diff options
| author | MarcoFalke <falke.marco@gmail.com> | 2020-03-18 15:48:22 -0400 |
|---|---|---|
| committer | MarcoFalke <falke.marco@gmail.com> | 2020-03-18 15:48:27 -0400 |
| commit | e83a1de4c03f305f4a89febc648168003a6e7987 (patch) | |
| tree | 8723b0fe088395b2588e2e762e98d945b0ea882f /src | |
| parent | dbb067da389d457e73c6ecbf6389baa3ab082b46 (diff) | |
| parent | 5e47b19e50cf5a8de77dfe363988522cfd212c06 (diff) | |
Merge #18155: tests: Add harness which fuzzes EvalScript and VerifyScript using a fuzzed signature checker
5e47b19e50cf5a8de77dfe363988522cfd212c06 tests: Add harness which fuzzes EvalScript and VerifyScript using a fuzzed signature checker (practicalswift)
Pull request description:
Add harness which fuzzes `EvalScript` and `VerifyScript` using a fuzzed signature checker.
Test this PR using:
```
$ make distclean
$ ./autogen.sh
$ CC=clang CXX=clang++ ./configure --enable-fuzz \
--with-sanitizers=address,fuzzer,undefined
$ make
$ src/test/fuzz/signature_checker
…
```
Closes #17986.
Top commit has no ACKs.
Tree-SHA512: a9988f8fa7919fe470756ca3e4e75764a589f590769aab452c8f4c254cf41667793e52131d470a12629ec3681fa7fc20091f371b8f3e3eec105674c2769e7d7e
Diffstat (limited to 'src')
| -rw-r--r-- | src/Makefile.test.include | 7 | ||||
| -rw-r--r-- | src/test/fuzz/signature_checker.cpp | 68 |
2 files changed, 75 insertions, 0 deletions
diff --git a/src/Makefile.test.include b/src/Makefile.test.include index 9697a157fb..e92b02a9bc 100644 --- a/src/Makefile.test.include +++ b/src/Makefile.test.include @@ -91,6 +91,7 @@ FUZZ_TARGETS = \ test/fuzz/script_ops \ test/fuzz/scriptnum_ops \ test/fuzz/service_deserialize \ + test/fuzz/signature_checker \ test/fuzz/snapshotmetadata_deserialize \ test/fuzz/spanparsing \ test/fuzz/string \ @@ -809,6 +810,12 @@ test_fuzz_service_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON) test_fuzz_service_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) test_fuzz_service_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp +test_fuzz_signature_checker_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) +test_fuzz_signature_checker_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) +test_fuzz_signature_checker_LDADD = $(FUZZ_SUITE_LD_COMMON) +test_fuzz_signature_checker_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) +test_fuzz_signature_checker_SOURCES = $(FUZZ_SUITE) test/fuzz/signature_checker.cpp + test_fuzz_snapshotmetadata_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DSNAPSHOTMETADATA_DESERIALIZE=1 test_fuzz_snapshotmetadata_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS) test_fuzz_snapshotmetadata_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON) diff --git a/src/test/fuzz/signature_checker.cpp b/src/test/fuzz/signature_checker.cpp new file mode 100644 index 0000000000..312db27adc --- /dev/null +++ b/src/test/fuzz/signature_checker.cpp @@ -0,0 +1,68 @@ +// Copyright (c) 2009-2019 The Bitcoin Core developers +// Distributed under the MIT software license, see the accompanying +// file COPYING or http://www.opensource.org/licenses/mit-license.php. + +#include <pubkey.h> +#include <script/interpreter.h> +#include <test/fuzz/FuzzedDataProvider.h> +#include <test/fuzz/fuzz.h> +#include <util/memory.h> + +#include <cstdint> +#include <limits> +#include <string> +#include <vector> + +void initialize() +{ + static const auto verify_handle = MakeUnique<ECCVerifyHandle>(); +} + +namespace { +class FuzzedSignatureChecker : public BaseSignatureChecker +{ + FuzzedDataProvider& m_fuzzed_data_provider; + +public: + FuzzedSignatureChecker(FuzzedDataProvider& fuzzed_data_provider) : m_fuzzed_data_provider(fuzzed_data_provider) + { + } + + virtual bool CheckSig(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const + { + return m_fuzzed_data_provider.ConsumeBool(); + } + + virtual bool CheckLockTime(const CScriptNum& nLockTime) const + { + return m_fuzzed_data_provider.ConsumeBool(); + } + + virtual bool CheckSequence(const CScriptNum& nSequence) const + { + return m_fuzzed_data_provider.ConsumeBool(); + } + + virtual ~FuzzedSignatureChecker() {} +}; +} // namespace + +void test_one_input(const std::vector<uint8_t>& buffer) +{ + FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size()); + const unsigned int flags = fuzzed_data_provider.ConsumeIntegral<unsigned int>(); + const SigVersion sig_version = fuzzed_data_provider.PickValueInArray({SigVersion::BASE, SigVersion::WITNESS_V0}); + const std::string script_string_1 = fuzzed_data_provider.ConsumeRandomLengthString(65536); + const std::vector<uint8_t> script_bytes_1{script_string_1.begin(), script_string_1.end()}; + const std::string script_string_2 = fuzzed_data_provider.ConsumeRandomLengthString(65536); + const std::vector<uint8_t> script_bytes_2{script_string_2.begin(), script_string_2.end()}; + std::vector<std::vector<unsigned char>> stack; + (void)EvalScript(stack, {script_bytes_1.begin(), script_bytes_1.end()}, flags, FuzzedSignatureChecker(fuzzed_data_provider), sig_version, nullptr); + if ((flags & SCRIPT_VERIFY_CLEANSTACK) != 0 && ((flags & SCRIPT_VERIFY_P2SH) == 0 || (flags & SCRIPT_VERIFY_WITNESS) == 0)) { + return; + } + if ((flags & SCRIPT_VERIFY_WITNESS) != 0 && (flags & SCRIPT_VERIFY_P2SH) == 0) { + return; + } + (void)VerifyScript({script_bytes_1.begin(), script_bytes_1.end()}, {script_bytes_2.begin(), script_bytes_2.end()}, nullptr, flags, FuzzedSignatureChecker(fuzzed_data_provider), nullptr); +} |