sikkienl/dash
1
0
Fork 0
mirror of https://github.com/dashpay/dash.git synced 2024-12-25 20:12:57 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

merge bitcoin#18512: Improve asmap checks and add sanity check

Browse Source
This commit is contained in:
Kittywhiskers Van Gogh 2022-03-25 00:58:20 +05:30
parent c4491309dc
commit 55abb1ecec
8 changed files with 211 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Makefile.test.include
View File

@ -9,6 +9,7 @@ FUZZ_TARGETS = \
test/fuzz/address_deserialize \ test/fuzz/address_deserialize \
test/fuzz/addrman_deserialize \ test/fuzz/addrman_deserialize \
test/fuzz/asmap \ test/fuzz/asmap \
test/fuzz/asmap_direct \
test/fuzz/banentry_deserialize \ test/fuzz/banentry_deserialize \
test/fuzz/base_encode_decode \ test/fuzz/base_encode_decode \
test/fuzz/bech32 \ test/fuzz/bech32 \
@ -292,6 +293,12 @@ test_fuzz_asmap_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_asmap_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS) test_fuzz_asmap_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_asmap_LDADD = $(FUZZ_SUITE_LD_COMMON) test_fuzz_asmap_LDADD = $(FUZZ_SUITE_LD_COMMON)
test_fuzz_asmap_direct_SOURCES = $(FUZZ_SUITE) test/fuzz/asmap_direct.cpp
test_fuzz_asmap_direct_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
test_fuzz_asmap_direct_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
test_fuzz_asmap_direct_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
test_fuzz_asmap_direct_LDADD = $(FUZZ_SUITE_LD_COMMON)
test_fuzz_blockheader_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp test_fuzz_blockheader_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
test_fuzz_blockheader_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOCKHEADER_DESERIALIZE=1 test_fuzz_blockheader_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DBLOCKHEADER_DESERIALIZE=1
test_fuzz_blockheader_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) test_fuzz_blockheader_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)

4
src/addrman.cpp
View File

@ -680,5 +680,9 @@ std::vector<bool> CAddrMan::DecodeAsmap(fs::path path)
bits.push_back((cur_byte >> bit) & 1); bits.push_back((cur_byte >> bit) & 1);
} }
} }
if (!SanityCheckASMap(bits)) {
LogPrintf("Sanity check of asmap file %s failed\n", path);
return {};
}
return bits; return bits;
} }

5
src/netaddress.cpp
View File

@ -1095,3 +1095,8 @@ bool operator<(const CSubNet& a, const CSubNet& b)
{ {
return (a.network < b.network || (a.network == b.network && memcmp(a.netmask, b.netmask, 16) < 0)); return (a.network < b.network || (a.network == b.network && memcmp(a.netmask, b.netmask, 16) < 0));
} }
bool SanityCheckASMap(const std::vector<bool>& asmap)
{
return SanityCheckASMap(asmap, 128); // For IP address lookups, the input is 128 bits
}

2
src/netaddress.h
View File

@ -530,4 +530,6 @@ class CService : public CNetAddr
} }
}; };
bool SanityCheckASMap(const std::vector<bool>& asmap);
#endif // BITCOIN_NETADDRESS_H #endif // BITCOIN_NETADDRESS_H

