Branch data Line data Source code
1 : : // Copyright (c) 2020-2022 The Bitcoin Core developers 2 : : // Distributed under the MIT software license, see the accompanying 3 : : // file COPYING or http://www.opensource.org/licenses/mit-license.php. 4 : : 5 : : #include <netaddress.h> 6 : : #include <netbase.h> 7 : : #include <test/fuzz/FuzzedDataProvider.h> 8 : : #include <test/fuzz/fuzz.h> 9 : : #include <test/fuzz/util.h> 10 : : #include <test/fuzz/util/net.h> 11 : : #include <test/util/setup_common.h> 12 : : 13 : : #include <cstdint> 14 : : #include <string> 15 : : #include <vector> 16 : : 17 : : extern std::chrono::milliseconds g_socks5_recv_timeout; 18 : : 19 : : namespace { 20 : : decltype(g_socks5_recv_timeout) default_socks5_recv_timeout; 21 : : }; 22 : : 23 : 0 : void initialize_socks5() 24 : : { 25 [ # # ][ # # ]: 0 : static const auto testing_setup = MakeNoLogFileContext<const BasicTestingSetup>(); [ # # ] 26 : 0 : default_socks5_recv_timeout = g_socks5_recv_timeout; 27 : 0 : } 28 : : 29 [ + - ]: 4 : FUZZ_TARGET(socks5, .init = initialize_socks5) 30 : : { 31 : 0 : FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()}; 32 : 0 : ProxyCredentials proxy_credentials; 33 [ # # ]: 0 : proxy_credentials.username = fuzzed_data_provider.ConsumeRandomLengthString(512); 34 [ # # ]: 0 : proxy_credentials.password = fuzzed_data_provider.ConsumeRandomLengthString(512); 35 [ # # ][ # # ]: 0 : if (fuzzed_data_provider.ConsumeBool()) { 36 [ # # ]: 0 : g_socks5_interrupt(); 37 : 0 : } 38 : : // Set FUZZED_SOCKET_FAKE_LATENCY=1 to exercise recv timeout code paths. This 39 : : // will slow down fuzzing. 40 [ # # ][ # # ]: 0 : g_socks5_recv_timeout = (fuzzed_data_provider.ConsumeBool() && std::getenv("FUZZED_SOCKET_FAKE_LATENCY") != nullptr) ? 1ms : default_socks5_recv_timeout; [ # # ][ # # ] 41 [ # # ]: 0 : FuzzedSock fuzzed_sock = ConsumeSock(fuzzed_data_provider); 42 : : // This Socks5(...) fuzzing harness would have caught CVE-2017-18350 within 43 : : // a few seconds of fuzzing. 44 [ # # ][ # # ]: 0 : (void)Socks5(fuzzed_data_provider.ConsumeRandomLengthString(512), 45 [ # # ]: 0 : fuzzed_data_provider.ConsumeIntegral<uint16_t>(), 46 [ # # ][ # # ]: 0 : fuzzed_data_provider.ConsumeBool() ? &proxy_credentials : nullptr, 47 : : fuzzed_sock); 48 : 0 : }