From a73dea77226444bb2bce4d2db2c9f142bbeea0a7 Mon Sep 17 00:00:00 2001
From: Matt Corallo <git@bluematt.me>
Date: Sat, 16 Jun 2018 19:48:09 -0400
Subject: [PATCH] Add ping/pong fuzz targets

---
 fuzz/Cargo.toml                      |  8 ++++
 fuzz/fuzz_targets/msg_ping_target.rs | 63 ++++++++++++++++++++++++++++
 fuzz/fuzz_targets/msg_pong_target.rs | 63 ++++++++++++++++++++++++++++
 3 files changed, 134 insertions(+)
 create mode 100644 fuzz/fuzz_targets/msg_ping_target.rs
 create mode 100644 fuzz/fuzz_targets/msg_pong_target.rs

diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
index bcaa2932..c302292e 100644
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@@ -43,6 +43,14 @@ name = "full_stack_target"
 path = "fuzz_targets/full_stack_target.rs"
 
 # message fuzz targets
+[[bin]]
+name = "msg_ping_target"
+path = "fuzz_targets/msg_ping_target.rs"
+
+[[bin]]
+name = "msg_pong_target"
+path = "fuzz_targets/msg_pong_target.rs"
+
 [[bin]]
 name = "msg_accept_channel_target"
 path = "fuzz_targets/msg_targets/msg_accept_channel_target.rs"
diff --git a/fuzz/fuzz_targets/msg_ping_target.rs b/fuzz/fuzz_targets/msg_ping_target.rs
new file mode 100644
index 00000000..f2eaf0db
--- /dev/null
+++ b/fuzz/fuzz_targets/msg_ping_target.rs
@@ -0,0 +1,63 @@
+// This file is auto-generated by gen_target.sh based on msg_target_template.txt
+// To modify it, modify msg_target_template.txt and run gen_target.sh instead.
+
+extern crate lightning;
+
+use lightning::util::reset_rng_state;
+
+use lightning::ln::msgs::{MsgEncodable, MsgDecodable, Ping};
+
+#[inline]
+pub fn do_test(data: &[u8]) {
+	reset_rng_state();
+	if let Ok(msg) = Ping::decode(data) {
+		let _ = msg.encode();
+	}
+}
+
+#[cfg(feature = "afl")]
+extern crate afl;
+#[cfg(feature = "afl")]
+fn main() {
+	afl::read_stdio_bytes(|data| {
+		do_test(&data);
+	});
+}
+
+#[cfg(feature = "honggfuzz")]
+#[macro_use] extern crate honggfuzz;
+#[cfg(feature = "honggfuzz")]
+fn main() {
+	loop {
+		fuzz!(|data| {
+			do_test(data);
+		});
+	}
+}
+
+#[cfg(test)]
+mod tests {
+	fn extend_vec_from_hex(hex: &str, out: &mut Vec<u8>) {
+		let mut b = 0;
+		for (idx, c) in hex.as_bytes().iter().enumerate() {
+			b <<= 4;
+			match *c {
+				b'A'...b'F' => b |= c - b'A' + 10,
+				b'a'...b'f' => b |= c - b'a' + 10,
+				b'0'...b'9' => b |= c - b'0',
+				_ => panic!("Bad hex"),
+			}
+			if (idx & 1) == 1 {
+				out.push(b);
+				b = 0;
+			}
+		}
+	}
+
+	#[test]
+	fn duplicate_crash() {
+		let mut a = Vec::new();
+		extend_vec_from_hex("00", &mut a);
+		super::do_test(&a);
+	}
+}
diff --git a/fuzz/fuzz_targets/msg_pong_target.rs b/fuzz/fuzz_targets/msg_pong_target.rs
new file mode 100644
index 00000000..9843b79a
--- /dev/null
+++ b/fuzz/fuzz_targets/msg_pong_target.rs
@@ -0,0 +1,63 @@
+// This file is auto-generated by gen_target.sh based on msg_target_template.txt
+// To modify it, modify msg_target_template.txt and run gen_target.sh instead.
+
+extern crate lightning;
+
+use lightning::util::reset_rng_state;
+
+use lightning::ln::msgs::{MsgEncodable, MsgDecodable, Pong};
+
+#[inline]
+pub fn do_test(data: &[u8]) {
+	reset_rng_state();
+	if let Ok(msg) = Pong::decode(data) {
+		let _ = msg.encode();
+	}
+}
+
+#[cfg(feature = "afl")]
+extern crate afl;
+#[cfg(feature = "afl")]
+fn main() {
+	afl::read_stdio_bytes(|data| {
+		do_test(&data);
+	});
+}
+
+#[cfg(feature = "honggfuzz")]
+#[macro_use] extern crate honggfuzz;
+#[cfg(feature = "honggfuzz")]
+fn main() {
+	loop {
+		fuzz!(|data| {
+			do_test(data);
+		});
+	}
+}
+
+#[cfg(test)]
+mod tests {
+	fn extend_vec_from_hex(hex: &str, out: &mut Vec<u8>) {
+		let mut b = 0;
+		for (idx, c) in hex.as_bytes().iter().enumerate() {
+			b <<= 4;
+			match *c {
+				b'A'...b'F' => b |= c - b'A' + 10,
+				b'a'...b'f' => b |= c - b'a' + 10,
+				b'0'...b'9' => b |= c - b'0',
+				_ => panic!("Bad hex"),
+			}
+			if (idx & 1) == 1 {
+				out.push(b);
+				b = 0;
+			}
+		}
+	}
+
+	#[test]
+	fn duplicate_crash() {
+		let mut a = Vec::new();
+		extend_vec_from_hex("00", &mut a);
+		super::do_test(&a);
+	}
+}
-- 
2.30.2