56
src/test/fuzz/asmap.cpp
View File

@ -3,26 +3,58 @@
// file COPYING or http://www.opensource.org/licenses/mit-license.php. // file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include <netaddress.h> #include <netaddress.h>
#include <test/fuzz/FuzzedDataProvider.h>
#include <test/fuzz/fuzz.h> #include <test/fuzz/fuzz.h>
#include <util/asmap.h>
#include <cstdint> #include <cstdint>
#include <vector> #include <vector>
//! asmap code that consumes nothing
static const std::vector<bool> IPV6_PREFIX_ASMAP = {};
//! asmap code that consumes the 96 prefix bits of ::ffff:0/96 (IPv4-in-IPv6 map)
static const std::vector<bool> IPV4_PREFIX_ASMAP = {
true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
true, true, false, true, true, true, true, true, true, true, false, false, false, false, false, false, false, false, // Match 0x00
true, true, false, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, // Match 0xFF
true, true, false, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true // Match 0xFF
};
void test_one_input(const std::vector<uint8_t>& buffer) void test_one_input(const std::vector<uint8_t>& buffer)
{ {
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size()); // Encoding: [7 bits: asmap size] [1 bit: ipv6?] [3-130 bytes: asmap] [4 or 16 bytes: addr]
const Network network = fuzzed_data_provider.PickValueInArray({NET_IPV4, NET_IPV6}); if (buffer.size() < 1 + 3 + 4) return;
if (fuzzed_data_provider.remaining_bytes() < 16) { int asmap_size = 3 + (buffer[0] & 127);
return; bool ipv6 = buffer[0] & 128;
} const size_t addr_size = ipv6 ? ADDR_IPV6_SIZE : ADDR_IPV4_SIZE;
CNetAddr net_addr; if (buffer.size() < size_t(1 + asmap_size + addr_size)) return;
net_addr.SetRaw(network, fuzzed_data_provider.ConsumeBytes<uint8_t>(16).data()); std::vector<bool> asmap = ipv6 ? IPV6_PREFIX_ASMAP : IPV4_PREFIX_ASMAP;
std::vector<bool> asmap; asmap.reserve(asmap.size() + 8 * asmap_size);
for (const char cur_byte : fuzzed_data_provider.ConsumeRemainingBytes<char>()) { for (int i = 0; i < asmap_size; ++i) {
for (int bit = 0; bit < 8; ++bit) { for (int j = 0; j < 8; ++j) {
asmap.push_back((cur_byte >> bit) & 1); asmap.push_back((buffer[1 + i] >> j) & 1);
} }
} }
if (!SanityCheckASMap(asmap, 128)) return;
const uint8_t* addr_data = buffer.data() + 1 + asmap_size;
CNetAddr net_addr;
if (ipv6) {
assert(addr_size == ADDR_IPV6_SIZE);
net_addr.SetLegacyIPv6({addr_data, addr_size});
} else {
assert(addr_size == ADDR_IPV4_SIZE);
in_addr ipv4;
memcpy(&ipv4, addr_data, addr_size);
net_addr.SetIP(CNetAddr{ipv4});
}
(void)net_addr.GetMappedAS(asmap); (void)net_addr.GetMappedAS(asmap);
} }

46
src/test/fuzz/asmap_direct.cpp Normal file
View File

@ -0,0 +1,46 @@
// Copyright (c) 2020 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include <util/asmap.h>
#include <test/fuzz/fuzz.h>
#include <cstdint>
#include <vector>
#include <assert.h>
void test_one_input(const std::vector<uint8_t>& buffer)
{
// Encoding: [asmap using 1 bit / byte] 0xFF [addr using 1 bit / byte]
bool have_sep = false;
size_t sep_pos;
for (size_t pos = 0; pos < buffer.size(); ++pos) {
uint8_t x = buffer[pos];
if ((x & 0xFE) == 0) continue;
if (x == 0xFF) {
if (have_sep) return;
have_sep = true;
sep_pos = pos;
} else {
return;
}
}
if (!have_sep) return; // Needs exactly 1 separator
if (buffer.size() - sep_pos - 1 > 128) return; // At most 128 bits in IP address
// Checks on asmap
std::vector<bool> asmap(buffer.begin(), buffer.begin() + sep_pos);
if (SanityCheckASMap(asmap, buffer.size() - 1 - sep_pos)) {
// Verify that for valid asmaps, no prefix (except up to 7 zero padding bits) is valid.
std::vector<bool> asmap_prefix = asmap;
while (!asmap_prefix.empty() && asmap_prefix.size() + 7 > asmap.size() && asmap_prefix.back() == false) asmap_prefix.pop_back();
while (!asmap_prefix.empty()) {
asmap_prefix.pop_back();
assert(!SanityCheckASMap(asmap_prefix, buffer.size() - 1 - sep_pos));
}
// No address input should trigger assertions in interpreter
std::vector<bool> addr(buffer.begin() + sep_pos + 1, buffer.end());
(void)Interpret(asmap, addr);
}
}

