doc/html/test_2fuzz_2util_2net_8cpp_source.html

 // Copyright (c) 2009-2022 The Bitcoin Core developers
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.

 #include <test/fuzz/util/net.h>

 #include <compat/compat.h>
 #include <netaddress.h>
 #include <protocol.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/util.h>
 #include <test/util/net.h>
 #include <util/sock.h>
 #include <util/time.h>
 #include <version.h>

 #include <array>
 #include <cassert>
 #include <cerrno>
 #include <cstdint>
 #include <cstdlib>
 #include <cstring>
 #include <thread>
 #include <vector>

 class CNode;

 CNetAddr ConsumeNetAddr(FuzzedDataProvider& fuzzed_data_provider) noexcept
 {
     const Network network = fuzzed_data_provider.PickValueInArray({Network::NET_IPV4, Network::NET_IPV6, Network::NET_INTERNAL, Network::NET_ONION});
     CNetAddr net_addr;
     if (network == Network::NET_IPV4) {
         in_addr v4_addr = {};
         v4_addr.s_addr = fuzzed_data_provider.ConsumeIntegral<uint32_t>();
         net_addr = CNetAddr{v4_addr};
     } else if (network == Network::NET_IPV6) {
         if (fuzzed_data_provider.remaining_bytes() >= 16) {
             in6_addr v6_addr = {};
             auto addr_bytes = fuzzed_data_provider.ConsumeBytes<uint8_t>(16);
             if (addr_bytes[0] == CJDNS_PREFIX) { // Avoid generating IPv6 addresses that look like CJDNS.
                 addr_bytes[0] = 0x55; // Just an arbitrary number, anything != CJDNS_PREFIX would do.
             }
             memcpy(v6_addr.s6_addr, addr_bytes.data(), 16);
             net_addr = CNetAddr{v6_addr, fuzzed_data_provider.ConsumeIntegral<uint32_t>()};
         }
     } else if (network == Network::NET_INTERNAL) {
         net_addr.SetInternal(fuzzed_data_provider.ConsumeBytesAsString(32));
     } else if (network == Network::NET_ONION) {
         auto pub_key{fuzzed_data_provider.ConsumeBytes<uint8_t>(ADDR_TORV3_SIZE)};
         pub_key.resize(ADDR_TORV3_SIZE);
         const bool ok{net_addr.SetSpecial(OnionToString(pub_key))};
         assert(ok);
     }
     return net_addr;
 }

 CAddress ConsumeAddress(FuzzedDataProvider& fuzzed_data_provider) noexcept
 {
     return {ConsumeService(fuzzed_data_provider), ConsumeWeakEnum(fuzzed_data_provider, ALL_SERVICE_FLAGS), NodeSeconds{std::chrono::seconds{fuzzed_data_provider.ConsumeIntegral<uint32_t>()}}};
 }

 template <typename P>
 P ConsumeDeserializationParams(FuzzedDataProvider& fuzzed_data_provider) noexcept
 {
     constexpr std::array ADDR_ENCODINGS{
         CNetAddr::Encoding::V1,
         CNetAddr::Encoding::V2,
     };
     constexpr std::array ADDR_FORMATS{
         CAddress::Format::Disk,
         CAddress::Format::Network,
     };
     if constexpr (std::is_same_v<P, CNetAddr::SerParams>) {
         return P{PickValue(fuzzed_data_provider, ADDR_ENCODINGS)};
     }
     if constexpr (std::is_same_v<P, CAddress::SerParams>) {
         return P{{PickValue(fuzzed_data_provider, ADDR_ENCODINGS)}, PickValue(fuzzed_data_provider, ADDR_FORMATS)};
     }
 }
 template CNetAddr::SerParams ConsumeDeserializationParams(FuzzedDataProvider&) noexcept;
 template CAddress::SerParams ConsumeDeserializationParams(FuzzedDataProvider&) noexcept;

