diff options
| -rw-r--r-- | .travis.yml | 13 | ||||
| -rwxr-xr-x | .travis/test_04_install.sh | 3 | ||||
| -rw-r--r-- | contrib/sanitizers-ubsan.suppressions | 27 | ||||
| -rw-r--r-- | doc/release-notes/release-notes-0.17.0.1.md | 41 | ||||
| -rw-r--r-- | src/wallet/init.cpp | 2 | ||||
| -rwxr-xr-x | test/functional/example_test.py | 4 | ||||
| -rwxr-xr-x | test/functional/p2p_invalid_messages.py | 175 | ||||
| -rwxr-xr-x | test/functional/rpc_help.py | 15 | ||||
| -rwxr-xr-x | test/functional/test_framework/mininode.py | 15 | ||||
| -rwxr-xr-x | test/functional/test_framework/test_node.py | 45 | ||||
| -rwxr-xr-x | test/functional/test_runner.py | 1 |
11 files changed, 320 insertions, 21 deletions
diff --git a/.travis.yml b/.travis.yml index 0e1f76e56d..e221537d5f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -103,23 +103,14 @@ jobs: NO_DEPENDS=1 GOAL="install" BITCOIN_CONFIG="--enable-zmq --with-incompatible-bdb --enable-glibc-back-compat --enable-reduce-exports --with-gui=qt5 CPPFLAGS=-DDEBUG_LOCKORDER" -# x86_64 Linux (no depends, only system libs) - - stage: test - env: >- - HOST=x86_64-unknown-linux-gnu - PACKAGES="python3-zmq qtbase5-dev qttools5-dev-tools libssl1.0-dev libevent-dev bsdmainutils libboost-system-dev libboost-filesystem-dev libboost-chrono-dev libboost-test-dev libboost-thread-dev libdb5.3++-dev libminiupnpc-dev libzmq3-dev libprotobuf-dev protobuf-compiler libqrencode-dev" - NO_DEPENDS=1 - GOAL="install" - BITCOIN_CONFIG="--enable-zmq --with-incompatible-bdb --enable-glibc-back-compat --enable-reduce-exports --with-gui=qt5 CPPFLAGS=-DDEBUG_LOCKORDER" -# x86_64 Linux (sanitizers) +# x86_64 Linux (no depends, only system libs, sanitizers: undefined (UBSAN) + integer) - stage: test env: >- HOST=x86_64-unknown-linux-gnu PACKAGES="clang python3-zmq qtbase5-dev qttools5-dev-tools libssl1.0-dev libevent-dev bsdmainutils libboost-system-dev libboost-filesystem-dev libboost-chrono-dev libboost-test-dev libboost-thread-dev libdb5.3++-dev libminiupnpc-dev libzmq3-dev libprotobuf-dev protobuf-compiler libqrencode-dev" NO_DEPENDS=1 - RUN_FUNCTIONAL_TESTS=false # Disabled for now, can be combined with the other x86_64 linux NO_DEPENDS job when functional tests pass the sanitizers GOAL="install" - BITCOIN_CONFIG="--enable-zmq --with-incompatible-bdb --enable-glibc-back-compat --enable-reduce-exports --with-gui=qt5 CPPFLAGS=-DDEBUG_LOCKORDER --with-sanitizers=undefined CC=clang CXX=clang++" + BITCOIN_CONFIG="--enable-zmq --with-incompatible-bdb --enable-glibc-back-compat --enable-reduce-exports --with-gui=qt5 CPPFLAGS=-DDEBUG_LOCKORDER --with-sanitizers=integer,undefined CC=clang CXX=clang++" # x86_64 Linux, No wallet - stage: test env: >- diff --git a/.travis/test_04_install.sh b/.travis/test_04_install.sh index ef595287b7..43f2be129e 100755 --- a/.travis/test_04_install.sh +++ b/.travis/test_04_install.sh @@ -7,7 +7,8 @@ export LC_ALL=C.UTF-8 travis_retry docker pull "$DOCKER_NAME_TAG" -env | grep -E '^(CCACHE_|WINEDEBUG|LC_ALL|BOOST_TEST_RANDOM|CONFIG_SHELL)' | tee /tmp/env +export UBSAN_OPTIONS="suppressions=${TRAVIS_BUILD_DIR}/contrib/sanitizers-ubsan.suppressions" +env | grep -E '^(CCACHE_|WINEDEBUG|LC_ALL|BOOST_TEST_RANDOM|CONFIG_SHELL|UBSAN_OPTIONS)' | tee /tmp/env if [[ $HOST = *-mingw32 ]]; then DOCKER_ADMIN="--cap-add SYS_ADMIN" fi diff --git a/contrib/sanitizers-ubsan.suppressions b/contrib/sanitizers-ubsan.suppressions new file mode 100644 index 0000000000..44c4a49796 --- /dev/null +++ b/contrib/sanitizers-ubsan.suppressions @@ -0,0 +1,27 @@ +alignment:move.h +alignment:prevector.h +bool:wallet/wallet.cpp +float-divide-by-zero:policy/fees.cpp +float-divide-by-zero:validation.cpp +float-divide-by-zero:wallet/wallet.cpp +nonnull-attribute:support/cleanse.cpp +unsigned-integer-overflow:basic_string.h +unsigned-integer-overflow:bench/bench.h +unsigned-integer-overflow:bloom.cpp +unsigned-integer-overflow:chain.h +unsigned-integer-overflow:crypto/chacha20.cpp +unsigned-integer-overflow:crypto/ctaes/ctaes.c +unsigned-integer-overflow:crypto/ripemd160.cpp +unsigned-integer-overflow:crypto/sha1.cpp +unsigned-integer-overflow:crypto/sha256.cpp +unsigned-integer-overflow:crypto/sha512.cpp +unsigned-integer-overflow:hash.cpp +unsigned-integer-overflow:leveldb/db/log_reader.cc +unsigned-integer-overflow:leveldb/util/bloom.cc +unsigned-integer-overflow:leveldb/util/crc32c.h +unsigned-integer-overflow:leveldb/util/hash.cc +unsigned-integer-overflow:policy/fees.cpp +unsigned-integer-overflow:script/interpreter.cpp +unsigned-integer-overflow:stl_bvector.h +unsigned-integer-overflow:txmempool.cpp +unsigned-integer-overflow:validation.cpp diff --git a/doc/release-notes/release-notes-0.17.0.1.md b/doc/release-notes/release-notes-0.17.0.1.md new file mode 100644 index 0000000000..92db7dac7d --- /dev/null +++ b/doc/release-notes/release-notes-0.17.0.1.md @@ -0,0 +1,41 @@ +Bitcoin Core version 0.17.0.1 is now available from: + + <https://bitcoincore.org/bin/bitcoin-core-0.17.0.1/> + +This release provides a minor bug fix for 0.17.0. + +Please report bugs using the issue tracker at GitHub: + + <https://github.com/bitcoin/bitcoin/issues> + +To receive security and update notifications, please subscribe to: + + <https://bitcoincore.org/en/list/announcements/join/> + +Notable changes +=============== + +An issue was solved with OSX dmg generation, affecting macOS 10.12 to 10.14, +which could cause Finder to crash on install. + +There are no significant changes for other operating systems. + +0.17.0.1 change log +=================== + +### Build system +- #14416 `eb2cc84` Fix OSX dmg issue (10.12 to 10.14) (jonasschnelli) + +### Documentation +- #14509 `1b5af2c` [0.17] doc: use SegWit in getblocktemplate example (Sjors) + +Credits +======= + +Thanks to everyone who directly contributed to this release: + +- Jonas Schnelli +- Pieter Wuille +- Sjors Provoost +- Wladimir J. van der Laan + diff --git a/src/wallet/init.cpp b/src/wallet/init.cpp index 220780c96c..456422d004 100644 --- a/src/wallet/init.cpp +++ b/src/wallet/init.cpp @@ -57,7 +57,7 @@ const WalletInitInterface& g_wallet_init_interface = WalletInit(); void WalletInit::AddWalletOptions() const { gArgs.AddArg("-addresstype", strprintf("What type of addresses to use (\"legacy\", \"p2sh-segwit\", or \"bech32\", default: \"%s\")", FormatOutputType(DEFAULT_ADDRESS_TYPE)), false, OptionsCategory::WALLET); - gArgs.AddArg("-avoidpartialspends", strprintf(_("Group outputs by address, selecting all or none, instead of selecting on a per-output basis. Privacy is improved as an address is only used once (unless someone sends to it after spending from it), but may result in slightly higher fees as suboptimal coin selection may result due to the added limitation (default: %u)"), DEFAULT_AVOIDPARTIALSPENDS), false, OptionsCategory::WALLET); + gArgs.AddArg("-avoidpartialspends", strprintf("Group outputs by address, selecting all or none, instead of selecting on a per-output basis. Privacy is improved as an address is only used once (unless someone sends to it after spending from it), but may result in slightly higher fees as suboptimal coin selection may result due to the added limitation (default: %u)", DEFAULT_AVOIDPARTIALSPENDS), false, OptionsCategory::WALLET); gArgs.AddArg("-changetype", "What type of change to use (\"legacy\", \"p2sh-segwit\", or \"bech32\"). Default is same as -addresstype, except when -addresstype=p2sh-segwit a native segwit output is used when sending to a native segwit address)", false, OptionsCategory::WALLET); gArgs.AddArg("-disablewallet", "Do not load the wallet and disable wallet RPC calls", false, OptionsCategory::WALLET); gArgs.AddArg("-discardfee=<amt>", strprintf("The fee rate (in %s/kB) that indicates your tolerance for discarding change by adding it to the fee (default: %s). " diff --git a/test/functional/example_test.py b/test/functional/example_test.py index 3f15367a75..be3544ee74 100755 --- a/test/functional/example_test.py +++ b/test/functional/example_test.py @@ -164,13 +164,13 @@ class ExampleTest(BitcoinTestFramework): self.tip = int(self.nodes[0].getbestblockhash(), 16) self.block_time = self.nodes[0].getblock(self.nodes[0].getbestblockhash())['time'] + 1 - height = 1 + height = self.nodes[0].getblockcount() for i in range(10): # Use the mininode and blocktools functionality to manually build a block # Calling the generate() rpc is easier, but this allows us to exactly # control the blocks and transactions. - block = create_block(self.tip, create_coinbase(height), self.block_time) + block = create_block(self.tip, create_coinbase(height+1), self.block_time) block.solve() block_message = msg_block(block) # Send message is used to send a P2P message to the node over our P2PInterface diff --git a/test/functional/p2p_invalid_messages.py b/test/functional/p2p_invalid_messages.py new file mode 100755 index 0000000000..85f035628f --- /dev/null +++ b/test/functional/p2p_invalid_messages.py @@ -0,0 +1,175 @@ +#!/usr/bin/env python3 +# Copyright (c) 2015-2018 The Bitcoin Core developers +# Distributed under the MIT software license, see the accompanying +# file COPYING or http://www.opensource.org/licenses/mit-license.php. +"""Test node responses to invalid network messages.""" +import struct + +from test_framework import messages +from test_framework.mininode import P2PDataStore +from test_framework.test_framework import BitcoinTestFramework + + +class msg_unrecognized: + """Nonsensical message. Modeled after similar types in test_framework.messages.""" + + command = b'badmsg' + + def __init__(self, str_data): + self.str_data = str_data.encode() if not isinstance(str_data, bytes) else str_data + + def serialize(self): + return messages.ser_string(self.str_data) + + def __repr__(self): + return "{}(data={})".format(self.command, self.str_data) + + +class msg_nametoolong(msg_unrecognized): + + command = b'thisnameiswayyyyyyyyytoolong' + + +class InvalidMessagesTest(BitcoinTestFramework): + + def set_test_params(self): + self.num_nodes = 1 + self.setup_clean_chain = True + + def run_test(self): + """ + 0. Send a bunch of large (4MB) messages of an unrecognized type. Check to see + that it isn't an effective DoS against the node. + + 1. Send an oversized (4MB+) message and check that we're disconnected. + + 2. Send a few messages with an incorrect data size in the header, ensure the + messages are ignored. + + 3. Send an unrecognized message with a command name longer than 12 characters. + + """ + node = self.nodes[0] + self.node = node + node.add_p2p_connection(P2PDataStore()) + conn2 = node.add_p2p_connection(P2PDataStore()) + + msg_limit = 4 * 1000 * 1000 # 4MB, per MAX_PROTOCOL_MESSAGE_LENGTH + valid_data_limit = msg_limit - 5 # Account for the 4-byte length prefix + + # + # 0. + # + # Send as large a message as is valid, ensure we aren't disconnected but + # also can't exhaust resources. + # + msg_at_size = msg_unrecognized("b" * valid_data_limit) + assert len(msg_at_size.serialize()) == msg_limit + + with node.assert_memory_usage_stable(perc_increase_allowed=0.03): + self.log.info( + "Sending a bunch of large, junk messages to test " + "memory exhaustion. May take a bit...") + + # Run a bunch of times to test for memory exhaustion. + for _ in range(200): + node.p2p.send_message(msg_at_size) + + # Check that, even though the node is being hammered by nonsense from one + # connection, it can still service other peers in a timely way. + for _ in range(20): + conn2.sync_with_ping(timeout=2) + + # Peer 1, despite serving up a bunch of nonsense, should still be connected. + self.log.info("Waiting for node to drop junk messages.") + node.p2p.sync_with_ping(timeout=8) + assert node.p2p.is_connected + + # + # 1. + # + # Send an oversized message, ensure we're disconnected. + # + msg_over_size = msg_unrecognized("b" * (valid_data_limit + 1)) + assert len(msg_over_size.serialize()) == (msg_limit + 1) + + with