-expose-statics
.ares_parse_*_reply
, together with a standalone wrapper for it (./aresfuzz
) to allow use of command line fuzzers (such as afl-fuzz) for further fuzz testing.To generate code coverage information:
./configure --enable-code-coverage
before building. This requires the relevant code coverage tools (gcov, lcov) to be installed locally.test/arestest
.make code-coverage-capture
in the library directory (i.e. not in test/
).To fuzz the packet parsing code with libFuzzer, follow the main libFuzzer instructions:
Configure the c-ares library and test suite with a recent Clang and a sanitizer, for example:
% export CFLAGS="-fsanitize=fuzzer-no-link,address" % export CC=clang % ./configure --disable-shared && make
Link each of the fuzzer entrypoints in with ares-fuzz.cc
:
% clang -I.. -c ares-test-fuzz.c % clang -I.. -c ares-test-fuzz-name.c % clang++ -fsanitize=fuzzer,address ares-test-fuzz.o ../.libs/libcares.a -o ares-libfuzzer % clang++ -fsanitize=fuzzer,address ares-test-fuzz-name.o ../.libs/libcares.a -o ares-libfuzzer-name
Run the fuzzer using the starting corpus with:
% ./ares-libfuzzer fuzzinput/ # OR % ./ares-libfuzzer-name fuzznames/
To fuzz using AFL, follow the AFL quick start guide:
Download and build AFL.
Configure the c-ares library and test tool to use AFL's compiler wrappers:
% export CC=$AFLDIR/afl-gcc % ./configure --disable-shared && make % cd test && ./configure && make aresfuzz aresfuzzname
Run the AFL fuzzer against the starting corpus:
% mkdir fuzzoutput % $AFLDIR/afl-fuzz -i fuzzinput -o fuzzoutput -- ./aresfuzz # OR % $AFLDIR/afl-fuzz -i fuzznames -o fuzzoutput -- ./aresfuzzname
If a recent version of Clang is available, AFL can use its built-in compiler instrumentation; this configuration also allows the use of a (much) faster persistent mode, where multiple fuzz inputs are run for each process invocation.
Download and build a recent AFL, and run make
in the llvm_mode
subdirectory to ensure that afl-clang-fast
gets built.
Configure the c-ares library and test tool to use AFL's clang wrappers that use compiler instrumentation:
% export CC=$AFLDIR/afl-clang-fast % ./configure --disable-shared && make % cd test && ./configure && make aresfuzz
Run the AFL fuzzer (in persistent mode) against the starting corpus:
% mkdir fuzzoutput % $AFLDIR/afl-fuzz -i fuzzinput -o fuzzoutput -- ./aresfuzz