 FuzzedSock::FuzzedSock(FuzzedDataProvider& fuzzed_data_provider)
     : Sock{fuzzed_data_provider.ConsumeIntegralInRange<SOCKET>(INVALID_SOCKET - 1, INVALID_SOCKET)},
       m_fuzzed_data_provider{fuzzed_data_provider},
       m_selectable{fuzzed_data_provider.ConsumeBool()}
 {
 }

 FuzzedSock::~FuzzedSock()
 {
     // Sock::~Sock() will be called after FuzzedSock::~FuzzedSock() and it will call
     // close(m_socket) if m_socket is not INVALID_SOCKET.
     // Avoid closing an arbitrary file descriptor (m_socket is just a random very high number which
     // theoretically may concide with a real opened file descriptor).
     m_socket = INVALID_SOCKET;
 }

 FuzzedSock& FuzzedSock::operator=(Sock&& other)
 {
     assert(false && "Move of Sock into FuzzedSock not allowed.");
     return *this;
 }

 ssize_t FuzzedSock::Send(const void* data, size_t len, int flags) const
 {
     constexpr std::array send_errnos{
         EACCES,
         EAGAIN,
         EALREADY,
         EBADF,
         ECONNRESET,
         EDESTADDRREQ,
         EFAULT,
         EINTR,
         EINVAL,
         EISCONN,
         EMSGSIZE,
         ENOBUFS,
         ENOMEM,
         ENOTCONN,
         ENOTSOCK,
         EOPNOTSUPP,
         EPIPE,
         EWOULDBLOCK,
     };
     if (m_fuzzed_data_provider.ConsumeBool()) {
         return len;
     }
     const ssize_t r = m_fuzzed_data_provider.ConsumeIntegralInRange<ssize_t>(-1, len);
     if (r == -1) {
         SetFuzzedErrNo(m_fuzzed_data_provider, send_errnos);
     }
     return r;
 }

 ssize_t FuzzedSock::Recv(void* buf, size_t len, int flags) const
 {
     // Have a permanent error at recv_errnos[0] because when the fuzzed data is exhausted
     // SetFuzzedErrNo() will always return the first element and we want to avoid Recv()
     // returning -1 and setting errno to EAGAIN repeatedly.
     constexpr std::array recv_errnos{
         ECONNREFUSED,
         EAGAIN,
         EBADF,
         EFAULT,
         EINTR,
         EINVAL,
         ENOMEM,
         ENOTCONN,
         ENOTSOCK,
         EWOULDBLOCK,
     };
     assert(buf != nullptr || len == 0);
     if (len == 0 || m_fuzzed_data_provider.ConsumeBool()) {
         const ssize_t r = m_fuzzed_data_provider.ConsumeBool() ? 0 : -1;
         if (r == -1) {
             SetFuzzedErrNo(m_fuzzed_data_provider, recv_errnos);
         }
         return r;
     }
     std::vector<uint8_t> random_bytes;
     bool pad_to_len_bytes{m_fuzzed_data_provider.ConsumeBool()};
     if (m_peek_data.has_value()) {
         // `MSG_PEEK` was used in the preceding `Recv()` call, return `m_peek_data`.
         random_bytes.assign({m_peek_data.value()});
         if ((flags & MSG_PEEK) == 0) {
             m_peek_data.reset();
         }
         pad_to_len_bytes = false;
     } else if ((flags & MSG_PEEK) != 0) {
         // New call with `MSG_PEEK`.
         random_bytes = m_fuzzed_data_provider.ConsumeBytes<uint8_t>(1);
         if (!random_bytes.empty()) {
             m_peek_data = random_bytes[0];
             pad_to_len_bytes = false;
         }
     } else {
         random_bytes = m_fuzzed_data_provider.ConsumeBytes<uint8_t>(
             m_fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, len));
     }
     if (random_bytes.empty()) {
         const ssize_t r = m_fuzzed_data_provider.ConsumeBool() ? 0 : -1;
         if (r == -1) {
             SetFuzzedErrNo(m_fuzzed_data_provider, recv_errnos);
         }
         return r;
     }
     std::memcpy(buf, random_bytes.data(), random_bytes.size());
     if (pad_to_len_bytes) {
         if (len > random_bytes.size()) {
             std::memset((char*)buf + random_bytes.size(), 0, len - random_bytes.size());
         }
         return len;
     }
     if (m_fuzzed_data_provider.ConsumeBool() && std::getenv("FUZZED_SOCKET_FAKE_LATENCY") != nullptr) {
         std::this_thread::sleep_for(std::chrono::milliseconds{2});
     }
     return random_bytes.size();
 }

