LCOV - code coverage report
Current view: top level - src/test/fuzz - socks5.cpp (source / functions) Hit Total Coverage
Test: fuzz_coverage.info Lines: 5 20 25.0 %
Date: 2023-09-26 12:08:55 Functions: 6 8 75.0 % 

          Line data    Source code
       1             : // Copyright (c) 2020-2022 The Bitcoin Core developers
       2             : // Distributed under the MIT software license, see the accompanying
       3             : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
       4             : 
       5             : #include <netaddress.h>
       6             : #include <netbase.h>
       7             : #include <test/fuzz/FuzzedDataProvider.h>
       8             : #include <test/fuzz/fuzz.h>
       9             : #include <test/fuzz/util.h>
      10             : #include <test/fuzz/util/net.h>
      11             : #include <test/util/setup_common.h>
      12             : 
      13             : #include <cstdint>
      14             : #include <string>
      15             : #include <vector>
      16             : 
      17           2 : extern std::chrono::milliseconds g_socks5_recv_timeout;
      18           2 : 
      19             : namespace {
      20             : decltype(g_socks5_recv_timeout) default_socks5_recv_timeout;
      21             : };
      22             : 
      23           0 : void initialize_socks5()
      24             : {
      25           0 :     static const auto testing_setup = MakeNoLogFileContext<const BasicTestingSetup>();
      26           0 :     default_socks5_recv_timeout = g_socks5_recv_timeout;
      27           0 : }
      28             : 
      29           4 : FUZZ_TARGET(socks5, .init = initialize_socks5)
      30             : {
      31           0 :     FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
      32           0 :     ProxyCredentials proxy_credentials;
      33           0 :     proxy_credentials.username = fuzzed_data_provider.ConsumeRandomLengthString(512);
      34           0 :     proxy_credentials.password = fuzzed_data_provider.ConsumeRandomLengthString(512);
      35           0 :     InterruptSocks5(fuzzed_data_provider.ConsumeBool());
      36             :     // Set FUZZED_SOCKET_FAKE_LATENCY=1 to exercise recv timeout code paths. This
      37             :     // will slow down fuzzing.
      38           0 :     g_socks5_recv_timeout = (fuzzed_data_provider.ConsumeBool() && std::getenv("FUZZED_SOCKET_FAKE_LATENCY") != nullptr) ? 1ms : default_socks5_recv_timeout;
      39           0 :     FuzzedSock fuzzed_sock = ConsumeSock(fuzzed_data_provider);
      40             :     // This Socks5(...) fuzzing harness would have caught CVE-2017-18350 within
      41             :     // a few seconds of fuzzing.
      42           0 :     (void)Socks5(fuzzed_data_provider.ConsumeRandomLengthString(512),
      43           0 :                  fuzzed_data_provider.ConsumeIntegral<uint16_t>(),
      44           0 :                  fuzzed_data_provider.ConsumeBool() ? &proxy_credentials : nullptr,
      45             :                  fuzzed_sock);
      46           0 : }

Generated by: LCOV version 1.14