Cradicle Explorer
bitcoin
/ src / test / fuzz / socks5.cpp
socks5.cpp
 1  // Copyright (c) 2020-present The Bitcoin Core developers
 2  // Distributed under the MIT software license, see the accompanying
 3  // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 4  
 5  #include <netaddress.h>
 6  #include <netbase.h>
 7  #include <test/fuzz/FuzzedDataProvider.h>
 8  #include <test/fuzz/fuzz.h>
 9  #include <test/fuzz/util.h>
10  #include <test/fuzz/util/net.h>
11  #include <test/util/setup_common.h>
12  #include <test/util/time.h>
13  #include <util/time.h>
14  
15  #include <cstdint>
16  #include <string>
17  #include <vector>
18  
19  extern std::chrono::milliseconds g_socks5_recv_timeout;
20  
21  namespace {
22  decltype(g_socks5_recv_timeout) default_socks5_recv_timeout;
23  };
24  
25  void initialize_socks5()
26  {
27      static const auto testing_setup = MakeNoLogFileContext<const BasicTestingSetup>();
28      default_socks5_recv_timeout = g_socks5_recv_timeout;
29  }
30  
31  FUZZ_TARGET(socks5, .init = initialize_socks5)
32  {
33      FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
34      NodeClockContext clock_ctx{ConsumeTime(fuzzed_data_provider)};
35      ProxyCredentials proxy_credentials;
36      proxy_credentials.username = fuzzed_data_provider.ConsumeRandomLengthString(512);
37      proxy_credentials.password = fuzzed_data_provider.ConsumeRandomLengthString(512);
38      if (fuzzed_data_provider.ConsumeBool()) {
39          g_socks5_interrupt();
40      }
41      // Set FUZZED_SOCKET_FAKE_LATENCY=1 to exercise recv timeout code paths. This
42      // will slow down fuzzing.
43      g_socks5_recv_timeout = (fuzzed_data_provider.ConsumeBool() && std::getenv("FUZZED_SOCKET_FAKE_LATENCY") != nullptr) ? 1ms : default_socks5_recv_timeout;
44      FuzzedSock fuzzed_sock = ConsumeSock(fuzzed_data_provider);
45      // This Socks5(...) fuzzing harness would have caught CVE-2017-18350 within
46      // a few seconds of fuzzing.
47      auto str_dest = fuzzed_data_provider.ConsumeRandomLengthString(512);
48      auto port = fuzzed_data_provider.ConsumeIntegral<uint16_t>();
49      auto* auth = fuzzed_data_provider.ConsumeBool() ? &proxy_credentials : nullptr;
50      (void)Socks5(str_dest, port, auth, fuzzed_sock);
51  }