git.bitcoin.ninja Git - rust-lightning/blob - fuzz/fuzz_targets/router_target.rs

   1 extern crate bitcoin;
   2 extern crate lightning;
   3 extern crate secp256k1;
   4
   5 use lightning::ln::channelmanager::ChannelDetails;
   6 use lightning::ln::msgs;
   7 use lightning::ln::msgs::{MsgDecodable, RoutingMessageHandler};
   8 use lightning::ln::router::{Router, RouteHint};
   9 use lightning::util::reset_rng_state;
  10 use lightning::util::logger::Logger;
  11
  12 use secp256k1::key::PublicKey;
  13 use secp256k1::Secp256k1;
  14
  15 mod utils;
  16
  17 use utils::test_logger;
  18
  19 use std::sync::Arc;
  20
  21 #[inline]
  22 pub fn slice_to_be16(v: &[u8]) -> u16 {
  23         ((v[0] as u16) << 8*1) |
  24         ((v[1] as u16) << 8*0)
  25 }
  26
  27 #[inline]
  28 pub fn slice_to_be32(v: &[u8]) -> u32 {
  29         ((v[0] as u32) << 8*3) |
  30         ((v[1] as u32) << 8*2) |
  31         ((v[2] as u32) << 8*1) |
  32         ((v[3] as u32) << 8*0)
  33 }
  34
  35 #[inline]
  36 pub fn slice_to_be64(v: &[u8]) -> u64 {
  37         ((v[0] as u64) << 8*7) |
  38         ((v[1] as u64) << 8*6) |
  39         ((v[2] as u64) << 8*5) |
  40         ((v[3] as u64) << 8*4) |
  41         ((v[4] as u64) << 8*3) |
  42         ((v[5] as u64) << 8*2) |
  43         ((v[6] as u64) << 8*1) |
  44         ((v[7] as u64) << 8*0)
  45 }
  46
  47 #[inline]
  48 pub fn do_test(data: &[u8]) {
  49         reset_rng_state();
  50
  51         let mut read_pos = 0;
  52         macro_rules! get_slice_nonadvancing {
  53                 ($len: expr) => {
  54                         {
  55                                 if data.len() < read_pos + $len as usize {
  56                                         return;
  57                                 }
  58                                 &data[read_pos..read_pos + $len as usize]
  59                         }
  60                 }
  61         }
  62         macro_rules! get_slice {
  63                 ($len: expr) => {
  64                         {
  65                                 let res = get_slice_nonadvancing!($len);
  66                                 read_pos += $len;
  67                                 res
  68                         }
  69                 }
  70         }
  71
  72         macro_rules! decode_msg {
  73                 ($MsgType: path, $len: expr) => {
  74                         match <($MsgType)>::decode(get_slice!($len)) {
  75                                 Ok(msg) => msg,
  76                                 Err(e) => match e {
  77                                         msgs::DecodeError::UnknownRealmByte => return,
  78                                         msgs::DecodeError::UnknownRequiredFeature => return,
  79                                         msgs::DecodeError::BadPublicKey => return,
  80                                         msgs::DecodeError::BadSignature => return,
  81                                         msgs::DecodeError::BadText => return,
  82                                         msgs::DecodeError::ExtraAddressesPerType => return,
  83                                         msgs::DecodeError::BadLengthDescriptor => return,
  84                                         msgs::DecodeError::ShortRead => panic!("We picked the length..."),
  85                                 }
  86                         }
  87                 }
  88         }
  89
  90         macro_rules! decode_msg_with_len16 {
  91                 ($MsgType: path, $begin_len: expr, $excess: expr) => {
  92                         {
  93                                 let extra_len = slice_to_be16(&get_slice_nonadvancing!($begin_len as usize + 2)[$begin_len..$begin_len + 2]);
  94                                 decode_msg!($MsgType, $begin_len as usize + 2 + (extra_len as usize) + $excess)
  95                         }
  96                 }
  97         }
  98
  99         let secp_ctx = Secp256k1::new();
 100         macro_rules! get_pubkey {
 101                 () => {
 102                         match PublicKey::from_slice(&secp_ctx, get_slice!(33)) {
 103                                 Ok(key) => key,
 104                                 Err(_) => return,
 105                         }
 106                 }
 107         }
 108
 109         let logger: Arc<Logger> = Arc::new(test_logger::TestLogger{});
 110
 111         let our_pubkey = get_pubkey!();
 112         let router = Router::new(our_pubkey.clone(), Arc::clone(&logger));
 113
 114         loop {
 115                 match get_slice!(1)[0] {
 116                         0 => {
 117                                 let start_len = slice_to_be16(&get_slice_nonadvancing!(64 + 2)[64..64 + 2]) as usize;
 118                                 let addr_len = slice_to_be16(&get_slice_nonadvancing!(64+start_len+2 + 74)[64+start_len+2 + 72..64+start_len+2 + 74]);
 119                                 if addr_len > (37+1)*4 {
 120                                         return;
 121                                 }
