From 913ea887fea16be5f272ff8467a0458c086e7ff1 Mon Sep 17 00:00:00 2001 From: Yuntai Kyong Date: Tue, 8 May 2018 21:57:20 +0900 Subject: [PATCH] add fuzz target for messages [[bin]] section for each new target in Cargo.toml glob chanbes in travis-fuzz.sh --- fuzz/Cargo.toml | 57 +++++++++++++++ .../msg_targets/msg_accept_channel_target.rs | 49 +++++++++++++ .../msg_targets/msg_closing_signed_target.rs | 49 +++++++++++++ .../msg_commitment_signed_target.rs | 49 +++++++++++++ .../msg_targets/msg_funding_created_target.rs | 49 +++++++++++++ .../msg_targets/msg_funding_locked_target.rs | 49 +++++++++++++ .../msg_targets/msg_funding_signed_target.rs | 49 +++++++++++++ .../msg_targets/msg_open_channel_target.rs | 49 +++++++++++++ .../msg_targets/msg_revoke_and_ack_target.rs | 49 +++++++++++++ .../msg_targets/msg_shutdown_target.rs | 49 +++++++++++++ .../msg_targets/msg_update_add_htlc_target.rs | 49 +++++++++++++ .../msg_update_fail_htlc_target.rs | 49 +++++++++++++ .../msg_update_fail_malformed_htlc_target.rs | 49 +++++++++++++ .../msg_targets/msg_update_fee_target.rs | 49 +++++++++++++ .../msg_update_fulfill_htlc_target.rs | 49 +++++++++++++ fuzz/fuzz_targets/msg_targets/utils.rs | 69 +++++++++++++++++++ fuzz/travis-fuzz.sh | 4 +- 17 files changed, 814 insertions(+), 2 deletions(-) create mode 100644 fuzz/fuzz_targets/msg_targets/msg_accept_channel_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_closing_signed_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_commitment_signed_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_funding_created_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_funding_locked_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_funding_signed_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_open_channel_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_revoke_and_ack_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_shutdown_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_update_add_htlc_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_update_fail_htlc_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_update_fail_malformed_htlc_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_update_fee_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/msg_update_fulfill_htlc_target.rs create mode 100644 fuzz/fuzz_targets/msg_targets/utils.rs diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index fc40a342b..521e93d3b 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -41,3 +41,60 @@ path = "fuzz_targets/channel_target.rs" [[bin]] name = "full_stack_target" path = "fuzz_targets/full_stack_target.rs" + +# message fuzz targets +[[bin]] +name = "msg_accept_channel_target" +path = "fuzz_targets/msg_targets/msg_accept_channel_target.rs" + +[[bin]] +name = "msg_closing_signed_target" +path = "fuzz_targets/msg_targets/msg_closing_signed_target.rs" + +[[bin]] +name = "msg_commitment_signed_target" +path = "fuzz_targets/msg_targets/msg_commitment_signed_target.rs" + +[[bin]] +name = "msg_funding_created_target" +path = "fuzz_targets/msg_targets/msg_funding_created_target.rs" + +[[bin]] +name = "msg_funding_locked_target" +path = "fuzz_targets/msg_targets/msg_funding_locked_target.rs" + +[[bin]] +name = "msg_funding_signed_target" +path = "fuzz_targets/msg_targets/msg_funding_signed_target.rs" + +[[bin]] +name = "msg_open_channel_target" +path = "fuzz_targets/msg_targets/msg_open_channel_target.rs" + +[[bin]] +name = "msg_revoke_and_ack_target" +path = "fuzz_targets/msg_targets/msg_revoke_and_ack_target.rs" + +[[bin]] +name = "msg_shutdown_target" +path = "fuzz_targets/msg_targets/msg_shutdown_target.rs" + +[[bin]] +name = "msg_update_add_htlc_target" +path = "fuzz_targets/msg_targets/msg_update_add_htlc_target.rs" + +[[bin]] +name = "msg_update_fail_malformed_htlc_target" +path = "fuzz_targets/msg_targets/msg_update_fail_malformed_htlc_target.rs" + +[[bin]] +name = "msg_update_fee_target" +path = "fuzz_targets/msg_targets/msg_update_fee_target.rs" + +[[bin]] +name = "msg_update_fulfill_htlc_target" +path = "fuzz_targets/msg_targets/msg_update_fulfill_htlc_target.rs" + +[[bin]] +name = "msg_update_fail_htlc_target" +path = "fuzz_targets/msg_targets/msg_update_fail_htlc_target.rs" diff --git a/fuzz/fuzz_targets/msg_targets/msg_accept_channel_target.rs b/fuzz/fuzz_targets/msg_targets/msg_accept_channel_target.rs new file mode 100644 index 000000000..dd44e16a1 --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_accept_channel_target.rs @@ -0,0 +1,49 @@ +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; +use utils::slice_to_be16; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + let mut read_pos = 0; + loop { + test_msg!(msgs::AcceptChannel, data, read_pos); + } +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + use utils::extend_vec_from_hex; + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_closing_signed_target.rs b/fuzz/fuzz_targets/msg_targets/msg_closing_signed_target.rs new file mode 100644 index 000000000..4e990e921 --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_closing_signed_target.rs @@ -0,0 +1,49 @@ +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; +use utils::slice_to_be16; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + let mut read_pos = 0; + loop { + test_msg!