 int FuzzedSock::Connect(const sockaddr*, socklen_t) const
 {
     // Have a permanent error at connect_errnos[0] because when the fuzzed data is exhausted
     // SetFuzzedErrNo() will always return the first element and we want to avoid Connect()
     // returning -1 and setting errno to EAGAIN repeatedly.
     constexpr std::array connect_errnos{
         ECONNREFUSED,
         EAGAIN,
         ECONNRESET,
         EHOSTUNREACH,
         EINPROGRESS,
         EINTR,
         ENETUNREACH,
         ETIMEDOUT,
     };
     if (m_fuzzed_data_provider.ConsumeBool()) {
         SetFuzzedErrNo(m_fuzzed_data_provider, connect_errnos);
         return -1;
     }
     return 0;
 }

 int FuzzedSock::Bind(const sockaddr*, socklen_t) const
 {
     // Have a permanent error at bind_errnos[0] because when the fuzzed data is exhausted
     // SetFuzzedErrNo() will always set the global errno to bind_errnos[0]. We want to
     // avoid this method returning -1 and setting errno to a temporary error (like EAGAIN)
     // repeatedly because proper code should retry on temporary errors, leading to an
     // infinite loop.
     constexpr std::array bind_errnos{
         EACCES,
         EADDRINUSE,
         EADDRNOTAVAIL,
         EAGAIN,
     };
     if (m_fuzzed_data_provider.ConsumeBool()) {
         SetFuzzedErrNo(m_fuzzed_data_provider, bind_errnos);
         return -1;
     }
     return 0;
 }

 int FuzzedSock::Listen(int) const
 {
     // Have a permanent error at listen_errnos[0] because when the fuzzed data is exhausted
     // SetFuzzedErrNo() will always set the global errno to listen_errnos[0]. We want to
     // avoid this method returning -1 and setting errno to a temporary error (like EAGAIN)
     // repeatedly because proper code should retry on temporary errors, leading to an
     // infinite loop.
     constexpr std::array listen_errnos{
         EADDRINUSE,
         EINVAL,
         EOPNOTSUPP,
     };
     if (m_fuzzed_data_provider.ConsumeBool()) {
         SetFuzzedErrNo(m_fuzzed_data_provider, listen_errnos);
         return -1;
     }
     return 0;
 }

 std::unique_ptr<Sock> FuzzedSock::Accept(sockaddr* addr, socklen_t* addr_len) const
 {
     constexpr std::array accept_errnos{
         ECONNABORTED,
         EINTR,
         ENOMEM,
     };
     if (m_fuzzed_data_provider.ConsumeBool()) {
         SetFuzzedErrNo(m_fuzzed_data_provider, accept_errnos);
         return std::unique_ptr<FuzzedSock>();
     }
     return std::make_unique<FuzzedSock>(m_fuzzed_data_provider);
 }

 int FuzzedSock::GetSockOpt(int level, int opt_name, void* opt_val, socklen_t* opt_len) const
 {
     constexpr std::array getsockopt_errnos{
         ENOMEM,
         ENOBUFS,
     };
     if (m_fuzzed_data_provider.ConsumeBool()) {
         SetFuzzedErrNo(m_fuzzed_data_provider, getsockopt_errnos);
         return -1;
     }
     if (opt_val == nullptr) {
         return 0;
     }
     std::memcpy(opt_val,
                 ConsumeFixedLengthByteVector(m_fuzzed_data_provider, *opt_len).data(),
                 *opt_len);
     return 0;
 }

