Commit Graph

45 Commits

Author SHA1 Message Date
moneromooo-monero 7175dcb107
replace most boost serialization with existing monero serialization
This reduces the attack surface for data that can come from
malicious sources (exported output and key images, multisig
transactions...) since the monero serialization is already
exposed to the outside, and the boost lib we were using had
a few known crashers.

For interoperability, a new load-deprecated-formats wallet
setting is added (off by default). This allows loading boost
format data if there is no alternative. It will likely go
at some point, along with the ability to load those.

Notably, the peer lists file still uses the boost serialization
code, as the data it stores is define in epee, while the new
serialization code is in monero, and migrating it was fairly
hairy. Since this file is local and not obtained from anyone
else, the marginal risk is minimal, but it could be migrated
later if needed.

Some tests and tools also do, this will stay as is for now.
2020-08-17 16:23:58 +00:00
xiphon 76c16822d0 wallet2_api: implement runtime proxy configuration 2020-07-20 13:45:12 +00:00
Alexander Blair a0d179e528
Merge pull request #6512
5ef0607da Update copyright year to 2020 (SomaticFanatic)
2020-07-19 03:32:59 -07:00
moneromooo-monero bde7f1c5cc
fuzz_tests: fix init check in oss-fuzz mode 2020-06-14 16:10:49 +00:00
moneromooo-monero c4df8b1390
fix leaks in fuzz tests 2020-06-14 12:54:13 +00:00
moneromooo-monero 38ca1bb389
fuzz_tests: add a tx extra fuzz test 2020-06-14 12:54:10 +00:00
moneromooo-monero 81773f55a4
fuzz_tests: refactor and add OSS-Fuzz compatibility 2020-05-15 17:18:27 +00:00
SomaticFanatic 5ef0607da6 Update copyright year to 2020
Update copyright year to 2020
2020-05-06 22:36:54 -04:00
woodser 87d75584e8 Allow wallet2.h to run in WebAssembly
- Add abstract_http_client.h which http_client.h extends.
- Replace simple_http_client with abstract_http_client in wallet2,
message_store, message_transporter, and node_rpc_proxy.
- Import and export wallet data in wallet2.
- Use #if defined __EMSCRIPTEN__ directives to skip incompatible code.
2020-04-15 13:22:46 -04:00
Lee Clagett bdfc63ae4d Add ref-counted buffer byte_slice. Currently used for sending TCP data. 2019-07-16 16:30:35 +00:00
Lee Clagett 7acfa9f3cc Added socks proxy (tor/i2pd/kovri) support to wallet 2019-03-25 01:35:13 +00:00
Riccardo Spagni 37ee4acf48
Merge pull request #5274
dc0c0c91 tests: disable wallet SSL init for tests involving wallet2 (moneromooo-monero)
2019-03-24 19:35:11 +02:00
moneromooo-monero dc0c0c91c5
tests: disable wallet SSL init for tests involving wallet2 2019-03-12 20:43:02 +00:00
binaryFate 1f2930ce0b Update 2019 copyright 2019-03-05 22:05:34 +01:00
moneromooo-monero 85665003a7
epee: better network buffer data structure
avoids pointless allocs and memcpy
2018-12-23 16:46:07 +00:00
moneromooo-monero 8d71b2b1b3
wallet2: only export necessary outputs and key images
and disable annoying test that requires ridiculous amounts
of skullduggery every time some format changes
2018-11-04 22:27:01 +00:00
moneromooo-monero e5108a294a
Catch more exceptions in dtors
Misc coverity reports
2018-10-02 17:28:44 +00:00
Riccardo Spagni effcbf2060
Merge pull request #4459
bcf3f6af fuzz_tests: catch unhandled exceptions (moneromooo-monero)
3ebd05d4 miner: restore stream flags after changing them (moneromooo-monero)
a093092e levin_protocol_handler_async: do not propagate exception through dtor (moneromooo-monero)
1eebb82b net_helper: do not propagate exceptions through dtor (moneromooo-monero)
fb6a3630 miner: do not propagate exceptions through dtor (moneromooo-monero)
2e2139ff epee: do not propagate exception through dtor (moneromooo-monero)
0749a8bd db_lmdb: do not propagate exceptions in dtor (moneromooo-monero)
1b0afeeb wallet_rpc_server: exit cleanly on unhandled exceptions (moneromooo-monero)
418a9936 unit_tests: catch unhandled exceptions (moneromooo-monero)
ea7f9543 threadpool: do not propagate exceptions through the dtor (moneromooo-monero)
6e855422 gen_multisig: nice exit on unhandled exception (moneromooo-monero)
53df2deb db_lmdb: catch error in mdb_stat calls during migration (moneromooo-monero)
e67016dd blockchain_blackball: catch failure to commit db transaction (moneromooo-monero)
661439f4 mlog: don't remove old logs if we failed to rename the current file (moneromooo-monero)
5fdcda50 easylogging++: test for NULL before dereference (moneromooo-monero)
7ece1550 performance_test: fix bad last argument calling add_arg (moneromooo-monero)
a085da32 unit_tests: add check for page size > 0 before dividing (moneromooo-monero)
d8b1ec8b unit_tests: use std::shared_ptr to shut coverity up about leaks (moneromooo-monero)
02563bf4 simplewallet: top level exception catcher to print nicer messages (moneromooo-monero)
c57a65b2 blockchain_blackball: fix shift range for 32 bit archs (moneromooo-monero)
2018-09-29 22:20:38 +02:00
Riccardo Spagni 885d3d5a99
Merge pull request #4254
de905d4b fuzz_tests: use __AFL_INIT when available (moneromooo-monero)
2018-09-14 12:44:47 +02:00
moneromooo-monero 0e6ed559c6
fuzz_tests: add a bulletproof fuzz test 2018-09-11 13:38:21 +00:00
stoffu b21fdaa874
fuzz: set address properly 2018-08-14 20:17:51 +09:00
moneromooo-monero de905d4b48
fuzz_tests: use __AFL_INIT when available
alleged to speed things up
2018-08-13 22:13:56 +00:00
moneromooo-monero 55c7fb87a9
epee: adaptive connection timeout system
a connection's timeout is halved for every extra connection
from the same host.

