diff options
Diffstat (limited to 'tests/unit/unit1655.c')
-rw-r--r-- | tests/unit/unit1655.c | 107 |
1 files changed, 55 insertions, 52 deletions
diff --git a/tests/unit/unit1655.c b/tests/unit/unit1655.c index 60f43d7d6..7fea134d5 100644 --- a/tests/unit/unit1655.c +++ b/tests/unit/unit1655.c @@ -40,71 +40,74 @@ UNITTEST_START * so we can prove this test would detect it and that it is properly fixed */ do { -const char *bad = "this.is.a.hostname.where.each.individual.part.is.within." - "the.sixtythree.character.limit.but.still.long.enough.to." - "trigger.the.the.buffer.overflow......it.is.chosen.to.be." - "of.a.length.such.that.it.causes.a.two.byte.buffer......." - "overwrite.....making.it.longer.causes.doh.encode.to....." - ".return.early.so.dont.change.its.length.xxxx.xxxxxxxxxxx" - "..xxxxxx.....xx..........xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - "xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxx..x......xxxx" - "xxxx..xxxxxxxxxxxxxxxxxxx.x...xxxx.x.x.x...xxxxx"; + const char *bad = "this.is.a.hostname.where.each.individual.part.is.within." + "the.sixtythree.character.limit.but.still.long.enough.to." + "trigger.the.the.buffer.overflow......it.is.chosen.to.be." + "of.a.length.such.that.it.causes.a.two.byte.buffer......." + "overwrite.....making.it.longer.causes.doh.encode.to....." + ".return.early.so.dont.change.its.length.xxxx.xxxxxxxxxxx" + "..xxxxxx.....xx..........xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" + "xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxx..x......xxxx" + "xxxx..xxxxxxxxxxxxxxxxxxx.x...xxxx.x.x.x...xxxxx"; -/* plays the role of struct dnsprobe in urldata.h */ -struct demo { + /* plays the role of struct dnsprobe in urldata.h */ + struct demo { unsigned char dohbuffer[512]; unsigned char canary1; unsigned char canary2; unsigned char canary3; -}; + }; -size_t olen = 100000; -struct demo victim; -victim.canary1 = 87; /* magic numbers, arbritrarily picked */ -victim.canary2 = 35; -victim.canary3 = 41; -DOHcode d = doh_encode(bad, DNS_TYPE_A, victim.dohbuffer, - sizeof(victim.dohbuffer), &olen); -fail_unless(victim.canary1 == 87, "one byte buffer overwrite has happened"); -fail_unless(victim.canary2 == 35, "two byte buffer overwrite has happened"); -fail_unless(victim.canary3 == 41, "three byte buffer overwrite has happened"); -if(d == DOH_OK) -{ - fail_unless(olen <= sizeof(victim.dohbuffer), "wrote outside bounds"); - fail_unless(olen > strlen(bad), "unrealistic low size"); -} + size_t olen = 100000; + struct demo victim; + DOHcode d; + victim.canary1 = 87; /* magic numbers, arbritrarily picked */ + victim.canary2 = 35; + victim.canary3 = 41; + d = doh_encode(bad, DNS_TYPE_A, victim.dohbuffer, + sizeof(victim.dohbuffer), &olen); + fail_unless(victim.canary1 == 87, "one byte buffer overwrite has happened"); + fail_unless(victim.canary2 == 35, "two byte buffer overwrite has happened"); + fail_unless(victim.canary3 == 41, + "three byte buffer overwrite has happened"); + if(d == DOH_OK) { + fail_unless(olen <= sizeof(victim.dohbuffer), "wrote outside bounds"); + fail_unless(olen > strlen(bad), "unrealistic low size"); + } } while(0); /* run normal cases and try to trigger buffer length related errors */ do { -DNStype dnstype = DNS_TYPE_A; -unsigned char buffer[128]; -const size_t buflen = sizeof(buffer); -const size_t magic1 = 9765; -size_t olen1 = magic1; -const char *sunshine1 = "a.com"; -const char *sunshine2 = "aa.com"; + DNStype dnstype = DNS_TYPE_A; + unsigned char buffer[128]; + const size_t buflen = sizeof(buffer); + const size_t magic1 = 9765; + size_t olen1 = magic1; + const char *sunshine1 = "a.com"; + const char *sunshine2 = "aa.com"; + size_t olen2; + DOHcode ret2; + size_t olen; -DOHcode ret = doh_encode(sunshine1, dnstype, buffer, buflen, &olen1); -fail_unless(ret == DOH_OK, "sunshine case 1 should pass fine"); -fail_if(olen1 == magic1, "olen has not been assigned properly"); -fail_unless(olen1 > strlen(sunshine1), "bad out length"); + DOHcode ret = doh_encode(sunshine1, dnstype, buffer, buflen, &olen1); + fail_unless(ret == DOH_OK, "sunshine case 1 should pass fine"); + fail_if(olen1 == magic1, "olen has not been assigned properly"); + fail_unless(olen1 > strlen(sunshine1), "bad out length"); -/* add one letter, the response should be one longer */ -size_t olen2 = magic1; -DOHcode ret2 = doh_encode(sunshine2, dnstype, buffer, buflen, &olen2); -fail_unless(ret2 == DOH_OK, "sunshine case 2 should pass fine"); -fail_if(olen2 == magic1, "olen has not been assigned properly"); -fail_unless(olen1 + 1 == olen2, "olen should grow with the hostname"); + /* add one letter, the response should be one longer */ + olen2 = magic1; + ret2 = doh_encode(sunshine2, dnstype, buffer, buflen, &olen2); + fail_unless(ret2 == DOH_OK, "sunshine case 2 should pass fine"); + fail_if(olen2 == magic1, "olen has not been assigned properly"); + fail_unless(olen1 + 1 == olen2, "olen should grow with the hostname"); -/* pass a short buffer, should fail */ -size_t olen; -ret = doh_encode(sunshine1, dnstype, buffer, olen1 - 1, &olen); -fail_if(ret == DOH_OK, "short buffer should have been noticed"); + /* pass a short buffer, should fail */ + ret = doh_encode(sunshine1, dnstype, buffer, olen1 - 1, &olen); + fail_if(ret == DOH_OK, "short buffer should have been noticed"); -/* pass a minimum buffer, should succeed */ -ret = doh_encode(sunshine1, dnstype, buffer, olen1, &olen); -fail_unless(ret == DOH_OK, "minimal length buffer should be long enough"); -fail_unless(olen == olen1, "bad buffer length"); + /* pass a minimum buffer, should succeed */ + ret = doh_encode(sunshine1, dnstype, buffer, olen1, &olen); + fail_unless(ret == DOH_OK, "minimal length buffer should be long enough"); + fail_unless(olen == olen1, "bad buffer length"); } while(0); UNITTEST_STOP |