node.assert_debug_log(["Oversized message from peer=0, disconnecting"]): + # An unknown message type (or *any* message type) over + # MAX_PROTOCOL_MESSAGE_LENGTH should result in a disconnect. + node.p2p.send_message(msg_over_size) + node.p2p.wait_for_disconnect(timeout=4) + + node.disconnect_p2ps() + conn = node.add_p2p_connection(P2PDataStore()) + conn.wait_for_verack() + + # + # 2. + # + # Send messages with an incorrect data size in the header. + # + actual_size = 100 + msg = msg_unrecognized("b" * actual_size) + + # TODO: handle larger-than cases. I haven't been able to pin down what behavior to expect. + for wrong_size in (2, 77, 78, 79): + self.log.info("Sending a message with incorrect size of {}".format(wrong_size)) + + # Unmodified message should submit okay. + node.p2p.send_and_ping(msg) + + # A message lying about its data size results in a disconnect when the incorrect + # data size is less than the actual size. + # + # TODO: why does behavior change at 78 bytes? + # + node.p2p.send_raw_message(self._tweak_msg_data_size(msg, wrong_size)) + + # For some reason unknown to me, we sometimes have to push additional data to the + # peer in order for it to realize a disconnect. + try: + node.p2p.send_message(messages.msg_ping(nonce=123123)) + except IOError: + pass + + node.p2p.wait_for_disconnect(timeout=10) + node.disconnect_p2ps() + node.add_p2p_connection(P2PDataStore()) + + # + # 3. + # + # Send a message with a too-long command name. + # + node.p2p.send_message(msg_nametoolong("foobar")) + node.p2p.wait_for_disconnect(timeout=4) + + # Node is still up. + conn = node.add_p2p_connection(P2PDataStore()) + conn.sync_with_ping() + + + def _tweak_msg_data_size(self, message, wrong_size): + """ + Return a raw message based on another message but with an incorrect data size in + the message header. + """ + raw_msg = self.node.p2p.build_message(message) + + bad_size_bytes = struct.pack("<I", wrong_size) + num_header_bytes_before_size = 4 + 12 + + # Replace the correct data size in the message with an incorrect one. + raw_msg_with_wrong_size = ( + raw_msg[:num_header_bytes_before_size] + + bad_size_bytes + + raw_msg[(num_header_bytes_before_size + len(bad_size_bytes)):] + ) + assert len(raw_msg) == len(raw_msg_with_wrong_size) + + return raw_msg_with_wrong_size + + + +if __name__ == '__main__': + InvalidMessagesTest().main() diff --git a/test/functional/rpc_help.py b/test/functional/rpc_help.py index be096af892..78d6e78aed 100755 --- a/test/functional/rpc_help.py +++ b/test/functional/rpc_help.py @@ -7,12 +7,18 @@ from test_framework.test_framework import BitcoinTestFramework from test_framework.util import assert_equal, assert_raises_rpc_error +import os + class HelpRpcTest(BitcoinTestFramework): def set_test_params(self): self.num_nodes = 1 def run_test(self): + self.test_categories() + self.dump_help() + + def test_categories(self): node = self.nodes[0] # wrong argument count @@ -37,6 +43,15 @@ class HelpRpcTest(BitcoinTestFramework): assert_equal(titles, components) + def dump_help(self): + dump_dir = os.path.join(self.options.tmpdir, 'rpc_help_dump') + os.mkdir(dump_dir) + calls = [line.split(' ', 1)[0] for line in self.nodes[0].help().splitlines() if line and not line.startswith('==')] + for call in calls: + with open(os.path.join(dump_dir, call), 'w', encoding='utf-8') as f: + # Make sure the node can generate the help at runtime without crashing + f.write(self.nodes[0].help(call)) + if __name__ == '__main__': HelpRpcTest().main() diff --git a/test/functional/test_framework/mininode.py b/test/functional/test_framework/mininode.py index 91fde136de..1e07c2ff60 100755 --- a/test/functional/test_framework/mininode.py +++ b/test/functional/test_framework/mininode.py @@ -207,10 +207,13 @@ class P2PConnection(asyncio.Protocol): This method takes a P2P payload, builds the P2P header and adds the message to the send buffer to be sent over the socket.""" + tmsg = self.build_message(message) + self._log_message("send", message) + return