1 files changed, 644 insertions, 0 deletions
diff --git a/fuzz/isc_lex_gettoken.in/named.conf b/fuzz/isc_lex_gettoken.in/named.conf
new file mode 100644
index 0000000..dd46100
--- /dev/null
+++ b/fuzz/isc_lex_gettoken.in/named.conf
@@ -0,0 +1,644 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*
+ * This is a worthless, nonrunnable example of a named.conf file that has
+ * every conceivable syntax element in use.  We use it to test the parser.
+ * It could also be used as a conceptual template for users of new features.
+ */
+
+/*
+ * C-style comments are OK
+ */
+
+// So are C++-style comments
+
+#So are shell - style comments
+
+// watch out for ";" -- it's important!
+
+options {
+	additional - from - auth true;
+	additional - from - cache false;
+
+	version "my version string";
+	random - device "/dev/random";
+	directory "/tmp";
+
+	port 666;
+
+	sig - validity - interval 33;
+
+#Obsolete
+	named - xfer "/usr/libexec/named-xfer"; // _PATH_XFER
+
+	dump - file "named_dump.db";	       // _PATH_DUMPFILE
+	pid - file "/var/run/named.pid";       // _PATH_PIDFILE
+	statistics - file "named.stats";       // _PATH_STATS
+	memstatistics - file "named.memstats"; // _PATH_MEMSTATS
+
+	max - cache - ttl 999;
+	min - cache - ttl 66;
+	auth - nxdomain yes; // always set AA on NXDOMAIN.
+			     // don't set this to 'no' unless
+			     // you know what you're doing -- older
+			     // servers won't like it.
+
+#Obsolete
+	deallocate - on - exit no;
+
+	dialup yes;
+
+#Obsolete
+	fake - iquery no;
+
+	fetch - glue yes;
+	has - old - clients yes;
+	host - statistics no;
+
+#Obsolete
+	multiple - cnames no; // if yes, then a name my have more
+			      // than one CNAME RR.  This use
+			      // is non-standard and is not
+			      // recommended, but it is available
+			      // because previous releases supported
+			      // it and it was used by large sites
+			      // for load balancing.
+
+	notify yes; // send NOTIFY messages.  You can set
+		    // notify on a zone-by-zone
+		    // basis in the "zone" statement
+		    // see (below)
+	recursion yes;
+	rfc2308 - type1 no;
+
+#Obsolete
+	use - id - pool yes;
+
+#Obsolete
+	treat - cr - as - space yes;
+
+	also - notify { 10.0.2.3; };
+
+	// The "forward" option is only meaningful if you've defined
+	// forwarders.  "first" gives the normal BIND
+	// forwarding behavior, i.e. ask the forwarders first, and if that
+	// doesn't work then do the full lookup.  You can also say
+	// "forward only;" which is what used to be specified with
+	// "secondary" or "options forward-only".  "only" will never attempt
+	// a full lookup; only the forwarders will be used.
