X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=fuzz%2Ffuzz_targets%2Fchannel_target.rs;h=e7cc6f76c999e42d6bdfc861a6a0244f500b1885;hb=1f1f82569a1774d2f6cb84e1de3c55dc733022c8;hp=2c0da092ed335ead955cfe0e15b9ef16b045c790;hpb=53d15185666c6b318c16564c534a01ae70b91e58;p=rust-lightning diff --git a/fuzz/fuzz_targets/channel_target.rs b/fuzz/fuzz_targets/channel_target.rs index 2c0da092..e7cc6f76 100644 --- a/fuzz/fuzz_targets/channel_target.rs +++ b/fuzz/fuzz_targets/channel_target.rs @@ -8,16 +8,24 @@ use bitcoin::util::hash::Sha256dHash; use bitcoin::network::serialize::{serialize, BitcoinHash}; use lightning::ln::channel::{Channel, ChannelKeys}; -use lightning::ln::channelmanager::{HTLCFailReason, PendingForwardHTLCInfo}; +use lightning::ln::channelmanager::{HTLCFailReason, HTLCSource, PendingHTLCStatus}; use lightning::ln::msgs; -use lightning::ln::msgs::MsgDecodable; +use lightning::ln::msgs::{ErrorAction}; use lightning::chain::chaininterface::{FeeEstimator, ConfirmationTarget}; +use lightning::chain::transaction::OutPoint; use lightning::util::reset_rng_state; +use lightning::util::logger::Logger; +use lightning::util::ser::Readable; + +mod utils; + +use utils::test_logger; use secp256k1::key::{PublicKey, SecretKey}; use secp256k1::Secp256k1; use std::sync::atomic::{AtomicUsize,Ordering}; +use std::sync::Arc; #[inline] pub fn slice_to_be16(v: &[u8]) -> u16 { @@ -79,10 +87,10 @@ struct FuzzEstimator<'a> { input: &'a InputData<'a>, } impl<'a> FeeEstimator for FuzzEstimator<'a> { - fn get_est_sat_per_vbyte(&self, _: ConfirmationTarget) -> u64 { + fn get_est_sat_per_1000_weight(&self, _: ConfirmationTarget) -> u64 { //TODO: We should actually be testing at least much more than 64k... match self.input.get_slice(2) { - Some(slice) => slice_to_be16(slice) as u64, + Some(slice) => slice_to_be16(slice) as u64 * 250, None => 0 } } @@ -100,6 +108,8 @@ pub fn do_test(data: &[u8]) { input: &input, }; + let logger: Arc = Arc::new(test_logger::TestLogger{}); + macro_rules! get_slice { ($len: expr) => { match input.get_slice($len as usize) { @@ -110,18 +120,24 @@ pub fn do_test(data: &[u8]) { } macro_rules! decode_msg { - ($MsgType: path, $len: expr) => { - match <($MsgType)>::decode(get_slice!($len)) { + ($MsgType: path, $len: expr) => {{ + let mut reader = ::std::io::Cursor::new(get_slice!($len)); + match <($MsgType)>::read(&mut reader) { Ok(msg) => msg, Err(e) => match e { msgs::DecodeError::UnknownRealmByte => return, + msgs::DecodeError::UnknownRequiredFeature => return, msgs::DecodeError::BadPublicKey => return, msgs::DecodeError::BadSignature => return, + msgs::DecodeError::BadText => return, msgs::DecodeError::ExtraAddressesPerType => return, - msgs::DecodeError::WrongLength => panic!("We picked the length..."), + msgs::DecodeError::BadLengthDescriptor => return, + msgs::DecodeError::ShortRead => panic!("We picked the length..."), + msgs::DecodeError::InvalidValue => panic!("Should not happen with p2p message decoding"), + msgs::DecodeError::Io(e) => panic!(format!("{}", e)), } } - } + }} } macro_rules! decode_msg_with_len16 { @@ -131,16 +147,7 @@ pub fn do_test(data: &[u8]) { Some(slice) => slice, None => return, }[$begin_len..$begin_len + 2]); - match <($MsgType)>::decode(get_slice!($begin_len as usize + 2 + (extra_len as usize)*$factor)) { - Ok(msg) => msg, - Err(e) => match e { - msgs::DecodeError::UnknownRealmByte => return, - msgs::DecodeError::BadPublicKey => return, - msgs::DecodeError::BadSignature => return, - msgs::DecodeError::ExtraAddressesPerType => return, - msgs::DecodeError::WrongLength => panic!