Also keep track of when we don't need to use a connection
anymore, so we can close it and free the resource for another
connection.

Also use the longer timeout for non routable local addresses.
2018-06-10 19:39:38 +01:00
moneromooo-monero 91d97dd4ab
fuzz_tests: set small subaddress lookahead for speed 2018-03-14 11:34:09 +00:00
stoffu af773211cb
Stagenet 2018-03-05 11:55:05 +09:00
cslashm e745c1e38d Code modifications to integrate Ledger HW device into monero-wallet-cli.
The basic approach it to delegate all sensitive data (master key, secret
ephemeral key, key derivation, ....) and related operations to the device.
As device has low memory, it does not keep itself the values
(except for view/spend keys) but once computed there are encrypted (with AES
are equivalent) and return back to monero-wallet-cli. When they need to be
manipulated by the device, they are decrypted on receive.

Moreover, using the client for storing the value in encrypted form limits
the modification in the client code. Those values are transfered from one
C-structure to another one as previously.

The code modification has been done with the wishes to be open to any
other hardware wallet. To achieve that a C++ class hw::Device has been
introduced. Two initial implementations are provided: the "default", which
remaps all calls to initial Monero code, and  the "Ledger", which delegates
all calls to Ledger device.
2018-03-04 12:54:53 +01:00
moneromooo-monero fa6b45665d
fuzz_tests: fix an uninitialized var in setup
and comment it out, it's only used to generate a starting test case

Coverity 182506
2018-02-02 15:56:44 +00:00
iDunk5400 1c99a628e3
Tests: Fix building of two fuzz tests on Windows 2018-01-28 14:51:02 +01:00
xmr-eric 84a7f6a482 Readd copyright starting date 2018-01-26 10:03:20 -05:00
xmr-eric 18216f19dd Update 2018 copyright 2018-01-26 10:03:20 -05:00
Riccardo Spagni 753215b9c6
Merge pull request #2963
0e19a394 tests: test wallets don't need a dummy temp file anymore (moneromooo-monero)
2018-01-02 00:30:33 +02:00
moneromooo-monero ec724eb64a
tests: add levin fuzz test 2017-12-23 11:29:55 +00:00
moneromooo-monero f1bdc9a42a
tests: add http client fuzz test 2017-12-23 11:29:52 +00:00
moneromooo-monero 0272df9e61
add parse_url fuzz test 2017-12-23 11:29:49 +00:00
moneromooo-monero 261b0dd0e0
tests: add base58 fuzz test 2017-12-23 11:27:45 +00:00
moneromooo-monero c80bb0eb6f
tests: don't init stuff we don't need in fuzz tests - faster 2017-12-23 11:27:40 +00:00
moneromooo-monero 95aa0bf79b
add load_from_binary/load_from_json fuzzers 2017-12-23 11:27:25 +00:00
moneromooo-monero 0e19a39469
tests: test wallets don't need a dummy temp file anymore 2017-12-19 12:56:21 +00:00
moneromooo-monero 09ce03d612
move includes around to lessen overall load 2017-12-16 22:46:38 +00:00
moneromooo-monero 082db75f28
move cryptonote command line options to cryptonote_core
Those have no reason to be in a generic module
2017-11-14 17:06:19 +00:00
moneromooo-monero 937e7f8aa6
Initialize openssl on startup 2017-10-21 10:17:18 +01:00
kenshi84 53ad5a0f42
Subaddresses 2017-10-07 13:06:21 +09:00
Howard Chu 3d19ab7067 Revert "Cleanup test impact of moving blockchain_db_types()"
This reverts commit 3dd34a49ef.
2017-08-29 13:28:16 +01:00
Howard Chu 3dd34a49ef
Cleanup test impact of moving blockchain_db_types() 2017-08-22 15:11:28 +01:00
moneromooo-monero 841231e5bd
Add fuzz testing using american fuzzy lop
Existing tests: block, transaction, signature, cold outputs,
cold transaction.

Data for these is in tests/data/fuzz.

A convenience shell script is in contrib/fuzz_testing/fuzz.sh, eg:

contrib/fuzz_testing/fuzz.sh signature

The fuzzer will run indefinitely, ^C to stop.

Fuzzing is currently supported for GCC only. I can't get CLANG
to build Monero here as it dies on some system headers, so if
someone wants to make it work on both, that'd be great.
In particular, the __AFL_LOOP construct should be made to work
so that a given run can fuzz multiple inputs, as the C++ load
time is substantial.
2017-06-24 16:46:18 +01:00