+	forward first;
+	forwarders {
+		1.2.3.4;
+		5.6.7.8;
+	};
+
+	check - names primary fail;
+	check - names secondary warn;
+	check - names response ignore;
+
+	allow - query { any; };
+	allow - transfer { any; };
+	allow - recursion { !any; };
+	blackhole { 45 / 24; };
+	keep - response - order { 46 / 24; };
+
+	listen - on {
+		10 / 24;
+		10.0.0.3;
+	};
+
+	listen - on port 53 { any; };
+
+	listen - on { 5.6.7.8; };
+
+	listen - on port 1234 {
+		!1.2.3.4;
+		1.2.3 / 24;
+	};
+
+	listen - on - v6 { 1 : 1 : 1 : 1 : 1 : 1 : 1 : 1; };
+
+	listen - on - v6 port 777 { 2 : 2 : 2 : 2 : 2 : 2 : 2 : 2; };
+
+	query - source - v6 address 8 : 7 : 6 : 5 : 4 : 3 : 2 : 1 port *;
+	query - source port *address 10.0.0.54;
+
+	lame - ttl 444;
+
+	max - transfer - time - in 300;
+	max - transfer - time - out 10;
+	max - transfer - idle - in 100;
+	max - transfer - idle - out 11;
+
+	max - retry - time 1234;
+	min - retry - time 1111;
+	max - refresh - time 888;
+	min - refresh - time 777;
+
+	max - ncache - ttl 333;
+	min - ncache - ttl 22;
+	min - roots 15;
+	serial - queries 34;
+
+	transfer - format one - answer;
+
+	transfers - in 10;
+	transfers - per - ns 2;
+	transfers - out 0;
+
+	transfer - source 10.0.0.5;
+	transfer - source - v6 4 : 3 : 2 : 1 : 5 : 6 : 7 : 8;
+
+	request - ixfr yes;
+	provide - ixfr yes;
+
+#Now called 'provide-ixfr'
+#maintain - ixfr - base no; // If yes, keep transaction log file for IXFR
+
+	max - ixfr - log - size 20m;
+	coresize 100;
+	datasize 101;
+	files 230;
+	max - cache - size 1m;
+	stacksize 231;
+	heartbeat - interval 1001;
+	interface - interval 1002;
+	statistics - interval 1003;
+
+	topology {
+		10 / 8;
+
+		!1.2.3 / 24;
+
+		{
+			1.2 / 16;
+			3 / 8;
+		};
+	};
+
+	sortlist {
+		10 / 8;
+		11 / 8;
+	};
+
+	tkey - domain "foo.com";
+	tkey - dhkey "xyz" 666;
+
+	rrset - order {
+		class IN type A name "foo" order random;
+		order cyclic;
+	};
+};
+
+/*
+ * Control listeners, for "ndc".  Every nameserver needs at least one.
+ */
+controls {
+	// 'inet' lines without a 'port' defaults to 'port 953'
+	// 'keys' must be used and the list must have at least one entry
+	inet *port 52 allow { any; }
+	keys { "key2"; };
+	unix "/var/run/ndc" perm 0600 owner 0 group 0; // ignored by named.
+	inet 10.0.0.1 allow {
+		any;
+		key foo;
+	}
+	keys { "key4"; };
+	inet 10.0.0.2 allow { none; }
+	keys {
+		"key-1";
+		"key-2";
+	};
+	inet 10.0.0.2 allow { none; };
+};
+
+zone "primary.demo.zone" {
+	type primaryr;
+	database "somedb -option1 -option2 arg1 arg2 arg3";
+	file "primary.demo.zone";
+	check - names fail;
+	allow - update { none; };
+	allow - update - forwarding {
+		10.0.0.5;
+		!any;
+	};
+	allow - transfer { any; };
+	allow - query { any; };
+	sig - validity - interval 990;
+	notify explicit;
+	also - notify {
+		1.0.0.1;
+	}; // don't notify any nameservers other
+	   // than those on the NS list for this
+	   // zone
+	forward first;
+	forwarders {
+		10.0.0.3;
+		1 : 2 : 3 : 4 : 5 : 6 : 7 : 8;
+	};
+};
+
+zone "secondary.demo.zone" {
+	type secondary;
+	file "secondary.demo.zone";
+	ixfr - base "secondary.demo.zone.ixfr"; // File name for IXFR transaction
+					    // log file
+	primaries {
+		1.2.3.4 port 10 key "foo"; // where to zone transfer from
+		5.6.7.8;
+		6.7.8.9 key "zippo";
+	};
+	transfer - source 10.0.0.53; // fixes multihoming problems
+	check - names warn;
+	allow - update { none; };
+	allow - transfer { any; };
+	allow - update - forwarding { any; };
+	allow - query { any; };
+	max - transfer - time - in 120; // if not set, global option is used.
+	max - transfer - time - out 1;	// if not set, global option is used.
+	max - transfer - idle - in 2;	// if not set, global option is used.