("We picked the length..."), - } - } + decode_msg!($MsgType, $begin_len as usize + 2 + (extra_len as usize)*$factor) } } } @@ -158,7 +165,7 @@ pub fn do_test(data: &[u8]) { macro_rules! return_err { ($expr: expr) => { match $expr { - Ok(_) => {}, + Ok(r) => r, Err(_) => return, } } @@ -186,8 +193,11 @@ pub fn do_test(data: &[u8]) { let mut channel = if get_slice!(1)[0] != 0 { let chan_value = slice_to_be24(get_slice!(3)); - let mut chan = Channel::new_outbound(&fee_est, chan_keys!(), their_pubkey, chan_value, get_slice!(1)[0] == 0, slice_to_be64(get_slice!(8))); - chan.get_open_channel(Sha256dHash::from(get_slice!(32)), &fee_est).unwrap(); + let mut chan = match Channel::new_outbound(&fee_est, chan_keys!(), their_pubkey, chan_value, slice_to_be24(get_slice!(3)), get_slice!(1)[0] == 0, slice_to_be64(get_slice!(8)), Arc::clone(&logger)) { + Ok(chan) => chan, + Err(_) => return, + }; + chan.get_open_channel(Sha256dHash::from(get_slice!(32)), &fee_est); let accept_chan = if get_slice!(1)[0] == 0 { decode_msg_with_len16!(msgs::AcceptChannel, 270, 1) } else { @@ -196,9 +206,9 @@ pub fn do_test(data: &[u8]) { return_err!(chan.accept_channel(&accept_chan)); tx.output.push(TxOut{ value: chan_value, script_pubkey: chan.get_funding_redeemscript().to_v0_p2wsh() }); - let funding_output = (Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0); + let funding_output = OutPoint::new(Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0); - chan.get_outbound_funding_created(funding_output.0.clone(), funding_output.1).unwrap(); + chan.get_outbound_funding_created(funding_output).unwrap(); let funding_signed = decode_msg!(msgs::FundingSigned, 32+64); return_err!(chan.funding_signed(&funding_signed)); chan @@ -208,18 +218,18 @@ pub fn do_test(data: &[u8]) { } else { decode_msg!(msgs::OpenChannel, 2*32+6*8+4+2*2+6*33+1) }; - let mut chan = match Channel::new_from_req(&fee_est, chan_keys!(), their_pubkey, &open_chan, slice_to_be64(get_slice!(8)), get_slice!(1)[0] == 0) { + let mut chan = match Channel::new_from_req(&fee_est, chan_keys!(), their_pubkey, &open_chan, slice_to_be64(get_slice!(8)), false, get_slice!(1)[0] == 0, Arc::clone(&logger)) { Ok(chan) => chan, Err(_) => return, }; - chan.get_accept_channel().unwrap(); + chan.get_accept_channel(); tx.output.push(TxOut{ value: open_chan.funding_satoshis, script_pubkey: chan.get_funding_redeemscript().to_v0_p2wsh() }); - let funding_output = (Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0); + let funding_output = OutPoint::new(Sha256dHash::from_data(&serialize(&tx).unwrap()[..]), 0); let mut funding_created = decode_msg!(msgs::FundingCreated, 32+32+2+64); - funding_created.funding_txid = funding_output.0.clone(); - funding_created.funding_output_index = funding_output.1; + funding_created.funding_txid = funding_output.txid.clone(); + funding_created.funding_output_index = funding_output.index; return_err!(chan.funding_created(&funding_created)); chan }; @@ -234,54 +244,73 @@ pub fn do_test(data: &[u8]) { let funding_locked = decode_msg!(msgs::FundingLocked, 32+33); return_err!(channel.funding_locked(&funding_locked)); + macro_rules! test_err { + ($expr: expr) => { + match $expr { + Ok(r) => Some(r), + Err(e) => match e.action { + None => return, + Some(ErrorAction::DisconnectPeer {..}) => return, + Some(ErrorAction::IgnoreError) => None, + Some(ErrorAction::SendErrorMessage {..}) => None, + }, + } + } + } + loop { match get_slice!(1)[0] { 0 => { - return_err!