 int FuzzedSock::SetSockOpt(int, int, const void*, socklen_t) const
 {
     constexpr std::array setsockopt_errnos{
         ENOMEM,
         ENOBUFS,
     };
     if (m_fuzzed_data_provider.ConsumeBool()) {
         SetFuzzedErrNo(m_fuzzed_data_provider, setsockopt_errnos);
         return -1;
     }
     return 0;
 }

 int FuzzedSock::GetSockName(sockaddr* name, socklen_t* name_len) const
 {
     constexpr std::array getsockname_errnos{
         ECONNRESET,
         ENOBUFS,
     };
     if (m_fuzzed_data_provider.ConsumeBool()) {
         SetFuzzedErrNo(m_fuzzed_data_provider, getsockname_errnos);
         return -1;
     }
     *name_len = m_fuzzed_data_provider.ConsumeData(name, *name_len);
     return 0;
 }

 bool FuzzedSock::SetNonBlocking() const
 {
     constexpr std::array setnonblocking_errnos{
         EBADF,
         EPERM,
     };
     if (m_fuzzed_data_provider.ConsumeBool()) {
         SetFuzzedErrNo(m_fuzzed_data_provider, setnonblocking_errnos);
         return false;
     }
     return true;
 }

 bool FuzzedSock::IsSelectable() const
 {
     return m_selectable;
 }

 bool FuzzedSock::Wait(std::chrono::milliseconds timeout, Event requested, Event* occurred) const
 {
     constexpr std::array wait_errnos{
         EBADF,
         EINTR,
         EINVAL,
     };
     if (m_fuzzed_data_provider.ConsumeBool()) {
         SetFuzzedErrNo(m_fuzzed_data_provider, wait_errnos);
         return false;
     }
     if (occurred != nullptr) {
         *occurred = m_fuzzed_data_provider.ConsumeBool() ? requested : 0;
     }
     return true;
 }

 bool FuzzedSock::WaitMany(std::chrono::milliseconds timeout, EventsPerSock& events_per_sock) const
 {
     for (auto& [sock, events] : events_per_sock) {
         (void)sock;
         events.occurred = m_fuzzed_data_provider.ConsumeBool() ? events.requested : 0;
     }
     return true;
 }

 bool FuzzedSock::IsConnected(std::string& errmsg) const
 {
     if (m_fuzzed_data_provider.ConsumeBool()) {
         return true;
     }
     errmsg = "disconnected at random by the fuzzer";
     return false;
 }

 void FillNode(FuzzedDataProvider& fuzzed_data_provider, ConnmanTestMsg& connman, CNode& node) noexcept
 {
     connman.Handshake(node,
                       /*successfully_connected=*/fuzzed_data_provider.ConsumeBool(),
                       /*remote_services=*/ConsumeWeakEnum(fuzzed_data_provider, ALL_SERVICE_FLAGS),
                       /*local_services=*/ConsumeWeakEnum(fuzzed_data_provider, ALL_SERVICE_FLAGS),
                       /*version=*/fuzzed_data_provider.ConsumeIntegralInRange<int32_t>(MIN_PEER_PROTO_VERSION, std::numeric_limits<int32_t>::max()),
                       /*relay_txs=*/fuzzed_data_provider.ConsumeBool());
 }
ConnmanTestMsg
Definition: net.h:20

ConsumeFixedLengthByteVector
std::vector< B > ConsumeFixedLengthByteVector(FuzzedDataProvider &fuzzed_data_provider, const size_t length) noexcept
Returns a byte vector of specified size regardless of the number of remaining bytes available from th...
Definition: util.h:237

FillNode
void FillNode(FuzzedDataProvider &fuzzed_data_provider, ConnmanTestMsg &connman, CNode &node) noexcept
Definition: net.cpp:376

net.h

assert
assert(!tx.IsCoinBase())