(msgs::ClosingSigned, data, read_pos); + } +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + use utils::extend_vec_from_hex; + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_commitment_signed_target.rs b/fuzz/fuzz_targets/msg_targets/msg_commitment_signed_target.rs new file mode 100644 index 000000000..7e0ff45de --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_commitment_signed_target.rs @@ -0,0 +1,49 @@ +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; +use utils::slice_to_be16; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + let mut read_pos = 0; + loop { + test_msg!(msgs::CommitmentSigned, data, read_pos); + } +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + use utils::extend_vec_from_hex; + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_funding_created_target.rs b/fuzz/fuzz_targets/msg_targets/msg_funding_created_target.rs new file mode 100644 index 000000000..ae66f5d35 --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_funding_created_target.rs @@ -0,0 +1,49 @@ +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; +use utils::slice_to_be16; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + let mut read_pos = 0; + loop { + test_msg!(msgs::FundingCreated, data, read_pos); + } +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + use utils::extend_vec_from_hex; + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_funding_locked_target.rs b/fuzz/fuzz_targets/msg_targets/msg_funding_locked_target.rs new file mode 100644 index 000000000..d3570b7ef --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_funding_locked_target.rs @@ -0,0 +1,49 @@ +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; +use utils::slice_to_be16; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + let mut read_pos = 0; + loop { + test_msg!(msgs::FundingLocked, data, read_pos); + } +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + use utils::extend_vec_from_hex; + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_funding_signed_target.rs b/fuzz/fuzz_targets/msg_targets/msg_funding_signed_target.rs new file mode 100644 index 000000000..3c4793825 --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_funding_signed_target.rs @@ -0,0 +1,49 @@ +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; +use utils::slice_to_be16; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + let mut read_pos = 0; + loop { + test_msg!(msgs::FundingSigned, data, read_pos); + } +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + use utils::extend_vec_from_hex; + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_open_channel_target.rs b/fuzz/fuzz_targets/msg_targets/msg_open_channel_target.rs new file mode 100644 index 000000000..f33988b12 --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_open_channel_target.rs @@ -0,0 +1,49 @@ +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; +use utils::slice_to_be16; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + let mut read_pos = 0; + loop { + test_msg!(msgs::OpenChannel, data, read_pos); + } +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + use utils::extend_vec_from_hex; + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_revoke_and_ack_target.rs b/fuzz/fuzz_targets/msg_targets/msg_revoke_and_ack_target.rs new file mode 100644 index 000000000..495a9ca45 --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_revoke_and_ack_target.rs @@ -0,0 +1,49 @@ +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; +use utils::slice_to_be16; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + let mut read_pos = 0; + loop { + test_msg!(msgs::RevokeAndACK, data, read_pos); + } +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + use utils::extend_vec_from_hex; + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_shutdown_target.rs b/fuzz/fuzz_targets/msg_targets/msg_shutdown_target.rs new file mode 100644 index 000000000..7eabf8095 --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_shutdown_target.rs @@ -0,0 +1,49 @@ +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; +use utils::slice_to_be16; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + let mut read_pos = 0; + loop { + test_msg!(msgs::Shutdown, data, read_pos); + } +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + use utils::extend_vec_from_hex; + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_update_add_htlc_target.rs b/fuzz/fuzz_targets/msg_targets/msg_update_add_htlc_target.rs new file mode 100644 index 000000000..674e5bfdc --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_update_add_htlc_target.rs @@ -0,0 +1,49 @@ +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; +use utils::slice_to_be16; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + let mut read_pos = 0; + loop { + test_msg!