+	max - transfer - idle - out 3;	// if not set, global option is used.
+	also - notify { 1.0.0.2; };
+	forward only;
+	forwarders {
+		10.45.45.45;
+		10.0.0.3;
+		1 : 2 : 3 : 4 : 5 : 6 : 7 : 8;
+	};
+};
+
+key "non-viewkey" {
+	secret "YWFh";
+	algorithm "zzz";
+};
+
+view "test-view" in {
+	key "viewkey" {
+		algorithm "xxx";
+		secret "eXl5";
+	};
+	also - notify { 10.2.2.3; };
+	managed - keys { foo.com.static 4 3 2 "abdefghijklmnopqrstuvwxyz"; };
+	sig - validity - interval 45;
+	max - cache - size 100000;
+	allow - query { 10.0.0.30; };
+	additional - from - cache false;
+	additional - from - auth no;
+	match - clients { 10.0.0.1; };
+	check - names primary warn;
+	check - names secondary ignore;
+	check - names response fail;
+	auth - nxdomain false;
+	recursion true;
+	provide - ixfr false;
+	request - ixfr true;
+	fetch - glue true;
+	notify false;
+	rfc2308 - type1 false;
+	transfer - source 10.0.0.55;
+	transfer - source - v6 4 : 3 : 8 : 1 : 5 : 6 : 7 : 8;
+	query - source port *address 10.0.0.54;
+	query - source - v6 address 6 : 6 : 6 : 6 : 6 : 6 : 6 : 6 port *;
+	max - transfer - time - out 45;
+	max - transfer - idle - out 55;
+	min - roots 3;
+	lame - ttl 477;
+	max - ncache - ttl 333;
+	max - cache - ttl 777;
+	transfer - format many - answers;
+	max - retry - time 7;
+	min - retry - time 4;
+	max - refresh - time 999;
+	min - refresh - time 111;
+
+	zone "view-zone.com" {
+		type primary;
+		allow - update - forwarding { 10.0.0.34; };
+		file "view-zone-primary";
+	};
+
+	server 5.6.7.8 { keys "viewkey"; };
+
+	server 10.9.8.7 { keys "non-viewkey"; };
+	dialup yes;
+};
+
+zone "stub.demo.zone" {
+	type stub; // stub zones are like secondary zones,
+		   // except that only the NS records
+		   // are transferred.
+	dialup yes;
+	file "stub.demo.zone";
+	primaries {
+		1.2.3.4; // where to zone transfer from
+		5.6.7.8 port 999;
+	};
+	check - names warn;
+	allow - update { none; };
+	allow - transfer { any; };
+	allow - query { any; };
+
+	max - retry - time 10;
+	min - retry - time 11;
+	max - refresh - time 12;
+	min - refresh - time 13;
+
+	max - transfer - time - in 120; // if not set, global option is used.
+	pubkey 257 255 1 "a useless key";
+	pubkey 257 255 1 "another useless key";
+};
+
+zone "." {
+	type hint; // used to be specified w/ "cache"
+	file "cache.db";
+	//	pubkey 257 255 1
+	//"AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
+};
+
+managed - keys {
+	"." static 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/"
+			     "KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP"
+			     "/rick6gvEer5VcDEkLR5Q==";
+};
+
+acl can_query {
+	!1.2.3 / 24;
+	any;
+}; // network 1.2.3.0 mask 255.255.255.0
+   // is disallowed; rest are OK
+acl can_axfr {
+	1.2.3.4;
+	can_query;
+}; // host 1.2.3.4 and any host allowed
+   // by can_query are OK
+
+zone "disabled-zone.com" {
+	type primary;
+	file "bar";
+
+	max - retry - time 100;
+	min - retry - time 110;
+	max - refresh - time 120;
+	min - refresh - time 130;
+};
+
+zone "non-default-acl.demo.zone" {
+	type primary;
+	file "foo";
+	allow - query { can_query; };
+	allow - transfer { can_axfr; };
+	allow - update {
+		1.2.3.4;
+		5.6.7.8;
+	};
+	pubkey 666 665 664 "key of the beast";
+	// Errors trapped by parser:
+	//	identity or name not absolute
+	//	'wildcard' match type and no wildcard character in name
+	//
+	// issues:
+	//	- certain rdatatype values (such as "key") are config file
+	// keywords and
+	// 	  must be quoted or a syntax error will occur.