FuzzedSock::operator=
FuzzedSock & operator=(Sock &&other) override
Move assignment operator, grab the socket from another object and close ours (if set).
Definition: net.cpp:99

NET_INTERNAL
A set of addresses that represent the hash of a string or FQDN.
Definition: netaddress.h:57

FuzzedDataProvider.h

time.h

ConsumeWeakEnum
WeakEnumType ConsumeWeakEnum(FuzzedDataProvider &fuzzed_data_provider, const WeakEnumType(&all_types)[size]) noexcept
Definition: util.h:132

ADDR_TORV3_SIZE
static constexpr size_t ADDR_TORV3_SIZE
Size of TORv3 address (in bytes).
Definition: netaddress.h:96

NET_IPV4
IPv4.
Definition: netaddress.h:41

ConsumeNetAddr
CNetAddr ConsumeNetAddr(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: net.cpp:28

Sock::m_socket
SOCKET m_socket
Contained socket.
Definition: sock.h:268

FuzzedSock::SetSockOpt
int SetSockOpt(int level, int opt_name, const void *opt_val, socklen_t opt_len) const override
setsockopt(2) wrapper.
Definition: net.cpp:296

CNetAddr::SetSpecial
bool SetSpecial(const std::string &addr)
Parse a Tor or I2P address and set this object to it.
Definition: netaddress.cpp:208

FuzzedSock::IsConnected
bool IsConnected(std::string &errmsg) const override
Check if still connected.
Definition: net.cpp:367

FuzzedSock::Recv
ssize_t Recv(void *buf, size_t len, int flags) const override
recv(2) wrapper.
Definition: net.cpp:137

INVALID_SOCKET
#define INVALID_SOCKET
Definition: compat.h:53

FuzzedSock::m_peek_data
std::optional< uint8_t > m_peek_data
Data to return when MSG_PEEK is used as a Recv() flag.
Definition: net.h:38

CAddress::Format::Disk

FuzzedSock
Definition: net.h:29

FuzzedSock::Send
ssize_t Send(const void *data, size_t len, int flags) const override
send(2) wrapper.
Definition: net.cpp:105

ConsumeAddress
CAddress ConsumeAddress(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: net.cpp:57

NodeSeconds
std::chrono::time_point< NodeClock, std::chrono::seconds > NodeSeconds
Definition: time.h:23

ALL_SERVICE_FLAGS
constexpr ServiceFlags ALL_SERVICE_FLAGS[]
Definition: net.h:61

netaddress.h

FuzzedSock::Wait
bool Wait(std::chrono::milliseconds timeout, Event requested, Event *occurred=nullptr) const override
Wait for readiness for input (recv) or output (send).
Definition: net.cpp:341

Sock::EventsPerSock
std::unordered_map< std::shared_ptr< const Sock >, Events, HashSharedPtrSock, EqualSharedPtrSock > EventsPerSock
On which socket to wait for what events in WaitMany().
Definition: sock.h:208

name
const char * name
Definition: rest.cpp:45

ConsumeService
CService ConsumeService(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: net.h:93

ConsumeDeserializationParams
P ConsumeDeserializationParams(FuzzedDataProvider &fuzzed_data_provider) noexcept
Definition: net.cpp:63

CAddress
A CService with information about it as peer.
Definition: protocol.h:362

Network
Network
A network type.
Definition: netaddress.h:36

sock.h

FuzzedSock::~FuzzedSock
~FuzzedSock() override
Definition: net.cpp:90

FuzzedSock::GetSockOpt
int GetSockOpt(int level, int opt_name, void *opt_val, socklen_t *opt_len) const override
getsockopt(2) wrapper.
Definition: net.cpp:277

FuzzedDataProvider
Definition: FuzzedDataProvider.h:31

FuzzedSock::Accept
std::unique_ptr< Sock > Accept(sockaddr *addr, socklen_t *addr_len) const override
accept(2) wrapper.
Definition: net.cpp:263

FuzzedDataProvider::ConsumeData
size_t ConsumeData(void *destination, size_t num_bytes)
Definition: FuzzedDataProvider.h:329

