Bitcoin Core 22.99.0
P2P Digital Currency
http_request.cpp
Go to the documentation of this file.
1// Copyright (c) 2020 The Bitcoin Core developers
2// Distributed under the MIT software license, see the accompanying
3// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5#include <httpserver.h>
6#include <netaddress.h>
7#include <test/fuzz/FuzzedDataProvider.h>
8#include <test/fuzz/fuzz.h>
9#include <test/fuzz/util.h>
10#include <util/strencodings.h>
11
12#include <event2/buffer.h>
13#include <event2/event.h>
14#include <event2/http.h>
15#include <event2/http_struct.h>
16
17#include <cassert>
18#include <cstdint>
19#include <string>
20#include <vector>
21
22// workaround for libevent versions before 2.1.1,
23// when internal functions didn't have underscores at the end
24#if LIBEVENT_VERSION_NUMBER < 0x02010100
25extern "C" int evhttp_parse_firstline(struct evhttp_request*, struct evbuffer*);
26extern "C" int evhttp_parse_headers(struct evhttp_request*, struct evbuffer*);
27inline int evhttp_parse_firstline_(struct evhttp_request* r, struct evbuffer* b)
28{
29 return evhttp_parse_firstline(r, b);
30}
31inline int evhttp_parse_headers_(struct evhttp_request* r, struct evbuffer* b)
32{
33 return evhttp_parse_headers(r, b);
34}
35#else
36extern "C" int evhttp_parse_firstline_(struct evhttp_request*, struct evbuffer*);
37extern "C" int evhttp_parse_headers_(struct evhttp_request*, struct evbuffer*);
38#endif
39
40std::string RequestMethodString(HTTPRequest::RequestMethod m);
41
42FUZZ_TARGET(http_request)
43{
44 FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
45 evhttp_request* evreq = evhttp_request_new(nullptr, nullptr);
46 assert(evreq != nullptr);
47 evreq->kind = EVHTTP_REQUEST;
48 evbuffer* evbuf = evbuffer_new();
49 assert(evbuf != nullptr);
50 const std::vector<uint8_t> http_buffer = ConsumeRandomLengthByteVector(fuzzed_data_provider, 4096);
51 evbuffer_add(evbuf, http_buffer.data(), http_buffer.size());
52 // Avoid constructing requests that will be interpreted by libevent as PROXY requests to avoid triggering
53 // a nullptr dereference. The dereference (req->evcon->http_server) takes place in evhttp_parse_request_line
54 // and is a consequence of our hacky but necessary use of the internal function evhttp_parse_firstline_ in
55 // this fuzzing harness. The workaround is not aesthetically pleasing, but it successfully avoids the troublesome
56 // code path. " http:// HTTP/1.1\n" was a crashing input prior to this workaround.
57 const std::string http_buffer_str = ToLower({http_buffer.begin(), http_buffer.end()});
58 if (http_buffer_str.find(" http://") != std::string::npos || http_buffer_str.find(" https://") != std::string::npos ||
59 evhttp_parse_firstline_(evreq, evbuf) != 1 || evhttp_parse_headers_(evreq, evbuf) != 1) {
60 evbuffer_free(evbuf);
61 evhttp_request_free(evreq);
62 return;
63 }
64
65 HTTPRequest http_request{evreq, true};
66 const HTTPRequest::RequestMethod request_method = http_request.GetRequestMethod();
67 (void)RequestMethodString(request_method);
68 (void)http_request.GetURI();
69 (void)http_request.GetHeader("Host");
70 const std::string header = fuzzed_data_provider.ConsumeRandomLengthString(16);
71 (void)http_request.GetHeader(header);
72 (void)http_request.WriteHeader(header, fuzzed_data_provider.ConsumeRandomLengthString(16));
73 (void)http_request.GetHeader(header);
74 const std::string body = http_request.ReadBody();
75 assert(body.empty());
76 const CService service = http_request.GetPeer();
77 assert(service.ToString() == "[::]:0");
78
79 evbuffer_free(evbuf);
80 evhttp_request_free(evreq);
81}
CService
A combination of a network address (CNetAddr) and a (TCP) port.
Definition: netaddress.h:523
CService::ToString
std::string ToString() const
Definition: netaddress.cpp:1048
HTTPRequest
In-flight HTTP request.
Definition: httpserver.h:57
HTTPRequest::GetRequestMethod
RequestMethod GetRequestMethod() const
Get request method.
Definition: httpserver.cpp:611
evhttp_parse_firstline_
int evhttp_parse_firstline_(struct evhttp_request *r, struct evbuffer *b)
Definition: http_request.cpp:27
evhttp_parse_firstline
int evhttp_parse_firstline(struct evhttp_request *, struct evbuffer *)
evhttp_parse_headers
int evhttp_parse_headers(struct evhttp_request *, struct evbuffer *)
RequestMethodString
std::string RequestMethodString(HTTPRequest::RequestMethod m)
HTTP request method as string - use for logging only.
Definition: httpserver.cpp:186
evhttp_parse_headers_
int evhttp_parse_headers_(struct evhttp_request *r, struct evbuffer *b)
Definition: http_request.cpp:31
FUZZ_TARGET
FUZZ_TARGET(http_request)
Definition: http_request.cpp:42
ToLower
std::string ToLower(const std::string &str)
Returns the lowercase equivalent of the given string.
Definition: strencodings.cpp:495
ConsumeRandomLengthByteVector
std::vector< uint8_t > ConsumeRandomLengthByteVector(FuzzedDataProvider &fuzzed_data_provider, const std::optional< size_t > &max_length=std::nullopt) noexcept
Definition: util.h:61
assert
assert(!tx.IsCoinBase())
Generated on Mon Nov 8 2021 14:20:07 for Bitcoin Core by doxygen 1.9.2