X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=fuzz%2Ffuzz_targets%2Frouter_target.rs;h=4ccd32746e39a2b87a247a9581808ade4eb74459;hb=19b92448c579982fcfcd52e28448323576472883;hp=13733adb6dfe96ed8721b2006f9d7d35bc377ff1;hpb=fe9bb1d97028d1c0c98972809d12e7129d18356d;p=rust-lightning diff --git a/fuzz/fuzz_targets/router_target.rs b/fuzz/fuzz_targets/router_target.rs index 13733adb..4ccd3274 100644 --- a/fuzz/fuzz_targets/router_target.rs +++ b/fuzz/fuzz_targets/router_target.rs @@ -2,15 +2,28 @@ extern crate bitcoin; extern crate lightning; extern crate secp256k1; +use bitcoin::util::hash::Sha256dHash; +use bitcoin::blockdata::script::{Script, Builder}; + +use lightning::chain::chaininterface::{ChainError,ChainWatchInterface, ChainListener}; use lightning::ln::channelmanager::ChannelDetails; use lightning::ln::msgs; -use lightning::ln::msgs::{MsgDecodable, RoutingMessageHandler}; +use lightning::ln::msgs::{RoutingMessageHandler}; use lightning::ln::router::{Router, RouteHint}; use lightning::util::reset_rng_state; +use lightning::util::logger::Logger; +use lightning::util::ser::Readable; use secp256k1::key::PublicKey; use secp256k1::Secp256k1; +mod utils; + +use utils::test_logger; + +use std::sync::{Weak, Arc}; +use std::sync::atomic::{AtomicUsize, Ordering}; + #[inline] pub fn slice_to_be16(v: &[u8]) -> u16 { ((v[0] as u16) << 8*1) | @@ -37,46 +50,94 @@ pub fn slice_to_be64(v: &[u8]) -> u64 { ((v[7] as u64) << 8*0) } + +struct InputData { + data: Vec, + read_pos: AtomicUsize, +} +impl InputData { + fn get_slice(&self, len: usize) -> Option<&[u8]> { + let old_pos = self.read_pos.fetch_add(len, Ordering::AcqRel); + if self.data.len() < old_pos + len { + return None; + } + Some(&self.data[old_pos..old_pos + len]) + } + fn get_slice_nonadvancing(&self, len: usize) -> Option<&[u8]> { + let old_pos = self.read_pos.load(Ordering::Acquire); + if self.data.len() < old_pos + len { + return None; + } + Some(&self.data[old_pos..old_pos + len]) + } +} + +struct DummyChainWatcher { + input: Arc, +} + +impl ChainWatchInterface for DummyChainWatcher { + fn install_watch_tx(&self, _txid: &Sha256dHash, _script_pub_key: &Script) { } + fn install_watch_outpoint(&self, _outpoint: (Sha256dHash, u32), _out_script: &Script) { } + fn watch_all_txn(&self) { } + fn register_listener(&self, _listener: Weak) { } + + fn get_chain_utxo(&self, _genesis_hash: Sha256dHash, _unspent_tx_output_identifier: u64) -> Result<(Script, u64), ChainError> { + match self.input.get_slice(2) { + Some(&[0, _]) => Err(ChainError::NotSupported), + Some(&[1, _]) => Err(ChainError::NotWatched), + Some(&[2, _]) => Err(ChainError::UnknownTx), + Some(&[_, x]) => Ok((Builder::new().push_int(x as i64).into_script().to_v0_p2wsh(), 0)), + None => Err(ChainError::UnknownTx), + _ => unreachable!(), + } + } +} + #[inline] pub fn do_test(data: &[u8]) { reset_rng_state(); - let mut read_pos = 0; + let input = Arc::new(InputData { + data: data.to_vec(), + read_pos: AtomicUsize::new(0), + }); macro_rules! get_slice_nonadvancing { ($len: expr) => { - { - if data.len() < read_pos + $len as usize { - return; - } - &data[read_pos..read_pos + $len as usize] + match input.get_slice_nonadvancing($len as usize) { + Some(slice) => slice, + None => return, } } } macro_rules! get_slice { ($len: expr) => { - { - let res = get_slice_nonadvancing!($len); - read_pos += $len; - res + match input.get_slice($len as usize) { + Some(slice) => slice, + None => return, } } } macro_rules! decode_msg { - ($MsgType: path, $len: expr) => { - match <($MsgType)>::decode(get_slice!($len)) { + ($MsgType: path, $len: expr) => {{ + let mut reader = ::std::io::Cursor::new(get_slice!($len)); + match <($MsgType)>::read(&mut reader) { Ok(msg) => msg, Err(e) => match e { msgs::DecodeError::UnknownRealmByte => return, + msgs::DecodeError::UnknownRequiredFeature => return, msgs::DecodeError::BadPublicKey => return, msgs::DecodeError::BadSignature => return, msgs::DecodeError::BadText => return, msgs::DecodeError::ExtraAddressesPerType => return, msgs::DecodeError::BadLengthDescriptor => return, msgs::DecodeError::ShortRead => panic!("We picked the length..."), + msgs::DecodeError::InvalidValue => panic!("Should not happen with p2p message decoding"), + msgs::DecodeError::Io(e) => panic!(format!("{}", e)), } } - } + }} } macro_rules! decode_msg_with_len16 { @@ -98,8 +159,13 @@ pub fn do_test(data: &[u8]) { } } + let logger: Arc = Arc::new(test_logger::TestLogger{}); + let chain_monitor = Arc::new(DummyChainWatcher { + input: Arc::clone(&input), + }); + let our_pubkey = get_pubkey!(); - let router = Router::new(our_pubkey.clone()); + let router = Router::new(our_pubkey.clone(), chain_monitor, Arc::clone(&logger)); loop { match get_slice!(1)[0] { @@ -156,7 +222,7 @@ pub fn do_test(data: &[u8]) { last_hops_vec.push(RouteHint { src_node_id: get_pubkey!(), short_channel_id: slice_to_be64(get_slice!(8)), - fee_base_msat: slice_to_be64(get_slice!(8)), + fee_base_msat: slice_to_be32(get_slice!(4)), fee_proportional_millionths: slice_to_be32(get_slice!(4)), cltv_expiry_delta: slice_to_be16(get_slice!(2)), htlc_minimum_msat: slice_to_be64(get_slice!(8)), @@ -172,11 +238,11 @@ pub fn do_test(data: &[u8]) { } #[cfg(feature = "afl")] -extern crate afl; +#[macro_use] extern crate afl; #[cfg(feature = "afl")] fn main() { - afl::read_stdio_bytes(|data| { - do_test(&data); + fuzz!(|data| { + do_test(data); }); } @@ -191,29 +257,12 @@ fn main() { } } +extern crate hex; #[cfg(test)] mod tests { - fn extend_vec_from_hex(hex: &str, out: &mut Vec) { - let mut b = 0; - for (idx, c) in hex.as_bytes().iter().enumerate() { - b <<= 4; - match *c { - b'A'...b'F' => b |= c - b'A' + 10, - b'a'...b'f' => b |= c - b'a' + 10, - b'0'...b'9' => b |= c - b'0', - _ => panic!("Bad hex"), - } - if (idx & 1) == 1 { - out.push(b); - b = 0; - } - } - } #[test] fn duplicate_crash() { - let mut a = Vec::new(); - extend_vec_from_hex("00", &mut a); - super::do_test(&a); + super::do_test(&::hex::decode("00").unwrap()); } }