network address message: Crash due to missing check for ipv4 embedded in ipv6

brunoerg / bitcoinfuzz

Differential Fuzzing of Bitcoin implementations and libraries

32 stars 12 forks source link

network address message: Crash due to missing check for ipv4 embedded in ipv6 #49

Closed hax0kartik closed 3 months ago

hax0kartik commented 5 months ago

We get a crash as BTCD does not implement a check to test and reject addresses where ipv4 is embedded in ipv6.

BTCD code: https://github.com/btcsuite/btcd/blob/master/wire/netaddressv2.go#L316-L338 Core code: https://github.com/bitcoin/bitcoin/blob/master/src/netaddress.h#L459-L465

The crash can be replicated by passing the readNetAddressV2 function the following hexstring 5fde0202fdffff021000000000000000000000fffffffd00000000

brunoerg commented 5 months ago

This is also checked in rust-bitcoin:

// Invalid IPv6, contains embedded IPv4.
assert!(deserialize::<AddrV2>(&hex!("021000000000000000000000ffff01020304")).is_err());

// Invalid IPv6, contains embedded TORv2.
assert!(deserialize::<AddrV2>(&hex!("0210fd87d87eeb430102030405060708090a")).is_err());

brunoerg commented 3 months ago

Will close since we've already opened an issue on btcd repository