Bitcoin Core  22.99.0
P2P Digital Currency
process_message.cpp
Go to the documentation of this file.
1 // Copyright (c) 2020-2021 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <banman.h>
6 #include <chainparams.h>
7 #include <consensus/consensus.h>
8 #include <net.h>
9 #include <net_processing.h>
10 #include <protocol.h>
11 #include <scheduler.h>
12 #include <script/script.h>
13 #include <streams.h>
15 #include <test/fuzz/fuzz.h>
16 #include <test/fuzz/util.h>
17 #include <test/util/mining.h>
18 #include <test/util/net.h>
19 #include <test/util/setup_common.h>
20 #include <test/util/validation.h>
21 #include <txorphanage.h>
22 #include <validationinterface.h>
23 #include <version.h>
24 
25 #include <atomic>
26 #include <cassert>
27 #include <chrono>
28 #include <cstdint>
29 #include <iosfwd>
30 #include <iostream>
31 #include <memory>
32 #include <string>
33 
34 namespace {
35 const TestingSetup* g_setup;
36 } // namespace
37 
38 size_t& GetNumMsgTypes()
39 {
40  static size_t g_num_msg_types{0};
41  return g_num_msg_types;
42 }
43 #define FUZZ_TARGET_MSG(msg_type) \
44  struct msg_type##_Count_Before_Main { \
45  msg_type##_Count_Before_Main() \
46  { \
47  ++GetNumMsgTypes(); \
48  } \
49  } const static g_##msg_type##_count_before_main; \
50  FUZZ_TARGET_INIT(process_message_##msg_type, initialize_process_message) \
51  { \
52  fuzz_target(buffer, #msg_type); \
53  }
54 
56 {
57  Assert(GetNumMsgTypes() == getAllNetMessageTypes().size()); // If this fails, add or remove the message type below
58 
59  static const auto testing_setup = MakeNoLogFileContext<const TestingSetup>();
60  g_setup = testing_setup.get();
61  for (int i = 0; i < 2 * COINBASE_MATURITY; i++) {
62  MineBlock(g_setup->m_node, CScript() << OP_TRUE);
63  }
65 }
66 
67 void fuzz_target(FuzzBufferType buffer, const std::string& LIMIT_TO_MESSAGE_TYPE)
68 {
69  FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
70 
71  ConnmanTestMsg& connman = *static_cast<ConnmanTestMsg*>(g_setup->m_node.connman.get());
72  TestChainState& chainstate = *static_cast<TestChainState*>(&g_setup->m_node.chainman->ActiveChainstate());
73  SetMockTime(1610000000); // any time to successfully reset ibd
74  chainstate.ResetIbd();
75 
76  const std::string random_message_type{fuzzed_data_provider.ConsumeBytesAsString(CMessageHeader::COMMAND_SIZE).c_str()};
77  if (!LIMIT_TO_MESSAGE_TYPE.empty() && random_message_type != LIMIT_TO_MESSAGE_TYPE) {
78  return;
79  }
80  CNode& p2p_node = *ConsumeNodeAsUniquePtr(fuzzed_data_provider).release();
81 
82  const bool successfully_connected{fuzzed_data_provider.ConsumeBool()};
83  p2p_node.fSuccessfullyConnected = successfully_connected;
84  connman.AddTestNode(p2p_node);
85  g_setup->m_node.peerman->InitializeNode(&p2p_node);
86  FillNode(fuzzed_data_provider, p2p_node, /* init_version */ successfully_connected);
87 
88  const auto mock_time = ConsumeTime(fuzzed_data_provider);
89  SetMockTime(mock_time);
90 
91  // fuzzed_data_provider is fully consumed after this call, don't use it
92  CDataStream random_bytes_data_stream{fuzzed_data_provider.ConsumeRemainingBytes<unsigned char>(), SER_NETWORK, PROTOCOL_VERSION};
93  try {
94  g_setup->m_node.peerman->ProcessMessage(p2p_node, random_message_type, random_bytes_data_stream,
95  GetTime<std::chrono::microseconds>(), std::atomic<bool>{false});
96  } catch (const std::ios_base::failure&) {
97  }
98  {
99  LOCK(p2p_node.cs_sendProcessing);
100  g_setup->m_node.peerman->SendMessages(&p2p_node);
101  }
103  g_setup->m_node.connman->StopNodes();
104 }
105 
106 FUZZ_TARGET_INIT(process_message, initialize_process_message) { fuzz_target(buffer, ""); }
107 FUZZ_TARGET_MSG(addr);
108 FUZZ_TARGET_MSG(addrv2);
109 FUZZ_TARGET_MSG(block);
110 FUZZ_TARGET_MSG(blocktxn);
111 FUZZ_TARGET_MSG(cfcheckpt);
112 FUZZ_TARGET_MSG(cfheaders);
113 FUZZ_TARGET_MSG(cfilter);
114 FUZZ_TARGET_MSG(cmpctblock);
115 FUZZ_TARGET_MSG(feefilter);
116 FUZZ_TARGET_MSG(filteradd);
117 FUZZ_TARGET_MSG(filterclear);
118 FUZZ_TARGET_MSG(filterload);
119 FUZZ_TARGET_MSG(getaddr);
120 FUZZ_TARGET_MSG(getblocks);
121 FUZZ_TARGET_MSG(getblocktxn);
122 FUZZ_TARGET_MSG(getcfcheckpt);
123 FUZZ_TARGET_MSG(getcfheaders);
124 FUZZ_TARGET_MSG(getcfilters);
125 FUZZ_TARGET_MSG(getdata);
126 FUZZ_TARGET_MSG(getheaders);
127 FUZZ_TARGET_MSG(headers);
128 FUZZ_TARGET_MSG(inv);
129 FUZZ_TARGET_MSG(mempool);
130 FUZZ_TARGET_MSG(merkleblock);
131 FUZZ_TARGET_MSG(notfound);
133 FUZZ_TARGET_MSG(pong);
134 FUZZ_TARGET_MSG(sendaddrv2);
135 FUZZ_TARGET_MSG(sendcmpct);
136 FUZZ_TARGET_MSG(sendheaders);
137 FUZZ_TARGET_MSG(tx);
138 FUZZ_TARGET_MSG(verack);
139 FUZZ_TARGET_MSG(version);
140 FUZZ_TARGET_MSG(wtxidrelay);
COINBASE_MATURITY
static const int COINBASE_MATURITY
Coinbase transaction outputs can only be spent after this number of new blocks (network rule)
Definition: consensus.h:19
fuzz_target
void fuzz_target(FuzzBufferType buffer, const std::string &LIMIT_TO_MESSAGE_TYPE)
Definition: process_message.cpp:67
streams.h
setup_common.h
CNode
Information about a peer.