113
src/util/asmap.cpp
View File

@ -2,11 +2,15 @@
// Distributed under the MIT software license, see the accompanying // Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php. // file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include <assert.h>
#include <map>
#include <vector> #include <vector>
#include <crypto/common.h> #include <crypto/common.h>
namespace { namespace {
constexpr uint32_t INVALID = 0xFFFFFFFF;
uint32_t DecodeBits(std::vector<bool>::const_iterator& bitpos, const std::vector<bool>::const_iterator& endpos, uint8_t minval, const std::vector<uint8_t> &bit_sizes) uint32_t DecodeBits(std::vector<bool>::const_iterator& bitpos, const std::vector<bool>::const_iterator& endpos, uint8_t minval, const std::vector<uint8_t> &bit_sizes)
{ {
uint32_t val = minval; uint32_t val = minval;
@ -24,7 +28,7 @@ uint32_t DecodeBits(std::vector<bool>::const_iterator& bitpos, const std::vector
val += (1 << *bit_sizes_it); val += (1 << *bit_sizes_it);
} else { } else {
for (int b = 0; b < *bit_sizes_it; b++) { for (int b = 0; b < *bit_sizes_it; b++) {
if (bitpos == endpos) break; if (bitpos == endpos) return INVALID; // Reached EOF in mantissa
bit = *bitpos; bit = *bitpos;
bitpos++; bitpos++;
val += bit << (*bit_sizes_it - 1 - b); val += bit << (*bit_sizes_it - 1 - b);
@ -32,13 +36,21 @@ uint32_t DecodeBits(std::vector<bool>::const_iterator& bitpos, const std::vector
return val; return val;
} }
} }
return -1; return INVALID; // Reached EOF in exponent
} }
const std::vector<uint8_t> TYPE_BIT_SIZES{0, 0, 1}; enum class Instruction : uint32_t
uint32_t DecodeType(std::vector<bool>::const_iterator& bitpos, const std::vector<bool>::const_iterator& endpos)
{ {
return DecodeBits(bitpos, endpos, 0, TYPE_BIT_SIZES); RETURN = 0,
JUMP = 1,
MATCH = 2,
DEFAULT = 3,
};
const std::vector<uint8_t> TYPE_BIT_SIZES{0, 0, 1};
Instruction DecodeType(std::vector<bool>::const_iterator& bitpos, const std::vector<bool>::const_iterator& endpos)
{
return Instruction(DecodeBits(bitpos, endpos, 0, TYPE_BIT_SIZES));
} }
const std::vector<uint8_t> ASN_BIT_SIZES{15, 16, 17, 18, 19, 20, 21, 22, 23, 24}; const std::vector<uint8_t> ASN_BIT_SIZES{15, 16, 17, 18, 19, 20, 21, 22, 23, 24};
@ -69,34 +81,105 @@ uint32_t Interpret(const std::vector<bool> &asmap, const std::vector<bool> &ip)
const std::vector<bool>::const_iterator endpos = asmap.end(); const std::vector<bool>::const_iterator endpos = asmap.end();
uint8_t bits = ip.size(); uint8_t bits = ip.size();
uint32_t default_asn = 0; uint32_t default_asn = 0;
uint32_t opcode, jump, match, matchlen; uint32_t jump, match, matchlen;
Instruction opcode;
while (pos != endpos) { while (pos != endpos) {
opcode = DecodeType(pos, endpos); opcode = DecodeType(pos, endpos);
if (opcode == 0) { if (opcode == Instruction::RETURN) {
return DecodeASN(pos, endpos); default_asn = DecodeASN(pos, endpos);
} else if (opcode == 1) { if (default_asn == INVALID) break; // ASN straddles EOF
return default_asn;
} else if (opcode == Instruction::JUMP) {
jump = DecodeJump(pos, endpos); jump = DecodeJump(pos, endpos);
if (bits == 0) break; if (jump == INVALID) break; // Jump offset straddles EOF
if (bits == 0) break; // No input bits left
if (jump >= endpos - pos) break; // Jumping past EOF
if (ip[ip.size() - bits]) { if (ip[ip.size() - bits]) {
if (jump >= endpos - pos) break;
pos += jump; pos += jump;
} }
bits--; bits--;
} else if (opcode == 2) { } else if (opcode == Instruction::MATCH) {
match = DecodeMatch(pos, endpos); match = DecodeMatch(pos, endpos);
if (match == INVALID) break; // Match bits straddle EOF
matchlen = CountBits(match) - 1; matchlen = CountBits(match) - 1;
if (bits < matchlen) break; // Not enough input bits
for (uint32_t bit = 0; bit < matchlen; bit++) { for (uint32_t bit = 0; bit < matchlen; bit++) {
if (bits == 0) break;
if ((ip[ip.size() - bits]) != ((match >> (matchlen - 1 - bit)) & 1)) { if ((ip[ip.size() - bits]) != ((match >> (matchlen - 1 - bit)) & 1)) {
