Merge bitcoin/bitcoin#22734: addrman: Avoid crash on corrupt data, Force Check after deserialize

fa3669f72f fuzz: Move all addrman fuzz targets to one file (MarcoFalke) fa7a883f5a addrman: Replace assert with throw on corrupt data (MarcoFalke) fa298971e6 Refactor: Turn the internal addrman check helper into a forced check (MarcoFalke) fae5c633dc move-only: Move CAddrMan::Check to cpp file (MarcoFalke) Pull request description: Assert should only be used for program internal logic errors, not to sanitize external user input. The assert was introduced via the debug-only runtime option `-checkaddrman` in commit 803ef70fd9, thus won't need a backport. Also, it doesn't really make sense to continue when the deserialized addrman doesn't pass the sanity check. For example, if `nLastSuccess` is negative, it would later result in integer overflows. Thus, this patch fixes #22931. Also, Fixes #22503 Fixes #22504 Fixes #22519 Closes #22498 Steps to test: ``` mkdir -p /tmp/test_235/regtest/ echo 'H4sIAAAAAAAAA/u1f+stZmUGYgELgwPRakfBKBgFo2AUjIJRMApGwSgYBaNgFIyCUTBswdyGpFnLjUKjP9e0bvjYusl6b+L2e7Vs2dd6N//Pua0/xQUALJAn93IQAAA=' | base64 --decode | zcat > /tmp/test_235/regtest/peers.dat ./src/qt/bitcoin-qt -regtest -datadir=/tmp/test_235/ -checkaddrman=1 -printtoconsole | grep -A2 'Loading P2P addresses' ``` Output before: ``` 2021-09-10T11:28:37Z init message: Loading P2P addresses… 2021-09-10T11:28:37Z ADDRMAN CONSISTENCY CHECK FAILED!!! err=-16 bitcoin-qt: addrman.cpp:765: void CAddrMan::Check() const: Assertion `false' failed. (program crashes) ``` Output after: ``` 2021-09-10T11:26:00Z init message: Loading P2P addresses… 2021-09-10T11:26:00Z Error: Invalid or corrupt peers.dat (Corrupt data. Consistency check failed with code -16: iostream error). If you believe this is a bug, please report it to https://github.com/bitcoin/bitcoin/issues. As a workaround, you can move the file ("/tmp/test_235/regtest/peers.dat") out of the way (rename, move, or delete) to have a new one created on the next start. (program exits) ``` ACKs for top commit: naumenkogs: ACK fa3669f72f jnewbery: Code review ACK fa3669f72f vasild: ACK fa3669f72f Tree-SHA512: 687e4a4765bbc66495152fa7a49d28ee84b405dc5370ba87b4016b5593e45f54c4ce5cae579e4d433e0e082d20fc263969fa602679c911accef0adb2d6213bd6
2025-12-10 12:43:30 +01:00 · 2021-09-21 18:21:00 +02:00
parent ae674a0198 fa3669f72f
commit a8a272ac32
6 changed files with 46 additions and 49 deletions
--- a/test/functional/feature_addrman.py
+++ b/test/functional/feature_addrman.py
@@ -19,6 +19,7 @@ def serialize_addrman(
    format=1,
    lowest_compatible=3,
    net_magic="regtest",
+    bucket_key=1,
    len_new=None,
    len_tried=None,
    mock_checksum=None,
@@ -29,7 +30,7 @@ def serialize_addrman(
    r = MAGIC_BYTES[net_magic]
    r += struct.pack("B", format)
    r += struct.pack("B", INCOMPATIBILITY_BASE + lowest_compatible)
-    r += ser_uint256(1)
+    r += ser_uint256(bucket_key)
    r += struct.pack("i", len_new or len(new))
    r += struct.pack("i", len_tried or len(tried))
    ADDRMAN_NEW_BUCKET_COUNT = 1 << 10
@@ -119,6 +120,14 @@ class AddrmanTest(BitcoinTestFramework):
            match=ErrorMatch.FULL_REGEX,
        )

+        self.log.info("Check that corrupt addrman cannot be read (failed check)")
+        self.stop_node(0)
+        write_addrman(peers_dat, bucket_key=0)
+        self.nodes[0].assert_start_raises_init_error(
+            expected_msg=init_error("Corrupt data. Consistency check failed with code -16: .*"),
+            match=ErrorMatch.FULL_REGEX,
+        )
+
        self.log.info("Check that missing addrman is recreated")
        self.stop_node(0)
        os.remove(peers_dat)