unittests: Reproducer for undefined shift in ASN1 parser

2019-10-15 16:38:49 +02:00 · 2019-10-15 16:38:49 +02:00 · 8e6d2e251d
parent fe44567d2b
commit 8e6d2e251d
7 changed files with 132 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -115,5 +115,8 @@ src/tests/p11test/p11test

 tests/*.log
 tests/*.trs
+src/tests/unittests/*.log
+src/tests/unittests/*.trs
+src/tests/unittests/asn1

 version.m4.ci
--- a/configure.ac
+++ b/configure.ac
@ -1098,6 +1098,7 @@ AC_CONFIG_FILES([
 	src/tests/regression/Makefile
 	src/tests/p11test/Makefile
 	src/tests/fuzzing/Makefile
+	src/tests/unittests/Makefile
 	src/tools/Makefile
 	src/tools/versioninfo-tools.rc
 	src/tools/versioninfo-opensc-notify.rc
--- a/src/tests/Makefile.am
+++ b/src/tests/Makefile.am
@ -3,7 +3,7 @@ include $(top_srcdir)/win32/ltrc.inc
 MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
 EXTRA_DIST = Makefile.mak

-SUBDIRS = regression p11test fuzzing
+SUBDIRS = regression p11test fuzzing unittests
 noinst_PROGRAMS = base64 lottery p15dump pintest prngtest

 AM_CPPFLAGS = -I$(top_srcdir)/src
--- a/src/tests/unittests/Makefile.am
+++ b/src/tests/unittests/Makefile.am
@ -0,0 +1,17 @@
+MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
+EXTRA_DIST = Makefile.mak
+
+if ENABLE_CMOCKA
+noinst_PROGRAMS = asn1
+
+noinst_HEADERS = torture.h
+
+AM_CPPFLAGS = -I$(top_srcdir)/src/ -Lopensc
+
+asn1_SOURCES = asn1.c
+asn1_CFLAGS = $(CMOCKA_CFLAGS)
+asn1_LDADD = $(top_builddir)/src/libopensc/libopensc.la $(CMOCKA_LIBS) $(OPTIONAL_OPENSSL_LIBS)
+
+
+TESTS = asn1
+endif
--- a/src/tests/unittests/Makefile.mak
+++ b/src/tests/unittests/Makefile.mak
@ -0,0 +1,17 @@
+TOPDIR = ..\..\..
+
+TARGETS = asn1
+
+OBJECTS = asn1.obj \
+	$(TOPDIR)\win32\versioninfo.res
+
+all: $(TARGETS)
+
+!INCLUDE $(TOPDIR)\win32\Make.rules.mak
+
+$(TARGETS): $(OBJECTS) $(LIBS)
+
+.c.exe:
+	cl $(COPTS) /c $<
+	link $(LINKFLAGS) /pdb:$*.pdb /out:$@ $*.obj $(OBJECTS) $(LIBS)
+	if EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1
--- a/src/tests/unittests/asn1.c
+++ b/src/tests/unittests/asn1.c
@ -0,0 +1,60 @@
+/*
+ * asn1.c: Unit tests for ASN1 parsers
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * Author: Jakub Jelen <jjelen@redhat.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "torture.h"
+#include "libopensc/asn1.h"
+
+/*
+ * Test undefined behavior of too large parts of OID encoding
+ *
+ * The specification does not place any limits to these values, but they
+ * are internally in opensc stored as ints so it makes sense to reject
+ * the too-large onese for now, rather than causing undefined overflow.
+ *
+ * https://oss-fuzz.com/testcase-detail/5673497895895040
+ */
+static void torture_large_oid(void **state)
+{
+	/* 2.5.4.18446744073709551619 (The last part is 64 bit overflow) */
+	u8 data1[] = {0x55, 0x04, 0x82, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x03};
+	/* 2.18446744073709551621.4.3 (The second part is 64 bit overflow) */
+	u8 data2[] = {0x82, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x55, 0x04, 0x03};
+	struct sc_object_id oid;
+	int rv = 0;
+
+	rv = sc_asn1_decode_object_id(data1, sizeof(data1), &oid);
+	assert_int_equal(rv, SC_ERROR_NOT_SUPPORTED);
+
+	rv = sc_asn1_decode_object_id(data2, sizeof(data2), &oid);
+	assert_int_equal(rv, SC_ERROR_NOT_SUPPORTED);
+}
+
+
+int main(void)
+{
+	int rc;
+	struct CMUnitTest tests[] = {
+		cmocka_unit_test(torture_large_oid),
+	};
+
+	rc = cmocka_run_group_tests(tests, NULL, NULL);
+	return rc;
+}
--- a/src/tests/unittests/torture.h
+++ b/src/tests/unittests/torture.h
@ -0,0 +1,33 @@
+/*
+ * torture.h: Unit tests in OpenSC
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * Author: Jakub Jelen <jjelen@redhat.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef P11TEST_COMMON_H
+#define P11TEST_COMMON_H
+#include "config.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+
+
+#endif /* P11TEST_COMMON_H */