From 8ebfd8abbbcfb7161237566d78eb8cc0a3dff1e6 Mon Sep 17 00:00:00 2001
From: chantra <chantra@users.noreply.github.com>
Date: Wed, 2 Oct 2019 23:37:56 -0700
Subject: [PATCH] [fuzz] Fix crashes when parsing GENERATE (#1016)

* [fuzz] Fix crashes when parsing GENERATE

Running the fuzzer on NewRR, some crashes came up that could be
prevented by checking that the token after the range is a Blank.
This diff checks that and return an error when the blank is not found.

* * s/Expect blank /garbage /
* get rid of if/else
---
 generate.go      |  6 +++++-
 generate_test.go | 25 +++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/generate.go b/generate.go
index 97bc39f5..f7b94037 100644
--- a/generate.go
+++ b/generate.go
@@ -53,7 +53,11 @@ func (zp *ZoneParser) generate(l lex) (RR, bool) {
 		return zp.setParseError("bad range in $GENERATE range", l)
 	}
 
-	zp.c.Next() // _BLANK
+	// _BLANK
+	l, ok := zp.c.Next()
+	if !ok || l.value != zBlank {
+			return zp.setParseError("garbage after $GENERATE range", l)
+	}
 
 	// Create a complete new string, which we then parse again.
 	var s string
diff --git a/generate_test.go b/generate_test.go
index 6ba78aa7..e638c266 100644
--- a/generate_test.go
+++ b/generate_test.go
@@ -204,3 +204,28 @@ $GENERATE 32-158 dhcp-${-32,4,d} A 10.0.0.$
 		}
 	}
 }
+
+
+
+func TestCrasherString(t *testing.T) {
+	tests := []struct{
+	in  string
+	err string
+}{
+		{"$GENERATE 0-300103\"$$GENERATE 2-2", "dns: garbage after $GENERATE range: \"\\\"\" at line: 1:19"},
+		{"$GENERATE 0-5414137360", "dns: garbage after $GENERATE range: \"\\n\" at line: 1:22"},
+		{"$GENERATE       11522-3668518066406258", "dns: garbage after $GENERATE range: \"\\n\" at line: 1:38"},
+		{"$GENERATE 0-200\"(;00000000000000\n$$GENERATE 0-0", "dns: garbage after $GENERATE range: \"\\\"\" at line: 1:16"},
+	}
+	for _, tc := range tests {
+		t.Run(tc.in, func(t *testing.T) {
+			_, err := NewRR(tc.in)
+			if err == nil {
+				t.Errorf("Expecting error for crasher line %s", tc.in)
+			}
+			if tc.err != err.Error() {
+				t.Errorf("Expecting error %s, got %s", tc.err, err.Error())
+			}
+		})
+	}
+}