socks5_8cpp_source.html

// Copyright (c) 2020-2022 The Bitcoin Core developers

// Distributed under the MIT software license, see the accompanying

// file COPYING or http://www.opensource.org/licenses/mit-license.php.


#include <netaddress.h>

#include <netbase.h>

#include <test/fuzz/FuzzedDataProvider.h>

#include <test/fuzz/fuzz.h>

#include <test/fuzz/util.h>

#include <test/fuzz/util/net.h>

#include <test/util/setup_common.h>

#include <util/time.h>


#include <cstdint>

#include <string>

#include <vector>


extern std::chrono::milliseconds g_socks5_recv_timeout;


namespace {

decltype(g_socks5_recv_timeout) default_socks5_recv_timeout;

};


void initialize_socks5()

{

    static const auto testing_setup = MakeNoLogFileContext<const BasicTestingSetup>();

    default_socks5_recv_timeout = g_socks5_recv_timeout;

}


FUZZ_TARGET(socks5, .init = initialize_socks5)

{

    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};

    SetMockTime(ConsumeTime(fuzzed_data_provider));

    ProxyCredentials proxy_credentials;

    proxy_credentials.username = fuzzed_data_provider.ConsumeRandomLengthString(512);

    proxy_credentials.password = fuzzed_data_provider.ConsumeRandomLengthString(512);

    if (fuzzed_data_provider.ConsumeBool()) {

        g_socks5_interrupt();

    }

    // Set FUZZED_SOCKET_FAKE_LATENCY=1 to exercise recv timeout code paths. This

    // will slow down fuzzing.

    g_socks5_recv_timeout = (fuzzed_data_provider.ConsumeBool() && std::getenv("FUZZED_SOCKET_FAKE_LATENCY") != nullptr) ? 1ms : default_socks5_recv_timeout;

    FuzzedSock fuzzed_sock = ConsumeSock(fuzzed_data_provider);

    // This Socks5(...) fuzzing harness would have caught CVE-2017-18350 within

    // a few seconds of fuzzing.

    auto str_dest = fuzzed_data_provider.ConsumeRandomLengthString(512);

    auto port = fuzzed_data_provider.ConsumeIntegral<uint16_t>();

    auto* auth = fuzzed_data_provider.ConsumeBool() ? &proxy_credentials : nullptr;

    (void)Socks5(str_dest, port, auth, fuzzed_sock);

}

FuzzedDataProvider.h

FuzzedDataProvider
Definition: FuzzedDataProvider.h:32

FuzzedDataProvider::ConsumeRandomLengthString
std::string ConsumeRandomLengthString(size_t max_length)
Definition: FuzzedDataProvider.h:153

FuzzedDataProvider::ConsumeBool
bool ConsumeBool()
Definition: FuzzedDataProvider.h:289

FuzzedDataProvider::ConsumeIntegral
T ConsumeIntegral()
Definition: FuzzedDataProvider.h:195

FuzzedSock
Definition: net.h:162

fuzz.h

init
Definition: bitcoin-gui.cpp:17

netaddress.h

g_socks5_interrupt
CThreadInterrupt g_socks5_interrupt
Interrupt SOCKS5 reads or writes.
Definition: netbase.cpp:41

Socks5
bool Socks5(const std::string &strDest, uint16_t port, const ProxyCredentials *auth, const Sock &sock)
Connect to a specified destination service through an already connected SOCKS5 proxy.
Definition: netbase.cpp:396

netbase.h

setup_common.h

g_socks5_recv_timeout
std::chrono::milliseconds g_socks5_recv_timeout
Definition: netbase.cpp:40

initialize_socks5
void initialize_socks5()
Definition: socks5.cpp:24

FUZZ_TARGET
FUZZ_TARGET(socks5,.init=initialize_socks5)
Definition: socks5.cpp:30

ProxyCredentials
Credentials for proxy authentication.
Definition: netbase.h:93

ProxyCredentials::username
std::string username
Definition: netbase.h:94

ProxyCredentials::password
std::string password
Definition: netbase.h:95

net.h

ConsumeSock
FuzzedSock ConsumeSock(FuzzedDataProvider &fuzzed_data_provider)
Definition: net.h:230

ConsumeTime
int64_t ConsumeTime(FuzzedDataProvider &fuzzed_data_provider, const std::optional< int64_t > &min, const std::optional< int64_t > &max) noexcept
Definition: util.cpp:34

util.h

SetMockTime
void SetMockTime(int64_t nMockTimeIn)
DEPRECATED Use SetMockTime with chrono type.
Definition: time.cpp:40

fuzzed_data_provider
FuzzedDataProvider & fuzzed_data_provider
Definition: fees.cpp:38