self.send_raw_message(tmsg) + + def send_raw_message(self, raw_message_bytes): if not self.is_connected: raise IOError('Not connected') - self._log_message("send", message) - tmsg = self._build_message(message) def maybe_write(): if not self._transport: @@ -220,12 +223,12 @@ class P2PConnection(asyncio.Protocol): # Python 3.4 versions. if hasattr(self._transport, 'is_closing') and self._transport.is_closing(): return - self._transport.write(tmsg) + self._transport.write(raw_message_bytes) NetworkThread.network_event_loop.call_soon_threadsafe(maybe_write) # Class utility methods - def _build_message(self, message): + def build_message(self, message): """Build a serialized P2P message""" command = message.command data = message.serialize() @@ -409,9 +412,9 @@ class P2PInterface(P2PConnection): # Message sending helper functions - def send_and_ping(self, message): + def send_and_ping(self, message, timeout=60): self.send_message(message) - self.sync_with_ping() + self.sync_with_ping(timeout=timeout) # Sync up with the node def sync_with_ping(self, timeout=60): diff --git a/test/functional/test_framework/test_node.py b/test/functional/test_framework/test_node.py index 3a6107bb37..ffff81e070 100755 --- a/test/functional/test_framework/test_node.py +++ b/test/functional/test_framework/test_node.py @@ -115,6 +115,28 @@ class TestNode(): ] return PRIV_KEYS[self.index] + def get_mem_rss(self): + """Get the memory usage (RSS) per `ps`. + + If process is stopped or `ps` is unavailable, return None. + """ + if not (self.running and self.process): + self.log.warning("Couldn't get memory usage; process isn't running.") + return None + + try: + return int(subprocess.check_output( + "ps h -o rss {}".format(self.process.pid), + shell=True, stderr=subprocess.DEVNULL).strip()) + + # Catching `Exception` broadly to avoid failing on platforms where ps + # isn't installed or doesn't work as expected, e.g. OpenBSD. + # + # We could later use something like `psutils` to work across platforms. + except Exception: + self.log.exception("Unable to get memory usage") + return None + def _node_msg(self, msg: str) -> str: """Return a modified msg that identifies this node by its index as a debugging aid.""" return "[node %d] %s" % (self.index, msg) @@ -271,6 +293,29 @@ class TestNode(): if re.search(re.escape(expected_msg), log, flags=re.MULTILINE) is None: self._raise_assertion_error('Expected message "{}" does not partially match log:\n\n{}\n\n'.format(expected_msg, print_log)) + @contextlib.contextmanager + def assert_memory_usage_stable(self, perc_increase_allowed=0.03): + """Context manager that allows the user to assert that a node's memory usage (RSS) + hasn't increased beyond some threshold percentage. + """ + before_memory_usage = self.get_mem_rss() + + yield + + after_memory_usage = self.get_mem_rss() + + if not (before_memory_usage and after_memory_usage): + self.log.warning("Unable to detect memory usage (RSS) - skipping memory check.") + return + + perc_increase_memory_usage = 1 - (float(before_memory_usage) / after_memory_usage) + + if perc_increase_memory_usage > perc_increase_allowed: + self._raise_assertion_error( + "Memory usage increased over threshold of {:.3f}% from {} to {} ({:.3f}%)".format( + perc_increase_allowed * 100, before_memory_usage, after_memory_usage, + perc_increase_memory_usage * 100)) + def assert_start_raises_init_error(self, extra_args=None, expected_msg=None, match=ErrorMatch.FULL_TEXT, *args, **kwargs): """Attempt to start the node and expect it to raise an error. diff --git a/test/functional/test_runner.py b/test/functional/test_runner.py index 8cbc9655c6..5b2910fb0d 100755 --- a/test/functional/test_runner.py +++ b/test/functional/test_runner.py @@ -136,6 +136,7 @@ BASE_SCRIPTS = [ 'mining_prioritisetransaction.py', 'p2p_invalid_locator.py', 'p2p_invalid_block.py', + 'p2p_invalid_messages.py', 'p2p_invalid_tx.py', 'feature_assumevalid.py', 'example_test.py', |