diff --git a/net/dns/resolver/forwarder_test.go b/net/dns/resolver/forwarder_test.go index 4c8deca74..43bac3e03 100644 --- a/net/dns/resolver/forwarder_test.go +++ b/net/dns/resolver/forwarder_test.go @@ -201,3 +201,61 @@ func BenchmarkNameFromQuery(b *testing.B) { } } } + +// Reproduces https://github.com/tailscale/tailscale/issues/2533 +// Fixed by https://github.com/tailscale/tailscale/commit/f414a9cc01f3264912513d07c0244ff4f3e4ba54 +// +// NOTE: fuzz tests act like unit tests when run without `-fuzz` +func FuzzClampEDNSSize(f *testing.F) { + // Empty DNS packet + f.Add([]byte{ + // query id + 0x12, 0x34, + // flags: standard query, recurse + 0x01, 0x20, + // num questions + 0x00, 0x00, + // num answers + 0x00, 0x00, + // num authority RRs + 0x00, 0x00, + // num additional RRs + 0x00, 0x00, + }) + + // Empty OPT + f.Add([]byte{ + // header + 0xaf, 0x66, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, + // query + 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x03, 0x63, 0x6f, + 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01, + // OPT + 0x00, // name: + 0x00, 0x29, // type: OPT + 0x10, 0x00, // UDP payload size + 0x00, // higher bits in extended RCODE + 0x00, // EDNS0 version + 0x80, 0x00, // "Z" field + 0x00, 0x00, // data length + }) + + // Query for "google.com" + f.Add([]byte{ + // header + 0xaf, 0x66, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, + // query + 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x03, 0x63, 0x6f, + 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01, + // OPT + 0x00, 0x00, 0x29, 0x10, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, + 0x0c, 0x00, 0x0a, 0x00, 0x08, 0x62, 0x18, 0x1a, 0xcb, 0x19, + 0xd7, 0xee, 0x23, + }) + + f.Fuzz(func(t *testing.T, data []byte) { + clampEDNSSize(data, maxResponseBytes) + }) +}