Sock::Event
uint8_t Event
Definition: sock.h:138

compat.h

FuzzedSock::Connect
int Connect(const sockaddr *, socklen_t) const override
connect(2) wrapper.
Definition: net.cpp:202

SOCKET
unsigned int SOCKET
Definition: compat.h:43

FuzzedSock::FuzzedSock
FuzzedSock(FuzzedDataProvider &fuzzed_data_provider)
Definition: net.cpp:83

node
Definition: init.h:25

CNode::addr
const CAddress addr
Definition: net.h:720

CJDNS_PREFIX
static constexpr uint8_t CJDNS_PREFIX
All CJDNS addresses start with 0xFC.
Definition: netaddress.h:86

version.h

FuzzedDataProvider::ConsumeBytes
std::vector< T > ConsumeBytes(size_t num_bytes)
Definition: FuzzedDataProvider.h:108

flags
int flags
Definition: bitcoin-tx.cpp:528

CNetAddr
Network address.
Definition: netaddress.h:115

FuzzedSock::m_fuzzed_data_provider
FuzzedDataProvider & m_fuzzed_data_provider
Definition: net.h:31

CAddress::Format::Network

util.h

MIN_PEER_PROTO_VERSION
static const int MIN_PEER_PROTO_VERSION
disconnect from peers older than this proto version
Definition: version.h:18

FuzzedSock::WaitMany
bool WaitMany(std::chrono::milliseconds timeout, EventsPerSock &events_per_sock) const override
Same as Wait(), but wait on many sockets within the same timeout.
Definition: net.cpp:358

CNetAddr::Encoding::V2
BIP155 encoding.

NET_IPV6
IPv6.
Definition: netaddress.h:44

NET_ONION
TOR (v2 or v3)
Definition: netaddress.h:47

SetFuzzedErrNo
void SetFuzzedErrNo(FuzzedDataProvider &fuzzed_data_provider, const std::array< T, size > &errnos)
Sets errno to a value selected from the given std::array errnos.
Definition: util.h:217

CAddress::SerParams
Definition: protocol.h:400

OnionToString
std::string OnionToString(Span< const uint8_t > addr)
Definition: netaddress.cpp:570

Sock
RAII helper class that manages a socket and closes it automatically when it goes out of scope...
Definition: sock.h:26

FuzzedSock::SetNonBlocking
bool SetNonBlocking() const override
Set the non-blocking option on the socket.
Definition: net.cpp:323

PickValue
auto & PickValue(FuzzedDataProvider &fuzzed_data_provider, Collection &col)
Definition: util.h:48

FuzzedSock::m_selectable
const bool m_selectable
Whether to pretend that the socket is select(2)-able.
Definition: net.h:45

FuzzedSock::GetSockName
int GetSockName(sockaddr *name, socklen_t *name_len) const override
getsockname(2) wrapper.
Definition: net.cpp:309

CNetAddr::Encoding::V1

CNode
Information about a peer.
Definition: net.h:683

FuzzedDataProvider::ConsumeIntegralInRange
T ConsumeIntegralInRange(T min, T max)
Definition: FuzzedDataProvider.h:204

CNetAddr::SetInternal
bool SetInternal(const std::string &name)
Create an "internal" address that represents a name or FQDN.
Definition: netaddress.cpp:169

FuzzedSock::IsSelectable
bool IsSelectable() const override
Check if the underlying socket can be used for select(2) (or the Wait() method).
Definition: net.cpp:336

net.h

FuzzedSock::Bind
int Bind(const sockaddr *, socklen_t) const override
bind(2) wrapper.
Definition: net.cpp:224

FuzzedSock::Listen
int Listen(int backlog) const override
listen(2) wrapper.
Definition: net.cpp:244

CNetAddr::SerParams
Definition: netaddress.h:231

FuzzedDataProvider::ConsumeBool
bool ConsumeBool()
Definition: FuzzedDataProvider.h:288