1 files changed, 44 insertions, 0 deletions

diff --git a/src/test/fuzz/socks5.cpp b/src/test/fuzz/socks5.cpp
new file mode 100644
index 0000000000..e5cc4cabe5
--- /dev/null
+++ b/src/test/fuzz/socks5.cpp
@@ -0,0 +1,44 @@
+// Copyright (c) 2020-2021 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <netbase.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <test/fuzz/util.h>
+#include <test/util/setup_common.h>
+
+#include <cstdint>
+#include <string>
+#include <vector>
+
+namespace {
+int default_socks5_recv_timeout;
+};
+
+extern int g_socks5_recv_timeout;
+
+void initialize_socks5()
+{
+    static const auto testing_setup = MakeNoLogFileContext<const BasicTestingSetup>();
+    default_socks5_recv_timeout = g_socks5_recv_timeout;
+}
+
+FUZZ_TARGET_INIT(socks5, initialize_socks5)
+{
+    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
+    ProxyCredentials proxy_credentials;
+    proxy_credentials.username = fuzzed_data_provider.ConsumeRandomLengthString(512);
+    proxy_credentials.password = fuzzed_data_provider.ConsumeRandomLengthString(512);
+    InterruptSocks5(fuzzed_data_provider.ConsumeBool());
+    // Set FUZZED_SOCKET_FAKE_LATENCY=1 to exercise recv timeout code paths. This
+    // will slow down fuzzing.
+    g_socks5_recv_timeout = (fuzzed_data_provider.ConsumeBool() && std::getenv("FUZZED_SOCKET_FAKE_LATENCY") != nullptr) ? 1 : default_socks5_recv_timeout;
+    FuzzedSock fuzzed_sock = ConsumeSock(fuzzed_data_provider);
+    // This Socks5(...) fuzzing harness would have caught CVE-2017-18350 within
+    // a few seconds of fuzzing.
+    (void)Socks5(fuzzed_data_provider.ConsumeRandomLengthString(512),
+                 fuzzed_data_provider.ConsumeIntegral<int>(),
+                 fuzzed_data_provider.ConsumeBool() ? &proxy_credentials : nullptr,
+                 fuzzed_sock);
+}