+	//
+
+	update - policy {
+		grant root.domain.subdomain host.domain.A MX CNAME;
+		grant sub.root.domain.wildcard *.host.domain.A;
+		grant root.domain.name host.domain.a ns md mf cname soa mb mg mr
+			"null" wks ptr hinfo minfo mx txt rp afsdb x25 isdn rt
+				nsap sig "key" px gpos aaaa loc nxt srv naptr kx
+					cert a6 dname opt unspec uri tkey tsig;
+		grant foo.bar.com.self foo.bar.com.a;
+	};
+};
+
+key sample_key {			   // for TSIG; supported by parser
+	algorithm hmac - md5;		   // but not yet implemented in the
+	secret "eW91ciBzZWNyZXQgaGVyZQ=="; // rest of the server
+};
+
+key key2 {
+	algorithm hmac - md5;
+	secret "ZXJlaCB0ZXJjZXMgcm91eQ==";
+};
+
+acl key_acl { key sample_key; }; // a request signed with sample_key
+
+server 1.2.3.4 {
+	request - ixfr no;
+	provide - ixfr no;
+	bogus no;			// if yes, we won't query or listen
+					// to this server
+	transfer - format one - answer; // set transfer format for this
+					// server (see the description of
+					// 'transfer-format' above)
+					// if not specified, the global option
+					// will be used
+	transfers 0;			// not implemented
+	keys{ "sample_key" };		// for TSIG; supported by the parser
+					// but not yet implemented in the
+					// rest of the server
+#Now called 'request-ixfr'
+#support - ixfr yes; // for IXFR supported by server
+		     // if yes, the listed server talks IXFR
+};
+
+logging {
+	/*
+	 * All log output goes to one or more "channels"; you can make as
+	 * many of them as you want.
+	 */
+
+	channel syslog_errors { // this channel will send errors or
+		syslog user;	// or worse to syslog (user facility)
+		severity error;
+	};
+
+	channel stderr_errors { stderr; };
+
+	/*
+	 * Channels have a severity level.  Messages at severity levels
+	 * greater than or equal to the channel's level will be logged on
+	 * the channel.  In order of decreasing severity, the levels are:
+	 *
+	 * 	critical		a fatal error
+	 *	error
+	 *	warning
+	 *	notice			a normal, but significant event
+	 *	info			an informational message
+	 *	debug 1			the least detailed debugging info
+	 *	...
+	 *	debug 99		the most detailed debugging info
+	 */
+
+	/*
+	 * Here are the built-in channels:
+	 *
+	 * 	channel default_syslog {
+	 *		syslog daemon;
+	 *		severity info;
+	 *	};
+	 *
+	 *	channel default_debug {
+	 *		file "named.run";	// note: stderr is used instead
+	 *					// of "named.run" if the server
+	 *					// is started with the "-f"
+	 *					// option.
+	 *		severity dynamic;	// this means log debugging
+	 *					// at whatever debugging level
+	 *					// the server is at, and don't
+	 *					// log anything if not
+	 *					// debugging.
+	 *	};
+	 *
+	 *	channel null {			// this is the bit bucket;
+	 *		file "/dev/null";	// any logging to this channel
+	 *					// is discarded.
+	 *	};
+	 *
+	 *	channel default_stderr {	// writes to stderr
+	 *		file "<stderr>";	// this is illustrative only;
+	 *					// there's currently no way
+	 *					// of saying "stderr" in the
+	 *					// configuration language.
+	 *					// i.e. don't try this at home.