 122                                 let _ = router.handle_node_announcement(&decode_msg_with_len16!(msgs::NodeAnnouncement, 64, 288));
 123                         },
 124                         1 => {
 125                                 let _ = router.handle_channel_announcement(&decode_msg_with_len16!(msgs::ChannelAnnouncement, 64*4, 32+8+33*4));
 126                         },
 127                         2 => {
 128                                 let _ = router.handle_channel_update(&decode_msg!(msgs::ChannelUpdate, 128));
 129                         },
 130                         3 => {
 131                                 match get_slice!(1)[0] {
 132                                         0 => {
 133                                                 router.handle_htlc_fail_channel_update(&msgs::HTLCFailChannelUpdate::ChannelUpdateMessage {msg: decode_msg!(msgs::ChannelUpdate, 128)});
 134                                         },
 135                                         1 => {
 136                                                 let short_channel_id = slice_to_be64(get_slice!(8));
 137                                                 router.handle_htlc_fail_channel_update(&msgs::HTLCFailChannelUpdate::ChannelClosed {short_channel_id});
 138                                         },
 139                                         _ => return,
 140                                 }
 141                         },
 142                         4 => {
 143                                 let target = get_pubkey!();
 144                                 let mut first_hops_vec = Vec::new();
 145                                 let first_hops = match get_slice!(1)[0] {
 146                                         0 => None,
 147                                         1 => {
 148                                                 let count = slice_to_be16(get_slice!(2));
 149                                                 for _ in 0..count {
 150                                                         first_hops_vec.push(ChannelDetails {
 151                                                                 channel_id: [0; 32],
 152                                                                 short_channel_id: Some(slice_to_be64(get_slice!(8))),
 153                                                                 remote_network_id: get_pubkey!(),
 154                                                                 channel_value_satoshis: slice_to_be64(get_slice!(8)),
 155                                                                 user_id: 0,
 156                                                         });
 157                                                 }
 158                                                 Some(&first_hops_vec[..])
 159                                         },
 160                                         _ => return,
 161                                 };
 162                                 let mut last_hops_vec = Vec::new();
 163                                 let last_hops = {
 164                                         let count = slice_to_be16(get_slice!(2));
 165                                         for _ in 0..count {
 166                                                 last_hops_vec.push(RouteHint {
 167                                                         src_node_id: get_pubkey!(),
 168                                                         short_channel_id: slice_to_be64(get_slice!(8)),
 169                                                         fee_base_msat: slice_to_be32(get_slice!(4)),
 170                                                         fee_proportional_millionths: slice_to_be32(get_slice!(4)),
 171                                                         cltv_expiry_delta: slice_to_be16(get_slice!(2)),
 172                                                         htlc_minimum_msat: slice_to_be64(get_slice!(8)),
 173                                                 });
 174                                         }
 175                                         &last_hops_vec[..]
 176                                 };
 177                                 let _ = router.get_route(&target, first_hops, last_hops, slice_to_be64(get_slice!(8)), slice_to_be32(get_slice!(4)));
 178                         },
 179                         _ => return,
 180                 }
 181         }
 182 }
 183
 184 #[cfg(feature = "afl")]
 185 #[macro_use] extern crate afl;
 186 #[cfg(feature = "afl")]
 187 fn main() {
 188         fuzz!(|data| {
 189                 do_test(data);
 190         });
 191 }
 192
 193 #[cfg(feature = "honggfuzz")]
 194 #[macro_use] extern crate honggfuzz;
 195 #[cfg(feature = "honggfuzz")]
 196 fn main() {
 197         loop {
 198                 fuzz!(|data| {
 199                         do_test(data);
 200                 });
 201         }
 202 }
 203
 204 extern crate hex;
 205 #[cfg(test)]
 206 mod tests {
 207
 208         #[test]
 209         fn duplicate_crash() {
 210                 super::do_test(&::hex::decode("00").unwrap());
 211         }
 212 }