Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tests: Add fuzzing harness for Socks5(...)
Browse files Browse the repository at this point in the history
@practicalswift
practicalswift committed Jul 9, 2020
1 parent e4703e1 commit 2a4d581
Showing 3 changed files with 45 additions and 0 deletions.
7 changes: 7 additions & 0 deletions src/Makefile.test.include
View file
Original file line number Diff line number Diff line change
@@ -124,6 +124,7 @@ FUZZ_TARGETS = \
test/fuzz/service_deserialize \
test/fuzz/signature_checker \
test/fuzz/snapshotmetadata_deserialize \
test/fuzz/socks5 \
test/fuzz/span \
test/fuzz/spanparsing \
test/fuzz/string \
@@ -1033,6 +1034,12 @@ test_fuzz_snapshotmetadata_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
test_fuzz_snapshotmetadata_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
test_fuzz_snapshotmetadata_deserialize_SOURCES = test/fuzz/deserialize.cpp

test_fuzz_socks5_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
test_fuzz_socks5_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_socks5_LDADD = $(FUZZ_SUITE_LD_COMMON)
test_fuzz_socks5_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS)
test_fuzz_socks5_SOURCES = test/fuzz/socks5.cpp

test_fuzz_span_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
test_fuzz_span_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_span_LDADD = $(FUZZ_SUITE_LD_COMMON)
31 changes: 31 additions & 0 deletions src/test/fuzz/socks5.cpp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
// Copyright (c) 2020 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

#include <netbase.h>
#include <test/fuzz/FuzzedDataProvider.h>
#include <test/fuzz/fuzz.h>
#include <test/fuzz/util.h>

#include <cstdint>
#include <string>
#include <vector>

bool Socks5(const std::string& strDest, int port, const ProxyCredentials* auth, Socket& socket);

void initialize()
{
InitializeFuzzingContext();
}

void test_one_input(const std::vector<uint8_t>& buffer)
{
FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
FuzzedSocket fuzzed_socket = ConsumeSocket(fuzzed_data_provider);
struct ProxyCredentials proxy_credentials;
proxy_credentials.username = fuzzed_data_provider.ConsumeRandomLengthString(512);
proxy_credentials.password = fuzzed_data_provider.ConsumeRandomLengthString(512);
// This Socks5(...) fuzzing harness would have caught CVE-2017-18350 within
// a few seconds of fuzzing.
(void)Socks5(fuzzed_data_provider.ConsumeRandomLengthString(512), fuzzed_data_provider.ConsumeIntegral<int>(), fuzzed_data_provider.ConsumeBool() ? &proxy_credentials : nullptr, fuzzed_socket);
}
7 changes: 7 additions & 0 deletions src/test/fuzz/util.h
View file
Original file line number Diff line number Diff line change
@@ -8,6 +8,7 @@
#include <amount.h>
#include <arith_uint256.h>
#include <attributes.h>
#include <chainparamsbase.h>
#include <coins.h>
#include <consensus/consensus.h>
#include <netbase.h>
@@ -18,6 +19,7 @@
#include <streams.h>
#include <test/fuzz/FuzzedDataProvider.h>
#include <test/fuzz/fuzz.h>
#include <test/util/setup_common.h>
#include <txmempool.h>
#include <uint256.h>
#include <version.h>
@@ -288,4 +290,9 @@ FuzzedSocket ConsumeSocket(FuzzedDataProvider& fuzzed_data_provider)
return FuzzedSocket{fuzzed_data_provider};
}

void InitializeFuzzingContext(const std::string& chain_name = CBaseChainParams::REGTEST)
{
static const BasicTestingSetup basic_testing_setup{chain_name, {"-nodebuglogfile"}};
}

#endif // BITCOIN_TEST_FUZZ_UTIL_H

0 comments on commit 2a4d581

Please sign in to comment.