Skip to content

Commit

Permalink
fuzz: Improve fuzzing stability for txorphan harness
Browse files Browse the repository at this point in the history
  • Loading branch information
dergoegge committed Dec 8, 2023
1 parent dce1dfb commit 15f5a0d
Show file tree
Hide file tree
Showing 5 changed files with 9 additions and 8 deletions.
2 changes: 1 addition & 1 deletion src/net_processing.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -4298,7 +4298,7 @@ void PeerManagerImpl::ProcessMessage(CNode& pfrom, const std::string& msg_type,
m_txrequest.ForgetTxHash(tx.GetWitnessHash());

// DoS prevention: do not allow m_orphanage to grow unbounded (see CVE-2012-3789)
m_orphanage.LimitOrphans(m_opts.max_orphan_txs);
m_orphanage.LimitOrphans(m_opts.max_orphan_txs, m_rng);
} else {
LogPrint(BCLog::MEMPOOL, "not keeping orphan with rejected parents %s (wtxid=%s)\n",
tx.GetHash().ToString(),
Expand Down
3 changes: 2 additions & 1 deletion src/test/fuzz/txorphan.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ void initialize_orphanage()
FUZZ_TARGET(txorphan, .init = initialize_orphanage)
{
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
FastRandomContext limit_orphans_rng{/*fDeterministic=*/true};
SetMockTime(ConsumeTime(fuzzed_data_provider));

TxOrphanage orphanage;
Expand Down Expand Up @@ -132,7 +133,7 @@ FUZZ_TARGET(txorphan, .init = initialize_orphanage)
// test mocktime and expiry
SetMockTime(ConsumeTime(fuzzed_data_provider));
auto limit = fuzzed_data_provider.ConsumeIntegral<unsigned int>();
orphanage.LimitOrphans(limit);
orphanage.LimitOrphans(limit, limit_orphans_rng);
Assert(orphanage.Size() <= limit);
});
}
Expand Down
7 changes: 4 additions & 3 deletions src/test/orphanage_tests.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -129,11 +129,12 @@ BOOST_AUTO_TEST_CASE(DoS_mapOrphans)
}

// Test LimitOrphanTxSize() function:
orphanage.LimitOrphans(40);
FastRandomContext rng{/*fDeterministic=*/true};
orphanage.LimitOrphans(40, rng);
BOOST_CHECK(orphanage.CountOrphans() <= 40);
orphanage.LimitOrphans(10);
orphanage.LimitOrphans(10, rng);
BOOST_CHECK(orphanage.CountOrphans() <= 10);
orphanage.LimitOrphans(0);
orphanage.LimitOrphans(0, rng);
BOOST_CHECK(orphanage.CountOrphans() == 0);
}

Expand Down
3 changes: 1 addition & 2 deletions src/txorphanage.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ void TxOrphanage::EraseForPeer(NodeId peer)
if (nErased > 0) LogPrint(BCLog::TXPACKAGES, "Erased %d orphan tx from peer=%d\n", nErased, peer);
}

void TxOrphanage::LimitOrphans(unsigned int max_orphans)
void TxOrphanage::LimitOrphans(unsigned int max_orphans, FastRandomContext& rng)
{
LOCK(m_mutex);

Expand All @@ -138,7 +138,6 @@ void TxOrphanage::LimitOrphans(unsigned int max_orphans)
nNextSweep = nMinExpTime + ORPHAN_TX_EXPIRE_INTERVAL;
if (nErased > 0) LogPrint(BCLog::TXPACKAGES, "Erased %d orphan tx due to expiration\n", nErased);
}
FastRandomContext rng;
while (m_orphans.size() > max_orphans)
{
// Evict a random orphan:
Expand Down
2 changes: 1 addition & 1 deletion src/txorphanage.h
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ class TxOrphanage {
void EraseForBlock(const CBlock& block) EXCLUSIVE_LOCKS_REQUIRED(!m_mutex);

/** Limit the orphanage to the given maximum */
void LimitOrphans(unsigned int max_orphans) EXCLUSIVE_LOCKS_REQUIRED(!m_mutex);
void LimitOrphans(unsigned int max_orphans, FastRandomContext& rng) EXCLUSIVE_LOCKS_REQUIRED(!m_mutex);

/** Add any orphans that list a particular tx as a parent into the from peer's work set */
void AddChildrenToWorkSet(const CTransaction& tx) EXCLUSIVE_LOCKS_REQUIRED(!m_mutex);;
Expand Down

0 comments on commit 15f5a0d

Please sign in to comment.