Bitcoin Core  24.99.0
P2P Digital Currency
http_request.cpp
Go to the documentation of this file.
1 // Copyright (c) 2020-2022 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <httpserver.h>
6 #include <netaddress.h>
7 #include <test/fuzz/FuzzedDataProvider.h>
8 #include <test/fuzz/fuzz.h>
9 #include <test/fuzz/util.h>
10 #include <util/strencodings.h>
11 
12 #include <event2/buffer.h>
13 #include <event2/event.h>
14 #include <event2/http.h>
15 #include <event2/http_struct.h>
16 
17 #include <cassert>
18 #include <cstdint>
19 #include <string>
20 #include <vector>
21 
22 extern "C" int evhttp_parse_firstline_(struct evhttp_request*, struct evbuffer*);
23 extern "C" int evhttp_parse_headers_(struct evhttp_request*, struct evbuffer*);
24 
25 std::string RequestMethodString(HTTPRequest::RequestMethod m);
26 
27 FUZZ_TARGET(http_request)
28 {
29  FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
30  evhttp_request* evreq = evhttp_request_new(nullptr, nullptr);
31  assert(evreq != nullptr);
32  evreq->kind = EVHTTP_REQUEST;
33  evbuffer* evbuf = evbuffer_new();
34  assert(evbuf != nullptr);
35  const std::vector<uint8_t> http_buffer = ConsumeRandomLengthByteVector(fuzzed_data_provider, 4096);
36  evbuffer_add(evbuf, http_buffer.data(), http_buffer.size());
37  // Avoid constructing requests that will be interpreted by libevent as PROXY requests to avoid triggering
38  // a nullptr dereference. The dereference (req->evcon->http_server) takes place in evhttp_parse_request_line
39  // and is a consequence of our hacky but necessary use of the internal function evhttp_parse_firstline_ in
40  // this fuzzing harness. The workaround is not aesthetically pleasing, but it successfully avoids the troublesome
41  // code path. " http:// HTTP/1.1\n" was a crashing input prior to this workaround.
42  const std::string http_buffer_str = ToLower(std::string{http_buffer.begin(), http_buffer.end()});
43  if (http_buffer_str.find(" http://") != std::string::npos || http_buffer_str.find(" https://") != std::string::npos ||
44  evhttp_parse_firstline_(evreq, evbuf) != 1 || evhttp_parse_headers_(evreq, evbuf) != 1) {
45  evbuffer_free(evbuf);
46  evhttp_request_free(evreq);
47  return;
48  }
49 
50  HTTPRequest http_request{evreq, true};
51  const HTTPRequest::RequestMethod request_method = http_request.GetRequestMethod();
52  (void)RequestMethodString(request_method);
53  (void)http_request.GetURI();
54  (void)http_request.GetHeader("Host");
55  const std::string header = fuzzed_data_provider.ConsumeRandomLengthString(16);
56  (void)http_request.GetHeader(header);
57  (void)http_request.WriteHeader(header, fuzzed_data_provider.ConsumeRandomLengthString(16));
58  (void)http_request.GetHeader(header);
59  const std::string body = http_request.ReadBody();
60  assert(body.empty());
61  const CService service = http_request.GetPeer();
62  assert(service.ToStringAddrPort() == "[::]:0");
63 
64  evbuffer_free(evbuf);
65  evhttp_request_free(evreq);
66 }
CService
A combination of a network address (CNetAddr) and a (TCP) port.
Definition: netaddress.h:520
CService::ToStringAddrPort
std::string ToStringAddrPort() const
Definition: netaddress.cpp:914
HTTPRequest
In-flight HTTP request.
Definition: httpserver.h:57
HTTPRequest::GetRequestMethod
RequestMethod GetRequestMethod() const
Get request method.
Definition: httpserver.cpp:650
RequestMethodString
std::string RequestMethodString(HTTPRequest::RequestMethod m)
HTTP request method as string - use for logging only.
Definition: httpserver.cpp:197
evhttp_parse_headers_
int evhttp_parse_headers_(struct evhttp_request *, struct evbuffer *)
evhttp_parse_firstline_
int evhttp_parse_firstline_(struct evhttp_request *, struct evbuffer *)
FUZZ_TARGET
FUZZ_TARGET(http_request)
Definition: http_request.cpp:27
ConsumeRandomLengthByteVector
std::vector< uint8_t > ConsumeRandomLengthByteVector(FuzzedDataProvider &fuzzed_data_provider, const std::optional< size_t > &max_length=std::nullopt) noexcept
Definition: util.h:57
ToLower
std::string ToLower(std::string_view str)
Returns the lowercase equivalent of the given string.
Definition: strencodings.cpp:444
assert
assert(!tx.IsCoinBase())
Generated on Sat Mar 25 2023 02:44:36 for Bitcoin Core by doxygen 1.9.1