Commit Graph

18 Commits

Author SHA1 Message Date
moneromooo-monero 7175dcb107
replace most boost serialization with existing monero serialization
This reduces the attack surface for data that can come from
malicious sources (exported output and key images, multisig
transactions...) since the monero serialization is already
exposed to the outside, and the boost lib we were using had
a few known crashers.

For interoperability, a new load-deprecated-formats wallet
setting is added (off by default). This allows loading boost
format data if there is no alternative. It will likely go
at some point, along with the ability to load those.

Notably, the peer lists file still uses the boost serialization
code, as the data it stores is define in epee, while the new
serialization code is in monero, and migrating it was fairly
hairy. Since this file is local and not obtained from anyone
else, the marginal risk is minimal, but it could be migrated
later if needed.

Some tests and tools also do, this will stay as is for now.
2020-08-17 16:23:58 +00:00
moneromooo-monero 38ca1bb389
fuzz_tests: add a tx extra fuzz test 2020-06-14 12:54:10 +00:00
moneromooo-monero 8d71b2b1b3
wallet2: only export necessary outputs and key images
and disable annoying test that requires ridiculous amounts
of skullduggery every time some format changes
2018-11-04 22:27:01 +00:00
moneromooo-monero 27af46c930
tests: update test wallet keys file for encrypted keys 2018-09-15 09:34:11 +00:00
moneromooo-monero 0e6ed559c6
fuzz_tests: add a bulletproof fuzz test 2018-09-11 13:38:21 +00:00
einsteinsfool 7cdd147da5 Changed URLs to HTTPS 2018-06-23 21:15:29 +02:00
moneromooo-monero ec724eb64a
tests: add levin fuzz test 2017-12-23 11:29:55 +00:00
moneromooo-monero f1bdc9a42a
tests: add http client fuzz test 2017-12-23 11:29:52 +00:00
moneromooo-monero 0272df9e61
add parse_url fuzz test 2017-12-23 11:29:49 +00:00
moneromooo-monero 261b0dd0e0
tests: add base58 fuzz test 2017-12-23 11:27:45 +00:00
moneromooo-monero 53b83a83fc
tests: better load-from-binary fuzz test data file
Looks like there's some kind of header/signature
2017-12-23 11:27:37 +00:00
moneromooo-monero 95aa0bf79b
add load_from_binary/load_from_json fuzzers 2017-12-23 11:27:25 +00:00
moneromooo-monero 841231e5bd
Add fuzz testing using american fuzzy lop
Existing tests: block, transaction, signature, cold outputs,
cold transaction.

Data for these is in tests/data/fuzz.

A convenience shell script is in contrib/fuzz_testing/fuzz.sh, eg:

contrib/fuzz_testing/fuzz.sh signature

The fuzzer will run indefinitely, ^C to stop.

Fuzzing is currently supported for GCC only. I can't get CLANG
to build Monero here as it dies on some system headers, so if
someone wants to make it work on both, that'd be great.
In particular, the __AFL_LOOP construct should be made to work
so that a given run can fuzz multiple inputs, as the C++ load
time is substantial.
2017-06-24 16:46:18 +01:00
Riccardo Spagni 700d218c5d
fix broken test data 2017-02-22 23:12:21 +02:00
Riccardo Spagni c3599fa7b9
update copyright year, fix occasional lack of newline at line end 2017-02-21 19:38:18 +02:00
kenshi84 ada7c7da8f portable serializer: tests added 2017-01-03 09:14:48 +09:00
Riccardo Spagni f4b69d553a
year updated in license 2015-01-02 18:52:46 +02:00
Antonio Juarez 296ae46ed8 moved all stuff to github 2014-03-03 22:07:58 +00:00