@@ -206,82 +206,6 @@ $ FUZZ=process_message ./honggfuzz/honggfuzz -i inputs/ -- build_fuzz/src/test/f
206206
207207Read the [Honggfuzz documentation](https://github.com/google/honggfuzz/blob/master/docs/USAGE.md) for more information.
208208
209- # # Fuzzing the Bitcoin Core P2P layer using Honggfuzz NetDriver
210-
211- Honggfuzz NetDriver allows for very easy fuzzing of TCP servers such as Bitcoin
212- Core without having to write any custom fuzzing harness. The ` bitcoind`
213- process is largely fuzzed without modification.
214-
215- This makes the fuzzing highly realistic: a bug reachable by the fuzzer is likely
216- also remotely triggerable by an untrusted peer.
217-
218- To quickly get started fuzzing the P2P layer using Honggfuzz NetDriver:
219-
220- ` ` ` sh
221- $ mkdir bitcoin-honggfuzz-p2p/
222- $ cd bitcoin-honggfuzz-p2p/
223- $ git clone https://github.com/bitcoin/bitcoin
224- $ cd bitcoin/
225- $ git clone https://github.com/google/honggfuzz
226- $ cd honggfuzz/
227- $ make
228- $ cd ..
229- $ git apply << "EOF "
230- diff --git a/src/compat/compat.h b/src/compat/compat.h
231- index 8195bceaec..cce2b31ff0 100644
232- --- a/src/compat/compat.h
233- +++ b/src/compat/compat.h
234- @@ -90,8 +90,12 @@ typedef char* sockopt_arg_type;
235- // building with a binutils < 2.36 is subject to this ld bug.
236- #define MAIN_FUNCTION __declspec(dllexport) int main(int argc, char* argv[])
237- #else
238- +#ifdef HFND_FUZZING_ENTRY_FUNCTION_CXX
239- +#define MAIN_FUNCTION HFND_FUZZING_ENTRY_FUNCTION_CXX(int argc, char* argv[])
240- +#else
241- #define MAIN_FUNCTION int main(int argc, char* argv[])
242- #endif
243- +#endif
244-
245- // Note these both should work with the current usage of poll, but best to be safe
246- // WIN32 poll is broken https://daniel.haxx.se/blog/2012/10/10/wsapoll-is-broken/
247- diff --git a/src/net.cpp b/src/net.cpp
248- index 7601a6ea84..702d0f56ce 100644
249- --- a/src/net.cpp
250- +++ b/src/net.cpp
251- @@ -727,7 +727,7 @@ int V1TransportDeserializer::readHeader(Span<const uint8_t> msg_bytes)
252- }
253-
254- // Check start string, network magic
255- - if (memcmp(hdr.pchMessageStart, m_chain_params.MessageStart(), CMessageHeader::MESSAGE_START_SIZE) != 0) {
256- + if (false && memcmp(hdr.pchMessageStart, m_chain_params.MessageStart(), CMessageHeader::MESSAGE_START_SIZE) != 0) { // skip network magic checking
257- LogDebug(BCLog::NET, "Header error: Wrong MessageStart %s received, peer=%d\n", HexStr(hdr.pchMessageStart), m_node_id);
258- return -1;
259- }
260- @@ -788,7 +788,7 @@ CNetMessage V1TransportDeserializer::GetMessage(const std::chrono::microseconds
261- RandAddEvent(ReadLE32(hash.begin()));
262-
263- // Check checksum and header message type string
264- - if (memcmp(hash.begin(), hdr.pchChecksum, CMessageHeader::CHECKSUM_SIZE) != 0) {
265- + if (false && memcmp(hash.begin(), hdr.pchChecksum, CMessageHeader::CHECKSUM_SIZE) != 0) { // skip checksum checking
266- LogDebug(BCLog::NET, "Header error: Wrong checksum (%s, %u bytes), expected %s was %s, peer=%d\n",
267- SanitizeString(msg.m_type), msg.m_message_size,
268- HexStr(Span{hash}.first(CMessageHeader::CHECKSUM_SIZE)),
269- EOF
270- $ cmake -B build_fuzz \
271- -DCMAKE_C_COMPILER=" $( pwd) "
272- -DCMAKE_CXX_COMPILER=" $( pwd) "
273- -DENABLE_WALLET=OFF \
274- -DBUILD_GUI=OFF \
275- -DSANITIZERS=address,undefined
276- $ cmake --build build_fuzz --target bitcoind
277- $ mkdir -p inputs/
278- $ ./honggfuzz/honggfuzz --exit_upon_crash --quiet --timeout 4 -n 1 -Q \
279- -E HFND_TCP_PORT=18444 -f inputs/ -- \
280- build_fuzz/src/bitcoind -regtest -discover=0 -dns=0 -dnsseed=0 -listenonion=0 \
281- -nodebuglogfile -bind=127.0.0.1:18444 -logthreadnames \
282- -debug
283- ` ` `
284-
285209# OSS-Fuzz
286210
287211Bitcoin Core participates in Google' s [OSS-Fuzz](https://github.com/google/oss-fuzz/tree/master/projects/bitcoin-core)
0 commit comments