socks5.cpp
1 // Copyright (c) 2020-present The Bitcoin Core developers 2 // Distributed under the MIT software license, see the accompanying 3 // file COPYING or http://www.opensource.org/licenses/mit-license.php. 4 5 #include <netaddress.h> 6 #include <netbase.h> 7 #include <test/fuzz/FuzzedDataProvider.h> 8 #include <test/fuzz/fuzz.h> 9 #include <test/fuzz/util.h> 10 #include <test/fuzz/util/net.h> 11 #include <test/util/setup_common.h> 12 #include <util/time.h> 13 14 #include <cstdint> 15 #include <string> 16 #include <vector> 17 18 extern std::chrono::milliseconds g_socks5_recv_timeout; 19 20 namespace { 21 decltype(g_socks5_recv_timeout) default_socks5_recv_timeout; 22 }; 23 24 void initialize_socks5() 25 { 26 static const auto testing_setup = MakeNoLogFileContext<const BasicTestingSetup>(); 27 default_socks5_recv_timeout = g_socks5_recv_timeout; 28 } 29 30 FUZZ_TARGET(socks5, .init = initialize_socks5) 31 { 32 FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()}; 33 SetMockTime(ConsumeTime(fuzzed_data_provider)); 34 ProxyCredentials proxy_credentials; 35 proxy_credentials.username = fuzzed_data_provider.ConsumeRandomLengthString(512); 36 proxy_credentials.password = fuzzed_data_provider.ConsumeRandomLengthString(512); 37 if (fuzzed_data_provider.ConsumeBool()) { 38 g_socks5_interrupt(); 39 } 40 // Set FUZZED_SOCKET_FAKE_LATENCY=1 to exercise recv timeout code paths. This 41 // will slow down fuzzing. 42 g_socks5_recv_timeout = (fuzzed_data_provider.ConsumeBool() && std::getenv("FUZZED_SOCKET_FAKE_LATENCY") != nullptr) ? 1ms : default_socks5_recv_timeout; 43 FuzzedSock fuzzed_sock = ConsumeSock(fuzzed_data_provider); 44 // This Socks5(...) fuzzing harness would have caught CVE-2017-18350 within 45 // a few seconds of fuzzing. 46 auto str_dest = fuzzed_data_provider.ConsumeRandomLengthString(512); 47 auto port = fuzzed_data_provider.ConsumeIntegral<uint16_t>(); 48 auto* auth = fuzzed_data_provider.ConsumeBool() ? &proxy_credentials : nullptr; 49 (void)Socks5(str_dest, port, auth, fuzzed_sock); 50 }