From 8e6d2e251d803fd191b4b4f30c26a867361d8d81 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Tue, 15 Oct 2019 16:38:49 +0200 Subject: [PATCH] unittests: Reproducer for undefined shift in ASN1 parser --- .gitignore | 3 ++ configure.ac | 1 + src/tests/Makefile.am | 2 +- src/tests/unittests/Makefile.am | 17 +++++++++ src/tests/unittests/Makefile.mak | 17 +++++++++ src/tests/unittests/asn1.c | 60 ++++++++++++++++++++++++++++++++ src/tests/unittests/torture.h | 33 ++++++++++++++++++ 7 files changed, 132 insertions(+), 1 deletion(-) create mode 100644 src/tests/unittests/Makefile.am create mode 100644 src/tests/unittests/Makefile.mak create mode 100644 src/tests/unittests/asn1.c create mode 100644 src/tests/unittests/torture.h diff --git a/.gitignore b/.gitignore index 425c3401..76f431d3 100644 --- a/.gitignore +++ b/.gitignore @@ -115,5 +115,8 @@ src/tests/p11test/p11test tests/*.log tests/*.trs +src/tests/unittests/*.log +src/tests/unittests/*.trs +src/tests/unittests/asn1 version.m4.ci diff --git a/configure.ac b/configure.ac index b74127cb..95177272 100644 --- a/configure.ac +++ b/configure.ac @@ -1098,6 +1098,7 @@ AC_CONFIG_FILES([ src/tests/regression/Makefile src/tests/p11test/Makefile src/tests/fuzzing/Makefile + src/tests/unittests/Makefile src/tools/Makefile src/tools/versioninfo-tools.rc src/tools/versioninfo-opensc-notify.rc diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am index 4e42bd23..cd557306 100644 --- a/src/tests/Makefile.am +++ b/src/tests/Makefile.am @@ -3,7 +3,7 @@ include $(top_srcdir)/win32/ltrc.inc MAINTAINERCLEANFILES = $(srcdir)/Makefile.in EXTRA_DIST = Makefile.mak -SUBDIRS = regression p11test fuzzing +SUBDIRS = regression p11test fuzzing unittests noinst_PROGRAMS = base64 lottery p15dump pintest prngtest AM_CPPFLAGS = -I$(top_srcdir)/src diff --git a/src/tests/unittests/Makefile.am b/src/tests/unittests/Makefile.am new file mode 100644 index 00000000..3d09b5c3 --- /dev/null +++ b/src/tests/unittests/Makefile.am @@ -0,0 +1,17 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +EXTRA_DIST = Makefile.mak + +if ENABLE_CMOCKA +noinst_PROGRAMS = asn1 + +noinst_HEADERS = torture.h + +AM_CPPFLAGS = -I$(top_srcdir)/src/ -Lopensc + +asn1_SOURCES = asn1.c +asn1_CFLAGS = $(CMOCKA_CFLAGS) +asn1_LDADD = $(top_builddir)/src/libopensc/libopensc.la $(CMOCKA_LIBS) $(OPTIONAL_OPENSSL_LIBS) + + +TESTS = asn1 +endif diff --git a/src/tests/unittests/Makefile.mak b/src/tests/unittests/Makefile.mak new file mode 100644 index 00000000..37783a02 --- /dev/null +++ b/src/tests/unittests/Makefile.mak @@ -0,0 +1,17 @@ +TOPDIR = ..\..\.. + +TARGETS = asn1 + +OBJECTS = asn1.obj \ + $(TOPDIR)\win32\versioninfo.res + +all: $(TARGETS) + +!INCLUDE $(TOPDIR)\win32\Make.rules.mak + +$(TARGETS): $(OBJECTS) $(LIBS) + +.c.exe: + cl $(COPTS) /c $< + link $(LINKFLAGS) /pdb:$*.pdb /out:$@ $*.obj $(OBJECTS) $(LIBS) + if EXIST $@.manifest mt -manifest $@.manifest -outputresource:$@;1 diff --git a/src/tests/unittests/asn1.c b/src/tests/unittests/asn1.c new file mode 100644 index 00000000..2e10fbf1 --- /dev/null +++ b/src/tests/unittests/asn1.c @@ -0,0 +1,60 @@ +/* + * asn1.c: Unit tests for ASN1 parsers + * + * Copyright (C) 2019 Red Hat, Inc. + * + * Author: Jakub Jelen + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include "torture.h" +#include "libopensc/asn1.h" + +/* + * Test undefined behavior of too large parts of OID encoding + * + * The specification does not place any limits to these values, but they + * are internally in opensc stored as ints so it makes sense to reject + * the too-large onese for now, rather than causing undefined overflow. + * + * https://oss-fuzz.com/testcase-detail/5673497895895040 + */ +static void torture_large_oid(void **state) +{ + /* 2.5.4.18446744073709551619 (The last part is 64 bit overflow) */ + u8 data1[] = {0x55, 0x04, 0x82, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x03}; + /* 2.18446744073709551621.4.3 (The second part is 64 bit overflow) */ + u8 data2[] = {0x82, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x55, 0x04, 0x03}; + struct sc_object_id oid; + int rv = 0; + + rv = sc_asn1_decode_object_id(data1, sizeof(data1), &oid); + assert_int_equal(rv, SC_ERROR_NOT_SUPPORTED); + + rv = sc_asn1_decode_object_id(data2, sizeof(data2), &oid); + assert_int_equal(rv, SC_ERROR_NOT_SUPPORTED); +} + + +int main(void) +{ + int rc; + struct CMUnitTest tests[] = { + cmocka_unit_test(torture_large_oid), + }; + + rc = cmocka_run_group_tests(tests, NULL, NULL); + return rc; +} diff --git a/src/tests/unittests/torture.h b/src/tests/unittests/torture.h new file mode 100644 index 00000000..ce6addd8 --- /dev/null +++ b/src/tests/unittests/torture.h @@ -0,0 +1,33 @@ +/* + * torture.h: Unit tests in OpenSC + * + * Copyright (C) 2019 Red Hat, Inc. + * + * Author: Jakub Jelen + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifndef P11TEST_COMMON_H +#define P11TEST_COMMON_H +#include "config.h" +#include +#include +#include +#include +#include + + + +#endif /* P11TEST_COMMON_H */