From 38ca1bb389e1548fabd80dc314d805605248fb69 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Sat, 16 May 2020 11:43:45 +0000 Subject: [PATCH 1/4] fuzz_tests: add a tx extra fuzz test --- tests/data/fuzz/tx-extra/TXEXTRA1 | Bin 0 -> 44 bytes tests/data/fuzz/tx-extra/TXEXTRA2 | Bin 0 -> 547 bytes tests/fuzz/CMakeLists.txt | 18 ++++++++++++++ tests/fuzz/tx-extra.cpp | 40 ++++++++++++++++++++++++++++++ 4 files changed, 58 insertions(+) create mode 100644 tests/data/fuzz/tx-extra/TXEXTRA1 create mode 100644 tests/data/fuzz/tx-extra/TXEXTRA2 create mode 100644 tests/fuzz/tx-extra.cpp diff --git a/tests/data/fuzz/tx-extra/TXEXTRA1 b/tests/data/fuzz/tx-extra/TXEXTRA1 new file mode 100644 index 0000000000000000000000000000000000000000..08852abe326e3728f0e9259ceaddf0150948f46a GIT binary patch literal 44 zcmV+{0Mq{gOQrd=_njALN#~>G_D(<01ZL&{b9hahX9%owbs@ZT0to?9qf!!{_hDP* CDiiAf literal 0 HcmV?d00001 diff --git a/tests/data/fuzz/tx-extra/TXEXTRA2 b/tests/data/fuzz/tx-extra/TXEXTRA2 new file mode 100644 index 0000000000000000000000000000000000000000..1703011455164a1fa99753ac053421708d95a0bb GIT binary patch literal 547 zcmV+;0^I!p>2uQunNG5lDxsmRj6LzT{m;-RD3FPdRCFQ<#B5_^1P~rq8e0x$N!^p_ zRT4h|`SZTOURA6Lx0xPmu&g>Pm&p#t)oNF zoNLdO!qCpjsr(Y?zp==?%3+X2v0ZY;?mdvy;LME<;{jFJUCu7eowpzT9iP_%-M9zCqe6T9<{ZFX>841NPYOu-V_R~ zJ)r+Dx_y}DpmiktKH|vBGib!)i2CPxq^=DXI-LgOd-jVGKG3VtO3DM2pFB$AnkO2m zL#+v$^$7`uNtz2yN9Z_0<5%npE$Z_B$*&Xa39$#Ax8*9v%ykVi8YWw3RQn58yO@}A z=RP@iySe3}pJkNM2*6CS8J=%?S=c)Ho#ae&PtkX-h4hy@`{QtPt|yVQ`B=ZLP&C4g ln`e3Dv$O^}h)Mv2a)+^VvDigeBldY?eW*zaqYkRpkFnM?6oLQ% literal 0 HcmV?d00001 diff --git a/tests/fuzz/CMakeLists.txt b/tests/fuzz/CMakeLists.txt index 8654d41d5..606fec465 100644 --- a/tests/fuzz/CMakeLists.txt +++ b/tests/fuzz/CMakeLists.txt @@ -200,3 +200,21 @@ set_property(TARGET bulletproof_fuzz_tests PROPERTY FOLDER "tests") +add_executable(tx-extra_fuzz_tests tx-extra.cpp fuzzer.cpp) +target_link_libraries(tx-extra_fuzz_tests + PRIVATE + cryptonote_basic + common + epee + ${Boost_THREAD_LIBRARY} + ${Boost_CHRONO_LIBRARY} + ${Boost_REGEX_LIBRARY} + ${Boost_PROGRAM_OPTIONS_LIBRARY} + ${Boost_SYSTEM_LIBRARY} + ${CMAKE_THREAD_LIBS_INIT} + ${EXTRA_LIBRARIES} + $ENV{LIB_FUZZING_ENGINE}) +set_property(TARGET tx-extra_fuzz_tests + PROPERTY + FOLDER "tests") + diff --git a/tests/fuzz/tx-extra.cpp b/tests/fuzz/tx-extra.cpp new file mode 100644 index 000000000..35b14b802 --- /dev/null +++ b/tests/fuzz/tx-extra.cpp @@ -0,0 +1,40 @@ +// Copyright (c) 2020, The Monero Project +// +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without modification, are +// permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, this list of +// conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, this list +// of conditions and the following disclaimer in the documentation and/or other +// materials provided with the distribution. +// +// 3. Neither the name of the copyright holder nor the names of its contributors may be +// used to endorse or promote products derived from this software without specific +// prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL +// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#include "include_base_utils.h" +#include "cryptonote_basic/cryptonote_format_utils.h" +#include "fuzzer.h" + +BEGIN_INIT_SIMPLE_FUZZER() +END_INIT_SIMPLE_FUZZER() + +BEGIN_SIMPLE_FUZZER() + std::vector tx_extra_fields; + cryptonote::parse_tx_extra(std::vector(buf, buf + len), tx_extra_fields); +END_SIMPLE_FUZZER() + From c4df8b1390da6b59f9d410a10905b2face807b00 