Opened 8 months ago

Last modified 5 weeks ago

#24265 new enhancement

Fuzz all rust functions that are used by authorities to make sure they match C

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: Rust, protover, fuzz, 034-triage-20180328, 034-removed-20180328
Cc: chelseakomlo, isis Actual Points:
Parent ID: Points: 3
Reviewer: Sponsor:

Description (last modified by teor)

We could break consensus if some authorities are running the rust version of the code, and some are running the C version of the code, and their outputs differ on any input.

This is like #24029, but with arbitrary inputs that may or may not be UTF-8.

Child Tickets

#24029defectclosedchelseakomloTest all rust functions' behavior when called from C with bad UTF8

Change History (10)

comment:1 Changed 8 months ago by teor

Description: modified (diff)

comment:2 Changed 8 months ago by nickm

Milestone: Tor: 0.3.2.x-finalTor: 0.3.3.x-final

comment:3 Changed 8 months ago by chelseakomlo

Cc: chelseakomlo added

comment:4 Changed 5 months ago by nickm

Milestone: Tor: 0.3.3.x-finalTor: 0.3.4.x-final
Type: defectenhancement

Label a bunch of (arguable and definite) enhancements as enhancements for 0.3.4.

comment:5 Changed 5 months ago by teor

We'll need to fix all the child tickets before we can fuzz, because they will cause hangs or crashes under fuzzing.

comment:6 Changed 5 months ago by isis

Cc: isis added

comment:7 Changed 4 months ago by nickm

Keywords: 034-triage-20180328 added

comment:8 Changed 4 months ago by nickm

Keywords: 034-removed-20180328 added

Per our triage process, these tickets are pending removal from 0.3.4.

comment:9 Changed 3 months ago by nickm

Milestone: Tor: 0.3.4.x-finalTor: unspecified

These tickets, tagged with 034-removed-*, are no longer in-scope for 0.3.4. We can reconsider any of them, if time permits.

comment:10 Changed 5 weeks ago by chelseakomlo

I'm going to add more description about what we think the outcome of this ticket should be, so it can be easily picked up. Please update/add more info if this isn't exactly what we need.

1) This implementation should be fairly lightweight, as we don't want a lot of dual implementations between Rust/C in the future, this is largely to support existing code and where we only critically need it in the future.

2) This should be added to existing C fuzzing tests in /src/test/fuzz.

3) This should use existing fuzzing infrastructure in Tor (see doc/HACKING/, but should compare outputs between the C and Rust implementation. This would mean we would need some mechanism to generate both implementations (build tor with rust enabled and not enabled) and then push arbitrary input into functions defined in both and then compare the output.

Note: See TracTickets for help on using tickets.