| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
 | /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
#include "curlcheck.h"
#include "doh.h" /* from the lib dir */
static CURLcode unit_setup(void)
{
  /* whatever you want done first */
  return CURLE_OK;
}
static void unit_stop(void)
{
    /* done before shutting down and exiting */
}
#ifndef CURL_DISABLE_DOH
UNITTEST_START
/*
 * Prove detection of write overflow using a short buffer and a name
 * of maximal valid length.
 *
 * Prove detection of other invalid input.
 */
do {
  const char *max =
    /* ..|....1.........2.........3.........4.........5.........6... */
    /* 3456789012345678901234567890123456789012345678901234567890123 */
    "this.is.a.maximum-length.hostname."                  /* 34:  34 */
    "with-no-label-of-greater-length-than-the-sixty-three-characters."
                                                          /* 64:  98 */
    "specified.in.the.RFCs."                              /* 22: 120 */
    "and.with.a.QNAME.encoding.whose.length.is.exactly."  /* 50: 170 */
    "the.maximum.length.allowed."                         /* 27: 197 */
    "that.is.two-hundred.and.fifty-six."                  /* 34: 231 */
    "including.the.last.null."                            /* 24: 255 */
    "";
  const char *toolong =
    /* ..|....1.........2.........3.........4.........5.........6... */
    /* 3456789012345678901234567890123456789012345678901234567890123 */
    "here.is.a.hostname.which.is.just.barely.too.long."   /* 49:  49 */
    "to.be.encoded.as.a.QNAME.of.the.maximum.allowed.length."
                                                          /* 55: 104 */
    "which.is.256.including.a.final.zero-length.label."   /* 49: 153 */
    "representing.the.root.node.so.that.a.name.with."     /* 47: 200 */
    "a.trailing.dot.may.have.up.to."                      /* 30: 230 */
    "255.characters.never.more."                          /* 26: 256 */
    "";
  const char *emptylabel =
    "this.is.an.otherwise-valid.hostname."
    ".with.an.empty.label.";
  const char *outsizelabel =
    "this.is.an.otherwise-valid.hostname."
    "with-a-label-of-greater-length-than-the-sixty-three-characters-"
    "specified.in.the.RFCs.";
  struct test {
    const char *name;
    const DOHcode expected_result;
  };
  /* plays the role of struct dnsprobe in urldata.h */
  struct demo {
    unsigned char dohbuffer[255 + 16]; /* deliberately short buffer */
    unsigned char canary1;
    unsigned char canary2;
    unsigned char canary3;
  };
  const struct test playlist[4] = {
    { toolong, DOH_DNS_NAME_TOO_LONG },  /* expect early failure */
    { emptylabel, DOH_DNS_BAD_LABEL },   /* also */
    { outsizelabel, DOH_DNS_BAD_LABEL }, /* also */
    { max, DOH_OK }                      /* expect buffer overwrite */
  };
  for(int i = 0; i < (int)(sizeof(playlist)/sizeof(*playlist)); i++) {
    const char *name = playlist[i].name;
    size_t olen = 100000;
    struct demo victim;
    DOHcode d;
    victim.canary1 = 87; /* magic numbers, arbritrarily picked */
    victim.canary2 = 35;
    victim.canary3 = 41;
    d = doh_encode(name, DNS_TYPE_A, victim.dohbuffer,
                   sizeof(struct demo), /* allow room for overflow */
                   &olen);
    fail_unless(d == playlist[i].expected_result,
                "result returned was not as expected");
    if(d == playlist[i].expected_result) {
      if(name == max) {
        fail_if(victim.canary1 == 87,
                "demo one-byte buffer overwrite did not happen");
      }
      else {
        fail_unless(victim.canary1 == 87,
                    "one-byte buffer overwrite has happened");
      }
      fail_unless(victim.canary2 == 35,
                  "two-byte buffer overwrite has happened");
      fail_unless(victim.canary3 == 41,
                  "three-byte buffer overwrite has happened");
    }
    else {
      if(d == DOH_OK) {
        fail_unless(olen <= sizeof(victim.dohbuffer), "wrote outside bounds");
        fail_unless(olen > strlen(name), "unrealistic low size");
      }
    }
  }
} while(0);
/* run normal cases and try to trigger buffer length related errors */
do {
  DNStype dnstype = DNS_TYPE_A;
  unsigned char buffer[128];
  const size_t buflen = sizeof(buffer);
  const size_t magic1 = 9765;
  size_t olen1 = magic1;
  const char *sunshine1 = "a.com";
  const char *dotshine1 = "a.com.";
  const char *sunshine2 = "aa.com";
  size_t olen2;
  DOHcode ret2;
  size_t olen;
  DOHcode ret = doh_encode(sunshine1, dnstype, buffer, buflen, &olen1);
  fail_unless(ret == DOH_OK, "sunshine case 1 should pass fine");
  fail_if(olen1 == magic1, "olen has not been assigned properly");
  fail_unless(olen1 > strlen(sunshine1), "bad out length");
  /* with a trailing dot, the response should have the same length */
  olen2 = magic1;
  ret2 = doh_encode(dotshine1, dnstype, buffer, buflen, &olen2);
  fail_unless(ret2 == DOH_OK, "dotshine case should pass fine");
  fail_if(olen2 == magic1, "olen has not been assigned properly");
  fail_unless(olen1 == olen2, "olen should not grow for a trailing dot");
  /* add one letter, the response should be one longer */
  olen2 = magic1;
  ret2 = doh_encode(sunshine2, dnstype, buffer, buflen, &olen2);
  fail_unless(ret2 == DOH_OK, "sunshine case 2 should pass fine");
  fail_if(olen2 == magic1, "olen has not been assigned properly");
  fail_unless(olen1 + 1 == olen2, "olen should grow with the hostname");
  /* pass a short buffer, should fail */
  ret = doh_encode(sunshine1, dnstype, buffer, olen1 - 1, &olen);
  fail_if(ret == DOH_OK, "short buffer should have been noticed");
  /* pass a minimum buffer, should succeed */
  ret = doh_encode(sunshine1, dnstype, buffer, olen1, &olen);
  fail_unless(ret == DOH_OK, "minimal length buffer should be long enough");
  fail_unless(olen == olen1, "bad buffer length");
} while(0);
UNITTEST_STOP
#else /* CURL_DISABLE_DOH */
UNITTEST_START
{
  return 1; /* nothing to do, just fail */
}
UNITTEST_STOP
#endif
 |