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Sun, 14 Jun 2020 12:48:47 +0000 Subject: [PATCH 2/4] fix leaks in fuzz tests --- tests/fuzz/cold-outputs.cpp | 13 ++++++++----- tests/fuzz/cold-transaction.cpp | 13 ++++++++----- tests/fuzz/fuzzer.h | 12 ++++++++++-- tests/fuzz/signature.cpp | 13 ++++++++----- 4 files changed, 34 insertions(+), 17 deletions(-) diff --git a/tests/fuzz/cold-outputs.cpp b/tests/fuzz/cold-outputs.cpp index af0a33422..ce6d6640c 100644 --- a/tests/fuzz/cold-outputs.cpp +++ b/tests/fuzz/cold-outputs.cpp @@ -34,16 +34,19 @@ #include "wallet/wallet2.h" #include "fuzzer.h" -static tools::wallet2 wallet; +static tools::wallet2 *wallet = NULL; BEGIN_INIT_SIMPLE_FUZZER() + static tools::wallet2 local_wallet; + wallet = &local_wallet; + static const char * const spendkey_hex = "0b4f47697ec99c3de6579304e5f25c68b07afbe55b71d99620bf6cbf4e45a80f"; crypto::secret_key spendkey; epee::string_tools::hex_to_pod(spendkey_hex, spendkey); - wallet.init("", boost::none, boost::asio::ip::tcp::endpoint{}, 0, true, epee::net_utils::ssl_support_t::e_ssl_support_disabled); - wallet.set_subaddress_lookahead(1, 1); - wallet.generate("", "", spendkey, true, false); + wallet->init("", boost::none, boost::asio::ip::tcp::endpoint{}, 0, true, epee::net_utils::ssl_support_t::e_ssl_support_disabled); + wallet->set_subaddress_lookahead(1, 1); + wallet->generate("", "", spendkey, true, false); END_INIT_SIMPLE_FUZZER() BEGIN_SIMPLE_FUZZER() @@ -53,6 +56,6 @@ BEGIN_SIMPLE_FUZZER() iss << s; boost::archive::portable_binary_iarchive ar(iss); ar >> outputs; - size_t n_outputs = wallet.import_outputs(outputs); + size_t n_outputs = wallet->import_outputs(outputs); std::cout << boost::lexical_cast(n_outputs) << " outputs imported" << std::endl; END_SIMPLE_FUZZER() diff --git a/tests/fuzz/cold-transaction.cpp b/tests/fuzz/cold-transaction.cpp index 9808362e4..ebbbc283f 100644 --- a/tests/fuzz/cold-transaction.cpp +++ b/tests/fuzz/cold-transaction.cpp @@ -34,16 +34,19 @@ #include "wallet/wallet2.h" #include "fuzzer.h" -static tools::wallet2 wallet; +static tools::wallet2 *wallet = NULL; BEGIN_INIT_SIMPLE_FUZZER() + static tools::wallet2 local_wallet; + wallet = &local_wallet; + static const char * const spendkey_hex = "0b4f47697ec99c3de6579304e5f25c68b07afbe55b71d99620bf6cbf4e45a80f"; crypto::secret_key spendkey; epee::string_tools::hex_to_pod(spendkey_hex, spendkey); - wallet.init("", boost::none, boost::asio::ip::tcp::endpoint{}, 0, true, epee::net_utils::ssl_support_t::e_ssl_support_disabled); - wallet.set_subaddress_lookahead(1, 1); - wallet.generate("", "", spendkey, true, false); + wallet->init("", boost::none, boost::asio::ip::tcp::endpoint{}, 0, true, epee::net_utils::ssl_support_t::e_ssl_support_disabled); + wallet->set_subaddress_lookahead(1, 1); + wallet->generate("", "", spendkey, true, false); END_INIT_SIMPLE_FUZZER() BEGIN_SIMPLE_FUZZER() @@ -54,6 +57,6 @@ BEGIN_SIMPLE_FUZZER() boost::archive::portable_binary_iarchive ar(iss); ar >> exported_txs; std::vector ptx; - bool success = wallet.sign_tx(exported_txs, "/tmp/cold-transaction-test-signed", ptx); + bool success = wallet->sign_tx(exported_txs, "/tmp/cold-transaction-test-signed", ptx); std::cout << (success ? "signed" : "error") << std::endl; END_SIMPLE_FUZZER() diff --git a/tests/fuzz/fuzzer.h b/tests/fuzz/fuzzer.h index 2d0a29dfc..fac7e474a 100644 --- a/tests/fuzz/fuzzer.h +++ b/tests/fuzz/fuzzer.h @@ -66,8 +66,12 @@ extern "C" { \ catch (const std::exception &e) \ { \ fprintf(stderr, "Exception: %s\n", e.what()); \ - return 1; \ + delete el::base::elStorage; \ + el::base::elStorage = NULL; \ + return 0; \ } \ + delete el::base::elStorage; \ + el::base::elStorage = NULL; \ return 0; \ } \ } @@ -122,8 +126,12 @@ int run_fuzzer(int argc, const char **argv, Fuzzer &fuzzer); catch (const std::exception &e) \ { \ fprintf(stderr, "Exception: %s\n", e.what()); \ - return 1; \ + delete el::base::elStorage; \ + el::base::elStorage = NULL; \ + return 0; \ } \ + delete el::base::elStorage; \ + el::base::elStorage = NULL; \ return 0; \ } \ }; \ diff --git a/tests/fuzz/signature.cpp b/tests/fuzz/signature.cpp index cd65e42d0..3743cfdd0 100644 --- a/tests/fuzz/signature.cpp +++ b/tests/fuzz/signature.cpp @@ -34,17 +34,20 @@ #include "wallet/wallet2.h" #include "fuzzer.h" -static tools::wallet2 wallet(cryptonote::TESTNET); +static tools::wallet2 *wallet = NULL; static cryptonote::account_public_address address; BEGIN_INIT_SIMPLE_FUZZER() + static tools::wallet2 local_wallet(cryptonote::TESTNET); + wallet = &local_wallet; + static const char * const spendkey_hex = "0b4f47697ec99c3de6579304e5f25c68b07afbe55b71d99620bf6cbf4e45a80f"; crypto::secret_key spendkey; epee::string_tools::hex_to_pod(spendkey_hex, spendkey); - wallet.init("", boost::none, boost::asio::ip::tcp::endpoint{}, 0, true, epee::net_utils::ssl_support_t::e_ssl_support_disabled); - wallet.set_subaddress_lookahead(1, 1); - wallet.generate("", "", spendkey, true, false); + wallet->init("", boost::none, boost::asio::ip::tcp::endpoint{}, 0, true, epee::net_utils::ssl_support_t::e_ssl_support_disabled); + wallet->set_subaddress_lookahead(1, 1); + wallet->generate("", "", spendkey, true, false); cryptonote::address_parse_info info; if (!cryptonote::get_account_address_from_str_or_url(info, cryptonote::TESTNET, "9uVsvEryzpN8WH2t1WWhFFCG5tS8cBNdmJYNRuckLENFimfauV5pZKeS1P2CbxGkSDTUPHXWwiYE5ZGSXDAGbaZgDxobqDN")) @@ -56,6 +59,6 @@ BEGIN_INIT_SIMPLE_FUZZER() END_INIT_SIMPLE_FUZZER() BEGIN_SIMPLE_FUZZER() - bool valid = wallet.verify("test", address, std::string((const char*)buf, len)); + bool valid = wallet->verify("test", address, std::string((const char*)buf, len)); std::cout << "Signature " << (valid ? "valid" : "invalid") << std::endl; END_SIMPLE_FUZZER() From c4b74208c7612c336eabb4f66bd2922621d6636e Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Sun, 14 Jun 2020 14:03:18 +0000 Subject: [PATCH 3/4] Do not use PIE with OSS-Fuzz --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 4fcf782aa..45a6aa1b5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -652,7 +652,7 @@ else() endif() # linker - if (NOT SANITIZE AND NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1))) + if (NOT SANITIZE AND NOT OSSFUZZ AND NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1))) # PIE executables randomly crash at startup with ASAN # Windows binaries die on startup with PIE when compiled with GCC <9.x add_linker_flag_if_supported(-pie LD_SECURITY_FLAGS) From bde7f1c5cc6fe14c03116bf69b714ffcc8014fd1 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Sun, 14 Jun 2020 16:10:23 +0000 Subject: [PATCH 4/4] fuzz_tests: fix init check in oss-fuzz mode --- tests/fuzz/fuzzer.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/fuzz/fuzzer.h b/tests/fuzz/fuzzer.h index fac7e474a..ce230fb66 100644 --- a/tests/fuzz/fuzzer.h +++ b/tests/fuzz/fuzzer.h @@ -56,7 +56,7 @@ extern "C" { \ static bool first = true; \ if (first) \ { \ - if (!init()) \ + if (init()) \ return 1; \ first = false; \ } \