From 4117b92e67c8ba556fb83d6394291bc180df0c3a Mon Sep 17 00:00:00 2001 From: Fabian Jahr Date: Sun, 28 Dec 2025 15:07:51 +0100 Subject: [PATCH] fuzz: Improve torcontrol fuzz test Gets rid of the Dummy class and adds coverage of get_socks_cb. Also explicitly handles an exception case within Torcontrol rather than relying on a guard in the fuzz test. --- src/test/fuzz/torcontrol.cpp | 45 ++++++++++-------------------------- src/torcontrol.cpp | 4 ++++ 2 files changed, 16 insertions(+), 33 deletions(-) diff --git a/src/test/fuzz/torcontrol.cpp b/src/test/fuzz/torcontrol.cpp index 47874ddf63d..e45f1e62d1c 100644 --- a/src/test/fuzz/torcontrol.cpp +++ b/src/test/fuzz/torcontrol.cpp @@ -12,30 +12,6 @@ #include #include -class DummyTorControlConnection : public TorControlConnection -{ - CThreadInterrupt m_dummy_interrupt; - -public: - DummyTorControlConnection() : TorControlConnection{m_dummy_interrupt} - { - } - - bool Connect(const std::string&) - { - return true; - } - - void Disconnect() - { - } - - bool Command(const std::string&, const ReplyHandlerCB&) - { - return true; - } -}; - void initialize_torcontrol() { static const auto testing_setup = MakeNoLogFileContext<>(); @@ -46,6 +22,9 @@ FUZZ_TARGET(torcontrol, .init = initialize_torcontrol) FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()}; TorController tor_controller; + CThreadInterrupt interrupt; + TorControlConnection conn{interrupt}; + LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) { TorControlReply tor_control_reply; CallOneOf( @@ -63,26 +42,26 @@ FUZZ_TARGET(torcontrol, .init = initialize_torcontrol) tor_control_reply.code = fuzzed_data_provider.ConsumeIntegral(); }); tor_control_reply.lines = ConsumeRandomLengthStringVector(fuzzed_data_provider); - if (tor_control_reply.lines.empty()) { - break; - } - DummyTorControlConnection dummy_tor_control_connection; + CallOneOf( fuzzed_data_provider, [&] { - tor_controller.add_onion_cb(dummy_tor_control_connection, tor_control_reply, /*pow_was_enabled=*/true); + tor_controller.add_onion_cb(conn, tor_control_reply, /*pow_was_enabled=*/true); }, [&] { - tor_controller.add_onion_cb(dummy_tor_control_connection, tor_control_reply, /*pow_was_enabled=*/false); + tor_controller.add_onion_cb(conn, tor_control_reply, /*pow_was_enabled=*/false); }, [&] { - tor_controller.auth_cb(dummy_tor_control_connection, tor_control_reply); + tor_controller.auth_cb(conn, tor_control_reply); }, [&] { - tor_controller.authchallenge_cb(dummy_tor_control_connection, tor_control_reply); + tor_controller.authchallenge_cb(conn, tor_control_reply); }, [&] { - tor_controller.protocolinfo_cb(dummy_tor_control_connection, tor_control_reply); + tor_controller.protocolinfo_cb(conn, tor_control_reply); + }, + [&] { + tor_controller.get_socks_cb(conn, tor_control_reply); }); } } diff --git a/src/torcontrol.cpp b/src/torcontrol.cpp index ecc75f15ccf..17b37f6fdd4 100644 --- a/src/torcontrol.cpp +++ b/src/torcontrol.cpp @@ -602,6 +602,10 @@ void TorController::authchallenge_cb(TorControlConnection& _conn, const TorContr { if (reply.code == TOR_REPLY_OK) { LogDebug(BCLog::TOR, "SAFECOOKIE authentication challenge successful"); + if (reply.lines.empty()) { + LogWarning("tor: AUTHCHALLENGE reply was empty"); + return; + } std::pair l = SplitTorReplyLine(reply.lines[0]); if (l.first == "AUTHCHALLENGE") { std::map m = ParseTorReplyMapping(l.second);