network address message: Crash due to missing check for ipv4 embedded in ipv6

brunoerg / bitcoinfuzz

Differential Fuzzing of Bitcoin implementations and libraries

29 stars 11 forks source link

network address message: Crash due to missing check for ipv4 embedded in ipv6 #49

Open hax0kartik opened 1 month ago

hax0kartik commented 1 month ago

We get a crash as BTCD does not implement a check to test and reject addresses where ipv4 is embedded in ipv6.

BTCD code: https://github.com/btcsuite/btcd/blob/master/wire/netaddressv2.go#L316-L338 Core code: https://github.com/bitcoin/bitcoin/blob/master/src/netaddress.h#L459-L465

The crash can be replicated by passing the readNetAddressV2 function the following hexstring 5fde0202fdffff021000000000000000000000fffffffd00000000

brunoerg commented 1 month ago

This is also checked in rust-bitcoin:

// Invalid IPv6, contains embedded IPv4.
assert!(deserialize::<AddrV2>(&hex!("021000000000000000000000ffff01020304")).is_err());

// Invalid IPv6, contains embedded TORv2.
assert!(deserialize::<AddrV2>(&hex!("0210fd87d87eeb430102030405060708090a")).is_err());