merge bitcoin#20995: Avoid initializing version to less than MIN_PEER_PROTO_VERSION

This commit is contained in:
Kittywhiskers Van Gogh 2023-07-14 14:30:09 +00:00 committed by UdjinM6
parent 31b7169b3c
commit 58bea6a498
5 changed files with 35 additions and 21 deletions

View File

@ -18,6 +18,7 @@ libtest_fuzz_a_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
libtest_fuzz_a_SOURCES = \ libtest_fuzz_a_SOURCES = \
test/fuzz/fuzz.cpp \ test/fuzz/fuzz.cpp \
test/util/mining.cpp \ test/util/mining.cpp \
test/fuzz/util.cpp \
$(TEST_FUZZ_H) $(TEST_FUZZ_H)
LIBTEST_FUZZ += $(LIBBITCOIN_SERVER) LIBTEST_FUZZ += $(LIBBITCOIN_SERVER)

View File

@ -67,10 +67,12 @@ void fuzz_target(const std::vector<uint8_t>& buffer, const std::string& LIMIT_TO
return; return;
} }
CNode& p2p_node = *ConsumeNodeAsUniquePtr(fuzzed_data_provider).release(); CNode& p2p_node = *ConsumeNodeAsUniquePtr(fuzzed_data_provider).release();
FillNode(fuzzed_data_provider, p2p_node);
p2p_node.fSuccessfullyConnected = true; const bool successfully_connected{true};
p2p_node.fSuccessfullyConnected = successfully_connected;
connman.AddTestNode(p2p_node); connman.AddTestNode(p2p_node);
g_setup->m_node.peerman->InitializeNode(&p2p_node); g_setup->m_node.peerman->InitializeNode(&p2p_node);
FillNode(fuzzed_data_provider, p2p_node, /* init_version */ successfully_connected);
// fuzzed_data_provider is fully consumed after this call, don't use it // fuzzed_data_provider is fully consumed after this call, don't use it
CDataStream random_bytes_data_stream{fuzzed_data_provider.ConsumeRemainingBytes<unsigned char>(), SER_NETWORK, PROTOCOL_VERSION}; CDataStream random_bytes_data_stream{fuzzed_data_provider.ConsumeRemainingBytes<unsigned char>(), SER_NETWORK, PROTOCOL_VERSION};

View File

@ -45,10 +45,11 @@ FUZZ_TARGET_INIT(process_messages, initialize_process_messages)
peers.push_back(ConsumeNodeAsUniquePtr(fuzzed_data_provider, i).release()); peers.push_back(ConsumeNodeAsUniquePtr(fuzzed_data_provider, i).release());
CNode& p2p_node = *peers.back(); CNode& p2p_node = *peers.back();
FillNode(fuzzed_data_provider, p2p_node); const bool successfully_connected{true};
p2p_node.fSuccessfullyConnected = true; p2p_node.fSuccessfullyConnected = successfully_connected;
p2p_node.fPauseSend = false; p2p_node.fPauseSend = false;
g_setup->m_node.peerman->InitializeNode(&p2p_node); g_setup->m_node.peerman->InitializeNode(&p2p_node);
FillNode(fuzzed_data_provider, p2p_node, /* init_version */ successfully_connected);
connman.AddTestNode(p2p_node); connman.AddTestNode(p2p_node);
} }

25
src/test/fuzz/util.cpp Normal file
View File

@ -0,0 +1,25 @@
// Copyright (c) 2021 The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
#include <test/fuzz/util.h>
#include <version.h>
void FillNode(FuzzedDataProvider& fuzzed_data_provider, CNode& node, bool init_version) noexcept
{
const ServiceFlags remote_services = ConsumeWeakEnum(fuzzed_data_provider, ALL_SERVICE_FLAGS);
const NetPermissionFlags permission_flags = ConsumeWeakEnum(fuzzed_data_provider, ALL_NET_PERMISSION_FLAGS);
const int32_t version = fuzzed_data_provider.ConsumeIntegralInRange<int32_t>(MIN_PEER_PROTO_VERSION, std::numeric_limits<int32_t>::max());
const bool filter_txs = fuzzed_data_provider.ConsumeBool();
node.nServices = remote_services;
node.m_permissionFlags = permission_flags;
if (init_version) {
node.nVersion = version;
node.SetSendVersion(std::min(version, PROTOCOL_VERSION));
}
if (node.m_tx_relay != nullptr) {
LOCK(node.m_tx_relay->cs_filter);
node.m_tx_relay->fRelayTxes = filter_txs;
}
}

View File

@ -316,24 +316,9 @@ auto ConsumeNode(FuzzedDataProvider& fuzzed_data_provider, const std::optional<N
return CNode{node_id, local_services, socket, address, keyed_net_group, local_host_nonce, addr_bind, addr_name, inbound, block_relay_only}; return CNode{node_id, local_services, socket, address, keyed_net_group, local_host_nonce, addr_bind, addr_name, inbound, block_relay_only};
} }
} }
inline std::unique_ptr<CNode> ConsumeNodeAsUniquePtr(FuzzedDataProvider& fdp, const std::optional<NodeId>& node_id_in = nullopt) { return ConsumeNode<true>(fdp, node_id_in); } inline std::unique_ptr<CNode> ConsumeNodeAsUniquePtr(FuzzedDataProvider& fdp, const std::optional<NodeId>& node_id_in = std::nullopt) { return ConsumeNode<true>(fdp, node_id_in); }
inline void FillNode(FuzzedDataProvider& fuzzed_data_provider, CNode& node, const std::optional<int32_t>& version_in = std::nullopt) noexcept void FillNode(FuzzedDataProvider& fuzzed_data_provider, CNode& node, bool init_version) noexcept;
{
const ServiceFlags remote_services = ConsumeWeakEnum(fuzzed_data_provider, ALL_SERVICE_FLAGS);
const NetPermissionFlags permission_flags = ConsumeWeakEnum(fuzzed_data_provider, ALL_NET_PERMISSION_FLAGS);
const int32_t version = version_in.value_or(fuzzed_data_provider.ConsumeIntegral<int32_t>());
const bool filter_txs = fuzzed_data_provider.ConsumeBool();
node.nServices = remote_services;
node.m_permissionFlags = permission_flags;
node.nVersion = version;
node.SetSendVersion(version);
if (node.m_tx_relay != nullptr) {
LOCK(node.m_tx_relay->cs_filter);
node.m_tx_relay->fRelayTxes = filter_txs;
}
}
inline void InitializeFuzzingContext(const std::string& chain_name = CBaseChainParams::REGTEST) inline void InitializeFuzzingContext(const std::string& chain_name = CBaseChainParams::REGTEST)
{ {