return default_asn; return default_asn;
} }
bits--; bits--;
} }
} else if (opcode == 3) { } else if (opcode == Instruction::DEFAULT) {
default_asn = DecodeASN(pos, endpos); default_asn = DecodeASN(pos, endpos);
if (default_asn == INVALID) break; // ASN straddles EOF
} else { } else {
break; break; // Instruction straddles EOF
} }
} }
assert(false); // Reached EOF without RETURN, or aborted (see any of the breaks above) - should have been caught by SanityCheckASMap below
return 0; // 0 is not a valid ASN return 0; // 0 is not a valid ASN
} }
bool SanityCheckASMap(const std::vector<bool>& asmap, int bits)
{
const std::vector<bool>::const_iterator begin = asmap.begin(), endpos = asmap.end();
std::vector<bool>::const_iterator pos = begin;
std::vector<std::pair<uint32_t, int>> jumps; // All future positions we may jump to (bit offset in asmap -> bits to consume left)
jumps.reserve(bits);
Instruction prevopcode = Instruction::JUMP;
bool had_incomplete_match = false;
while (pos != endpos) {
uint32_t offset = pos - begin;
if (!jumps.empty() && offset >= jumps.back().first) return false; // There was a jump into the middle of the previous instruction
Instruction opcode = DecodeType(pos, endpos);
if (opcode == Instruction::RETURN) {
if (prevopcode == Instruction::DEFAULT) return false; // There should not be any RETURN immediately after a DEFAULT (could be combined into just RETURN)
uint32_t asn = DecodeASN(pos, endpos);
if (asn == INVALID) return false; // ASN straddles EOF
if (jumps.empty()) {
// Nothing to execute anymore
if (endpos - pos > 7) return false; // Excessive padding
while (pos != endpos) {
if (*pos) return false; // Nonzero padding bit
++pos;
}
return true; // Sanely reached EOF
} else {
// Continue by pretending we jumped to the next instruction
offset = pos - begin;
if (offset != jumps.back().first) return false; // Unreachable code
bits = jumps.back().second; // Restore the number of bits we would have had left after this jump
jumps.pop_back();
prevopcode = Instruction::JUMP;
}
} else if (opcode == Instruction::JUMP) {
uint32_t jump = DecodeJump(pos, endpos);
if (jump == INVALID) return false; // Jump offset straddles EOF
if (jump > endpos - pos) return false; // Jump out of range
if (bits == 0) return false; // Consuming bits past the end of the input
--bits;
uint32_t jump_offset = pos - begin + jump;
if (!jumps.empty() && jump_offset >= jumps.back().first) return false; // Intersecting jumps
jumps.emplace_back(jump_offset, bits);
prevopcode = Instruction::JUMP;
} else if (opcode == Instruction::MATCH) {
uint32_t match = DecodeMatch(pos, endpos);
if (match == INVALID) return false; // Match bits straddle EOF
int matchlen = CountBits(match) - 1;
if (prevopcode != Instruction::MATCH) had_incomplete_match = false;
if (matchlen < 8 && had_incomplete_match) return false; // Within a sequence of matches only at most one should be incomplete
had_incomplete_match = (matchlen < 8);
if (bits < matchlen) return false; // Consuming bits past the end of the input
bits -= matchlen;
prevopcode = Instruction::MATCH;
} else if (opcode == Instruction::DEFAULT) {
if (prevopcode == Instruction::DEFAULT) return false; // There should not be two successive DEFAULTs (they could be combined into one)
uint32_t asn = DecodeASN(pos, endpos);
if (asn == INVALID) return false; // ASN straddles EOF
prevopcode = Instruction::DEFAULT;
} else {
return false; // Instruction straddles EOF
}
}
return false; // Reached EOF without RETURN instruction
}

5
src/util/asmap.h
View File

@ -5,6 +5,11 @@
#ifndef BITCOIN_UTIL_ASMAP_H #ifndef BITCOIN_UTIL_ASMAP_H
#define BITCOIN_UTIL_ASMAP_H #define BITCOIN_UTIL_ASMAP_H
#include <stdint.h>
#include <vector>
uint32_t Interpret(const std::vector<bool> &asmap, const std::vector<bool> &ip); uint32_t Interpret(const std::vector<bool> &asmap, const std::vector<bool> &ip);
bool SanityCheckASMap(const std::vector<bool>& asmap, int bits);
#endif // BITCOIN_UTIL_ASMAP_H #endif // BITCOIN_UTIL_ASMAP_H