fuzz: Terminate immediately if a fuzzing harness tries to perform a DNS lookup (belt and suspenders) #21795

1. 
   practicalswift commented at 10:57 am on April 28, 2021: contributor

   Terminate immediately if a fuzzing harness tries to perform a DNS lookup (belt and suspenders).

   Obviously this should never happen, but if it does happen we want immediate termination instead of a DNS lookup :)

2. fanquake added the label Tests on Apr 28, 2021
3. in src/test/fuzz/fuzz.cpp:33 in 5454e2e33d outdated

   29@@ -27,8 +30,15 @@ void FuzzFrameworkRegisterTarget(std::string_view name, TypeTestOneInput target,
   30 
   31 static TypeTestOneInput* g_test_one_input{nullptr};
   32 
   33+std::vector<CNetAddr> TerminateOnDNSLookup(const std::string&, bool) {
   

   ---

   ---

   

   MarcoFalke commented at 11:12 am on April 28, 2021:

   clang-format?
4. practicalswift force-pushed on Apr 28, 2021
5. practicalswift force-pushed on Apr 28, 2021
6. practicalswift renamed this:
   fuzz: Terminate immediately if a fuzzing input ever causes a DNS lookup (belts and suspenders)
   fuzz: Terminate immediately if a fuzzing harness ever tries to perform a DNS lookup (belts and suspenders)
   on Apr 28, 2021
7. practicalswift force-pushed on Apr 28, 2021
8. 
   DrahtBot commented at 4:04 pm on April 28, 2021: member

   The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

   Conflicts

   No conflicts as of last run.

9. DrahtBot added the label Needs rebase on May 7, 2021
10. practicalswift force-pushed on May 12, 2021
11. practicalswift renamed this:
    fuzz: Terminate immediately if a fuzzing harness ever tries to perform a DNS lookup (belts and suspenders)
    fuzz: Terminate immediately if a fuzzing harness ever tries to perform a DNS lookup (belt and suspenders)
    on May 12, 2021
12. practicalswift renamed this:
    fuzz: Terminate immediately if a fuzzing harness ever tries to perform a DNS lookup (belt and suspenders)
    fuzz: Terminate immediately if a fuzzing harness tries to perform a DNS lookup (belt and suspenders)
    on May 12, 2021
13. DrahtBot removed the label Needs rebase on May 12, 2021
14. practicalswift force-pushed on May 19, 2021
15. practicalswift force-pushed on May 20, 2021
16. DrahtBot added the label Needs rebase on May 21, 2021
17. fuzz: Terminate immediately if a fuzzing harness ever tries to perform a DNS lookup (belts and suspenders) 3737d35fee
18. practicalswift force-pushed on May 21, 2021
19. DrahtBot removed the label Needs rebase on May 21, 2021
20. 
    practicalswift commented at 7:49 pm on June 5, 2021: contributor

    @MarcoFalke Thanks for reviewing. All feedback has been addressed. Let me know if there is anything more I can do :)
21. 
    MarcoFalke commented at 6:56 am on June 6, 2021: member

    review ACK 3737d35fee283968f12e0772aa27aee4981fce41
22. MarcoFalke merged this on Jun 7, 2021
23. MarcoFalke closed this on Jun 7, 2021

    ---

24. sidhujag referenced this in commit f632b40f9e on Jun 9, 2021
25. 
    vasild commented at 1:22 pm on June 30, 2021: member

    This bite me for good in #21878 (now fixed). It works!
26. 
    practicalswift commented at 4:00 pm on June 30, 2021: contributor

    @vasild This safety measure helped avoid an unwanted external DNS lookup? If so that’s great news: thanks for sharing! :)
27. 
    vasild commented at 4:21 pm on June 30, 2021: member

    @practicalswift, yes! Fuzzing CConnman::OpenNetworkConnection(), it called CConnman::ConnectNode() which called Lookup() with the default fNameLookup which is true.
28. gwillen referenced this in commit 7fe97f20c6 on Jun 1, 2022
29. DrahtBot locked this on Aug 18, 2022

Contributors
practicalswift MarcoFalke DrahtBot vasild

Labels
Tests