mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2025-02-23 23:06:44 +01:00
Code Issues Projects Releases Wiki Activity
14051 commits 33 branches 196 tags 157 MiB
Commit graph

112 commits

Author SHA1 Message Date
Matt Morehouse
a59a8557d9 fuzz: new bolt11 seeds 2023-10-24 12:17:18 +10:30
Matt Morehouse
3a7a1fad4e fuzz: add bolt11 cross-over mutator 
This mutator helped the fuzzer find new coverage and detect the bug
fixed in 87f4907bb4.
 2023-10-24 12:17:18 +10:30
Matt Morehouse
38e31d6034 fuzz: add custom cross-over functions 
These can be used in custom mutators for libFuzzer targets.
 2023-10-24 12:17:18 +10:30
Matt Morehouse
58f16c2146 fuzz: set minimum bolt11 size to 9 
This prevents a buffer overflow in the custom mutator that can occur
when data_maxlen is 0.
 2023-10-24 12:17:18 +10:30
Matt Morehouse
87f4907bb4 bolt11: don't abort on invalid pubkey 
Rather than crashing the entire node on invalid pubkey, check the
validity of the pubkey in decode_n, and return an error if invalid.

Detected by libFuzzer:
==265599== ERROR: libFuzzer: deadly signal
    #7 abort
    #8 bolt11_decode common/bolt11.c:999:4
 2023-10-18 09:53:22 +10:30
Matt Morehouse
c1f20687a6 bolt11: validate recovery ID 
Invalid recovery IDs cause
secp256k1_ecdsa_recoverable_signature_parse_compact to abort, which
crashes the entire node. We should return an error instead.

Detected by libFuzzer:
[libsecp256k1] illegal argument: recid >= 0 && recid <= 3
 2023-10-18 09:53:22 +10:30
Matt Morehouse
4b29502098 fuzz: check invoice signatures 
There may be bugs in signature validation, so we should fuzz that too.
 2023-10-18 09:53:22 +10:30
Matt Morehouse
ee8cf69f28 bolt11: return error on unexpected lightning prefix 
Remove the assertion so that an error is returned for invalid bech32.
An error is preferable to crashing the entire node if there's an extra
"lightning:" prefix:

  $ lightning-cli pay "lightning:lightning:"

Node log:
  pay: common/bolt11.c:718: bolt11_decode_nosig: Assertion `!has_lightning_prefix(str)' failed.
  pay: FATAL SIGNAL 6
  ...
  INFO    plugin-pay: Killing plugin: exited during normal operation
  **BROKEN** plugin-pay: Plugin marked as important, shutting down lightningd
 2023-10-18 09:53:22 +10:30
Matt Morehouse
ee501b035b bolt11: avoid reading uninitialized memory 
If both databits and *data_len are 0, pull_uint return uninitialized
stack memory in *val.

Detected by valgrind and UBSan.

valgrind:
==173904== Use of uninitialised value of size 8
==173904==    __sanitizer_cov_trace_cmp8
==173904==    decode_c (bolt11.c:292)
==173904==    bolt11_decode_nosig (bolt11.c:877)

UBSan:
common/bolt11.c:79:29: runtime error: shift exponent 64 is too large for 64-bit type 'uint64_t' (aka 'unsigned long')

Corpus input e6f7b9744a7d79b2aa4f7c477707bdd3483f40fa triggers the UBSan
report, but we didn't previously realize this because UBSan has been
disabled in the CI run. We rename the input to indicate its usefulness
as a permanent regression test.
 2023-10-18 09:53:22 +10:30
Matt Morehouse
eeec529031 bolt11: check return value of pull_all 
Otherwise, if pull_all fails, we attempt to create a script from NULL,
causing a UBSan report:

bitcoin/script.c:29:28: runtime error: null pointer passed as argument 2, which is declared to never be null