Definition: net.h:393
validationinterface.h
TestChainState::ResetIbd
void ResetIbd()
Reset the ibd cache to its initial state.
Definition: validation.cpp:11
util.h
chainparams.h
MineBlock
CTxIn MineBlock(const NodeContext &node, const CScript &coinbase_scriptPubKey)
Returns the generated coin.
Definition: mining.cpp:59
version.h
Assert
#define Assert(val)
Identity function.
Definition: check.h:57
scheduler.h
ConnmanTestMsg
Definition: net.h:18
validation.h
FUZZ_TARGET_MSG
#define FUZZ_TARGET_MSG(msg_type)
Definition: process_message.cpp:43
Span::size
constexpr std::size_t size() const noexcept
Definition: span.h:182
ConsumeTime
int64_t ConsumeTime(FuzzedDataProvider &fuzzed_data_provider, const std::optional< int64_t > &min, const std::optional< int64_t > &max) noexcept
Definition: util.cpp:226
Span
A Span is an object that can refer to a contiguous sequence of objects.
Definition: span.h:92
ConnmanTestMsg::AddTestNode
void AddTestNode(CNode &node)
Definition: net.h:20
initialize_process_message
void initialize_process_message()
Definition: process_message.cpp:55
SyncWithValidationInterfaceQueue
void SyncWithValidationInterfaceQueue()
This is a synonym for the following, which asserts certain locks are not held: std::promise<void> pro...
Definition: validationinterface.cpp:160
banman.h
FuzzedDataProvider::ConsumeRemainingBytes
std::vector< T > ConsumeRemainingBytes()
Definition: FuzzedDataProvider.h:128
net.h
SetMockTime
void SetMockTime(int64_t nMockTimeIn)
DEPRECATED Use SetMockTime with chrono type.
Definition: time.cpp:101
GetNumMsgTypes
size_t & GetNumMsgTypes()
Definition: process_message.cpp:38
consensus.h
CNode::fSuccessfullyConnected
std::atomic_bool fSuccessfullyConnected
fSuccessfullyConnected is set to true on receiving VERACK from the peer.
Definition: net.h:449
FuzzedDataProvider.h
CMessageHeader::COMMAND_SIZE
static constexpr size_t COMMAND_SIZE
Definition: protocol.h:34
TestChainState
Definition: validation.h:10
CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:405
script.h
net_processing.h
OP_TRUE
@ OP_TRUE
Definition: script.h:77
ping
static RPCHelpMan ping()
Definition: net.cpp:82
Span::data
constexpr C * data() const noexcept
Definition: span.h:169
FUZZ_TARGET_INIT
FUZZ_TARGET_INIT(process_message, initialize_process_message)
Definition: process_message.cpp:106
CNode::cs_sendProcessing
RecursiveMutex cs_sendProcessing
Definition: net.h:419
fuzz.h
LOCK
#define LOCK(cs)
Definition: sync.h:226
FuzzedDataProvider
Definition: FuzzedDataProvider.h:31
ConsumeNodeAsUniquePtr
std::unique_ptr< CNode > ConsumeNodeAsUniquePtr(FuzzedDataProvider &fdp, const std::optional< NodeId > &node_id_in=std::nullopt)
Definition: util.h:276
FuzzedDataProvider::ConsumeBytesAsString
std::string ConsumeBytesAsString(size_t num_bytes)
Definition: FuzzedDataProvider.h:136
TestingSetup
Testing setup that configures a complete environment.
Definition: setup_common.h:99
getAllNetMessageTypes
const std::vector< std::string > & getAllNetMessageTypes()
Definition: protocol.cpp:179
CDataStream
Double ended buffer combining vector and stream-like interfaces.
Definition: streams.h:204
SER_NETWORK
@ SER_NETWORK
Definition: serialize.h:138
FuzzedDataProvider::ConsumeBool
bool ConsumeBool()
Definition: FuzzedDataProvider.h:288
txorphanage.h
FillNode
void FillNode(FuzzedDataProvider &fuzzed_data_provider, CNode &node, bool init_version) noexcept
Definition: util.cpp:202
mining.h
PROTOCOL_VERSION
static const int PROTOCOL_VERSION
network protocol versioning
Definition: version.h:12