(msgs::UpdateAddHTLC, data, read_pos); + } +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + use utils::extend_vec_from_hex; + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_update_fail_htlc_target.rs b/fuzz/fuzz_targets/msg_targets/msg_update_fail_htlc_target.rs new file mode 100644 index 000000000..0c4a9f10d --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_update_fail_htlc_target.rs @@ -0,0 +1,49 @@ +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; +use utils::slice_to_be16; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + let mut read_pos = 0; + loop { + test_msg!(msgs::UpdateFailHTLC, data, read_pos); + } +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + use utils::extend_vec_from_hex; + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_update_fail_malformed_htlc_target.rs b/fuzz/fuzz_targets/msg_targets/msg_update_fail_malformed_htlc_target.rs new file mode 100644 index 000000000..bf64a1ee8 --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_update_fail_malformed_htlc_target.rs @@ -0,0 +1,49 @@ +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; +use utils::slice_to_be16; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + let mut read_pos = 0; + loop { + test_msg!(msgs::UpdateFailMalformedHTLC, data, read_pos); + } +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + use utils::extend_vec_from_hex; + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_update_fee_target.rs b/fuzz/fuzz_targets/msg_targets/msg_update_fee_target.rs new file mode 100644 index 000000000..817a44d5e --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_update_fee_target.rs @@ -0,0 +1,49 @@ +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; +use utils::slice_to_be16; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + let mut read_pos = 0; + loop { + test_msg!(msgs::UpdateFee, data, read_pos); + } +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + use utils::extend_vec_from_hex; + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/msg_update_fulfill_htlc_target.rs b/fuzz/fuzz_targets/msg_targets/msg_update_fulfill_htlc_target.rs new file mode 100644 index 000000000..e3747e475 --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/msg_update_fulfill_htlc_target.rs @@ -0,0 +1,49 @@ +extern crate lightning; + +use lightning::ln::msgs; +use lightning::util::reset_rng_state; + +use lightning::ln::msgs::{MsgEncodable, MsgDecodable}; + +mod utils; +use utils::slice_to_be16; + +#[inline] +pub fn do_test(data: &[u8]) { + reset_rng_state(); + let mut read_pos = 0; + loop { + test_msg!(msgs::UpdateFulfillHTLC, data, read_pos); + } +} + +#[cfg(feature = "afl")] +extern crate afl; +#[cfg(feature = "afl")] +fn main() { + afl::read_stdio_bytes(|data| { + do_test(&data); + }); +} + +#[cfg(feature = "honggfuzz")] +#[macro_use] extern crate honggfuzz; +#[cfg(feature = "honggfuzz")] +fn main() { + loop { + fuzz!(|data| { + do_test(data); + }); + } +} + +#[cfg(test)] +mod tests { + use utils::extend_vec_from_hex; + #[test] + fn duplicate_crash() { + let mut a = Vec::new(); + extend_vec_from_hex("00", &mut a); + super::do_test(&a); + } +} diff --git a/fuzz/fuzz_targets/msg_targets/utils.rs b/fuzz/fuzz_targets/msg_targets/utils.rs new file mode 100644 index 000000000..cb4de5eb9 --- /dev/null +++ b/fuzz/fuzz_targets/msg_targets/utils.rs @@ -0,0 +1,69 @@ +#![macro_use] + +#[allow(dead_code)] +#[inline] +pub fn slice_to_be16(v: &[u8]) -> u16 { + ((v[0] as u16) << 8*1) | + ((v[1] as u16) << 8*0) +} + +#[macro_export] +macro_rules! test_msg { + ($MsgType: path, $data: ident, $read_pos: ident) => { + { + let len = slice_to_be16(get_slice!($data, $read_pos, 2)); + let raw = get_slice!($data, $read_pos, len); + let cb = decode_msg!($MsgType, raw).encode(); + assert_eq!(&raw[..cb.len()], &cb[..]); + } + } +} + +#[macro_export] +macro_rules! decode_msg { + ($MsgType: path, $data: expr) => { + match <($MsgType)>::decode($data) { + Ok(msg) => msg, + Err(e) => match e { + msgs::DecodeError::UnknownRealmByte => return, + msgs::DecodeError::BadPublicKey => return, + msgs::DecodeError::BadSignature => return, + msgs::DecodeError::ExtraAddressesPerType => return, + msgs::DecodeError::WrongLength => return, + } + } + } +} + +#[macro_export] +macro_rules! get_slice { + ($data: ident, $read_pos: ident, $len: expr) => { + { + let slice_len = $len as usize; + if $data.len() < $read_pos + slice_len { + return; + } + $read_pos += slice_len; + &$data[$read_pos - slice_len..$read_pos] + } + } +} + +#[allow(dead_code)] +#[cfg(test)] +pub fn extend_vec_from_hex(hex: &str, out: &mut Vec) { + let mut b = 0; + for (idx, c) in hex.as_bytes().iter().enumerate() { + b <<= 4; + match *c { + b'A'...b'F' => b |= c - b'A' + 10, + b'a'...b'f' => b |= c - b'a' + 10, + b'0'...b'9' => b |= c - b'0', + _ => panic!("Bad hex"), + } + if (idx & 1) == 1 { + out.push(b); + b = 0; + } + } +} diff --git a/fuzz/travis-fuzz.sh b/fuzz/travis-fuzz.sh index 5129799ae..a60d11855 100755 --- a/fuzz/travis-fuzz.sh +++ b/fuzz/travis-fuzz.sh @@ -1,8 +1,8 @@ #!/bin/bash set -e cargo install --force honggfuzz -for TARGET in fuzz_targets/*; do - FILENAME=$(basename $TARGET) +for TARGET in fuzz_targets/*.rs fuzz_targets/msg_targets/*_target.rs; do + FILENAME=$(basename $TARGET) FILE="${FILENAME%.*}" HFUZZ_BUILD_ARGS="--features honggfuzz_fuzz" HFUZZ_RUN_ARGS="-N1000000 --exit_upon_crash -v" cargo hfuzz run $FILE if [ -f hfuzz_workspace/$FILE/HONGGFUZZ.REPORT.TXT ]; then -- 2.39.5