Corpus input bf703c2c20c0818af70a8c4caad6e6fd8cfd1ac6 triggers the UBSan
report, but we didn't previously realize this because UBSan has been
disabled in the CI run. We rename the input to indicate its usefulness
as a permanent regression test.
 2023-10-18 09:53:22 +10:30
dergoegge
02717c73dc fuzz: bolt11 inputs 2023-10-12 19:28:28 +02:00
dergoegge
0fc9fe1a81 fuzz: test bolt11 decoding 2023-10-12 19:28:28 +02:00
Matt Morehouse
8596208f52 fuzz: initial wire message seeds 
Seeds for every peer wire message, generated from fuzzing with
-max_len=65533 and minimizing the resulting corpora.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
42fb17fe58 fuzz: target for your_peer_storage 
Fuzz the decoding and encoding of your_peer_storage.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
6a975f3c1d fuzz: target for update_blockheight 
Fuzz the decoding and encoding of update_blockheight.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
eec261101f fuzz: target for tx_signatures 
Fuzz the decoding and encoding of tx_signatures.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
6b5df73cf4 fuzz: target for tx_remove_output 
Fuzz the decoding and encoding of tx_remove_output.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
f3db6642a1 fuzz: target for tx_remove_input 
Fuzz the decoding and encoding of tx_remove_input.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
7ddad8b7df fuzz: target for tx_init_rbf 
Fuzz the decoding and encoding of tx_init_rbf.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
1dda44c351 fuzz: target for tx_complete 
Fuzz the decoding and encoding of tx_complete.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
c0e8ccea49 fuzz: target for tx_add_output 
Fuzz the decoding and encoding of tx_add_output.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
dac211c73e fuzz: target for tx_add_input 
Fuzz the decoding and encoding of tx_add_input.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
82c719142e fuzz: target for tx_ack_rbf 
Fuzz the decoding and encoding of tx_ack_rbf.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
9b7ceb7307 fuzz: target for tx_abort 
Fuzz the decoding and encoding of tx_abort.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
4a09ef122e fuzz: target for stfu 
Fuzz the decoding and encoding of stfu.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
34ca0f6eac fuzz: target for splice_locked 
Fuzz the decoding and encoding of splice_locked.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
ae56dcf882 fuzz: target for splice_ack 
Fuzz the decoding and encoding of splice_ack.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
ea488f767b fuzz: target for splice 
Fuzz the decoding and encoding of splice.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
e473bfda16 fuzz: target for peer_storage 
Fuzz the decoding and encoding of peer_storage.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
451edb7c20 fuzz: target for open_channel2 
Fuzz the decoding and encoding of open_channel2.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
76ccdcd5d0 fuzz: target for onion_message 
Fuzz the decoding and encoding of onion_message.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
70694c23f1 fuzz: target for accept_channel2 
Fuzz the decoding and encoding of accept_channel2.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
a72128a0b6 fuzz: target for warning 
Fuzz the decoding and encoding of warning.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
d60077a8d9 fuzz: target for update_fulfill_htlc 
Fuzz the decoding and encoding of update_fulfill_htlc.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
41a2901ad4 fuzz: target for update_fee 
Fuzz the decoding and encoding of update_fee.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
08898333a4 fuzz: target for update_fail_malformed_htlc 
Fuzz the decoding and encoding of update_fail_malformed_htlc.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
298fe06c20 fuzz: target for update_fail_htlc 
Fuzz the decoding and encoding of update_fail_htlc.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
fb6d5cf587 fuzz: target for update_add_htlc 
Fuzz the decoding and encoding of update_add_htlc.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
1fff136d66 fuzz: target for shutdown 
Fuzz the decoding and encoding of shutdown.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
4aa165e7a2 fuzz: target for revoke_and_ack 
Fuzz the decoding and encoding of revoke_and_ack.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
1520fac809 fuzz: target for reply_short_channel_ids_end 
Fuzz the decoding and encoding of reply_short_channel_ids_end.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
4997d0df5b fuzz: target for reply_channel_range 
Fuzz the decoding and encoding of reply_channel_range.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
389ab0e46f fuzz: target for query_short_channel_ids 
Fuzz the decoding and encoding of query_short_channel_ids.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
10757bc49c fuzz: target for query_channel_range 
Fuzz the decoding and encoding of query_channel_range.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
c987b0e43c fuzz: target for pong 
Fuzz the decoding and encoding of pong.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
06f37a3c86 fuzz: target for ping 
Fuzz the decoding and encoding of ping.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
62ffb42908 fuzz: target for open_channel 
Fuzz the decoding and encoding of open_channel.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
07d593a24e fuzz: target for node_announcement 
Fuzz the decoding and encoding of node_announcement.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
b437835241 fuzz: target for init 
Fuzz the decoding and encoding of init.
 2023-09-18 13:58:45 +09:30
Matt Morehouse
e41f263b72 fuzz: target for gossip_timestamp_filter 
Fuzz the decoding and encoding of gossip_timestamp_filter.
 2023-09-18 13:58:45 +09:30