+	 *		severity info;
+	 *	};
+	 *
+	 *	default_stderr only works before the server daemonizes (i.e.
+	 *	during initial startup) or when it is running in foreground
+	 *	mode (-f command line option).
+	 */
+
+	/*
+	 * There are many categories, so you can send the logs
+	 * you want to see wherever you want, without seeing logs you
+	 * don't want.  Right now the categories are
+	 *
+	 *	default			the catch-all.  many things still
+	 *				aren't classified into categories, and
+	 *				they all end up here.  also, if you
+	 *				don't specify any channels for a
+	 *				category, the default category is used
+	 *				instead.
+	 *	config			high-level configuration file
+	 *				processing
+	 *	parser			low-level configuration file processing
+	 *	queries			what used to be called "query logging"
+	 *	lame-servers		messages like "Lame server on ..."
+	 *	statistics
+	 *	panic			if the server has to shut itself
+	 *				down due to an internal problem, it
+	 *				logs the problem here (as well as
+	 *				in the problem's native category)
+	 *	update			dynamic update
+	 *	ncache			negative caching
+	 *	xfer-in			zone transfers we're receiving
+	 *	xfer-out		zone transfers we're sending
+	 *	db			all database operations
+	 *	eventlib		debugging info from the event system
+	 *				(see below)
+	 *	packet			dumps of packets received and sent
+	 *				(see below)
+	 *	notify			the NOTIFY protocol
+	 *	cname			messages like "XX points to a CNAME"
+	 *	security		approved/unapproved requests
+	 *	os			operating system problems
+	 *	insist			consistency check failures
+	 *	maintenance		periodic maintenance
+	 *	load			zone loading
+	 *	response-checks		messages like
+	 *				"Malformed response ..."
+	 *				"wrong ans. name ..."
+	 *				"unrelated additional info ..."
+	 *				"invalid RR type ..."
+	 *				"bad referral ..."
+	 */
+
+	category parser {
+		syslog_errors;	// you can log to as many channels
+		default_syslog; // as you want
+	};
+
+	category lame - servers { null; }; // don't log these at all
+
+	channel moderate_debug {
+		file "foo";	      // foo
+		severity debug 3;     // level 3 debugging to file
+		print - time yes;     // timestamp log entries
+		print - category yes; // print category name
+		print - severity yes; // print severity level
+				      /*
+				       * Note that debugging must have been turned on either
+				       * on the command line or with a signal to get debugging
+				       * output (non-debugging output will still be written to
+				       * this channel).
+				       */
+	};
+
+	channel another {
+		file "bar" versions 99 size 10M;
+		severity info;
+	};
+
+	channel third {
+		file "bar" size 100000 versions unlimited;
+		severity debug; // use default debug level
+	};
+
+	/*
+	 * If you don't want to see "zone XXXX loaded" messages but do
+	 * want to see any problems, you could do the following.
+	 */
+	channel no_info_messages {
+		syslog;
+		severity notice;
+	};
+
+	category load { no_info_messages; };
+
+	/*
+	 * You can also define category "default"; it gets used when no
+	 * "category" statement has been given for a category.
+	 */
+	category default {
+		default_syslog;
+		moderate_debug;
+	};
+
+	/*
+	 * If you don't define category default yourself, the default
+	 * default category will be used.  It is
+	 *
+	 * 	category default { default_syslog; default_debug; };
+	 */
+
+	/*
+	 * If you don't define category panic yourself, the default
+	 * panic category will be used.  It is
+	 *
+	 * 	category panic { default_syslog; default_stderr; };
+	 */
+
+	/*
+	 * Two categories, 'packet' and 'eventlib', are special.  Only one
+	 * channel may be assigned to each of them, and it must be a
+	 * file channel.  If you don't define them  yourself, they default to
+	 *
+	 *	category eventlib { default_debug; };
+	 *
+	 *	category packet { default_debug; };
+	 */
+};
+
+#include "filename"; // can't do within a statement