(channel.send_htlc(slice_to_be64(get_slice!(8)), [42; 32], slice_to_be32(get_slice!(4)), msgs::OnionPacket { + test_err!(channel.send_htlc(slice_to_be64(get_slice!(8)), [42; 32], slice_to_be32(get_slice!(4)), HTLCSource::dummy(), msgs::OnionPacket { version: get_slice!(1)[0], - public_key: get_pubkey!(), + public_key: PublicKey::from_slice(&secp_ctx, get_slice!(33)), hop_data: [0; 20*65], hmac: [0; 32], })); }, 1 => { - return_err!(channel.send_commitment()); + test_err!(channel.send_commitment()); }, 2 => { let update_add_htlc = decode_msg!(msgs::UpdateAddHTLC, 32+8+8+32+4+4+33+20*65+32); - return_err!(channel.update_add_htlc(&update_add_htlc, PendingForwardHTLCInfo::dummy())); + test_err!(channel.update_add_htlc(&update_add_htlc, PendingHTLCStatus::dummy())); }, 3 => { let update_fulfill_htlc = decode_msg!(msgs::UpdateFulfillHTLC, 32 + 8 + 32); - return_err!(channel.update_fulfill_htlc(&update_fulfill_htlc)); + test_err!(channel.update_fulfill_htlc(&update_fulfill_htlc)); }, 4 => { let update_fail_htlc = decode_msg_with_len16!(msgs::UpdateFailHTLC, 32 + 8, 1); - return_err!(channel.update_fail_htlc(&update_fail_htlc, HTLCFailReason::dummy())); + test_err!(channel.update_fail_htlc(&update_fail_htlc, HTLCFailReason::dummy())); }, 5 => { let update_fail_malformed_htlc = decode_msg!(msgs::UpdateFailMalformedHTLC, 32+8+32+2); - return_err!(channel.update_fail_malformed_htlc(&update_fail_malformed_htlc, HTLCFailReason::dummy())); + test_err!(channel.update_fail_malformed_htlc(&update_fail_malformed_htlc, HTLCFailReason::dummy())); }, 6 => { let commitment_signed = decode_msg_with_len16!(msgs::CommitmentSigned, 32+64, 64); - return_err!(channel.commitment_signed(&commitment_signed)); + test_err!(channel.commitment_signed(&commitment_signed)); }, 7 => { let revoke_and_ack = decode_msg!(msgs::RevokeAndACK, 32+32+33); - return_err!(channel.revoke_and_ack(&revoke_and_ack)); + test_err!(channel.revoke_and_ack(&revoke_and_ack)); }, 8 => { let update_fee = decode_msg!(msgs::UpdateFee, 32+4); - return_err!(channel.update_fee(&fee_est, &update_fee)); + test_err!(channel.update_fee(&fee_est, &update_fee)); }, 9 => { let shutdown = decode_msg_with_len16!(msgs::Shutdown, 32, 1); - return_err!(channel.shutdown(&fee_est, &shutdown)); + test_err!(channel.shutdown(&fee_est, &shutdown)); + if channel.is_shutdown() { return; } }, 10 => { let closing_signed = decode_msg!(msgs::ClosingSigned, 32+8+64); - return_err!(channel.closing_signed(&fee_est, &closing_signed)); + let sign_res = test_err!(channel.closing_signed(&fee_est, &closing_signed)); + if sign_res.is_some() && sign_res.unwrap().1.is_some() { + assert!(channel.is_shutdown()); + return; + } }, _ => return, } @@ -289,11 +318,11 @@ pub fn do_test(data: &[u8]) { } #[cfg(feature = "afl")] -extern crate afl; +#[macro_use] extern crate afl; #[cfg(feature = "afl")] fn main() { - afl::read_stdio_bytes(|data| { - do_test(&data); + fuzz!(|data| { + do_test(data); }); } @@ -308,29 +337,11 @@ fn main() { } } +extern crate hex; #[cfg(test)] mod tests { - fn extend_vec_from_hex(hex: &str, out: &mut Vec) { - let mut b = 0; - for (idx, c) in hex.as_bytes().iter().enumerate() { - b <<= 4; - match *c { - b'A'...b'F' => b |= c - b'A' + 10, - b'a'...b'f' => b |= c - b'a' + 10, - b'0'...b'9' => b |= c - b'0', - _ => panic!("Bad hex"), - } - if (idx & 1) == 1 { - out.push(b); - b = 0; - } - } - } - #[test] fn duplicate_crash() { - let mut a = Vec::new(); - extend_vec_from_hex("00", &mut a); - super::do_test(&a); + super::do_test(&::hex::decode("00").unwrap()); } }