Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug 1095118 - Add ASN.1 GTest for non-DER complaint lengths, r=ttaubert
Differential Revision: https://nss-review.dev.mozaws.net/D268 --HG-- extra : rebase_source : c5f2033f46daa406f076d3c9128217fcb0467849 extra : histedit_source : 7c61ab7fe350df8601e1c46872b5d58ae64c1cf5%2Cc6be27a6a41bea23ba26c222702d65f83b9bdb0c
- Loading branch information
1 parent
092d015
commit b89882d
Showing
3 changed files
with
82 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ | ||
/* vim: set ts=2 et sw=2 tw=80: */ | ||
/* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this file, | ||
* You can obtain one at http://mozilla.org/MPL/2.0/. */ | ||
|
||
#include <stdint.h> | ||
|
||
#include "gtest/gtest.h" | ||
#include "scoped_ptrs.h" | ||
|
||
#include "nss.h" | ||
#include "prerror.h" | ||
#include "secasn1.h" | ||
#include "secerr.h" | ||
#include "secitem.h" | ||
|
||
namespace nss_test { | ||
|
||
class QuickDERTest : public ::testing::Test, | ||
public ::testing::WithParamInterface<SECItem> {}; | ||
|
||
static const uint8_t kNullTag = 0x05; | ||
static const uint8_t kLongLength = 0x80; | ||
|
||
// Length of zero wrongly encoded as 0x80 instead of 0x00. | ||
static uint8_t kOverlongLength_0_0[] = {kNullTag, kLongLength | 0}; | ||
|
||
// Length of zero wrongly encoded as { 0x81, 0x00 } instead of 0x00. | ||
static uint8_t kOverlongLength_1_0[] = {kNullTag, kLongLength | 1, 0x00}; | ||
|
||
// Length of zero wrongly encoded as: | ||
// | ||
// { 0x90, <arbitrary junk of 12 bytes>, | ||
// 0x00, 0x00, 0x00, 0x00 } | ||
// | ||
// instead of 0x00. Note in particular that if there is an integer overflow | ||
// then the arbitrary junk is likely get left-shifted away, as long as there | ||
// are at least sizeof(length) bytes following it. This would be a good way to | ||
// smuggle arbitrary input into DER-encoded data in a way that an non-careful | ||
// parser would ignore. | ||
static uint8_t kOverlongLength_16_0[] = {kNullTag, kLongLength | 0x10, | ||
0x11, 0x22, | ||
0x33, 0x44, | ||
0x55, 0x66, | ||
0x77, 0x88, | ||
0x99, 0xAA, | ||
0xBB, 0xCC, | ||
0x00, 0x00, | ||
0x00, 0x00}; | ||
|
||
static const SECItem kInvalidDER[] = { | ||
{siBuffer, kOverlongLength_0_0, sizeof(kOverlongLength_0_0)}, | ||
{siBuffer, kOverlongLength_1_0, sizeof(kOverlongLength_1_0)}, | ||
{siBuffer, kOverlongLength_16_0, sizeof(kOverlongLength_16_0)}, | ||
}; | ||
|
||
TEST_P(QuickDERTest, InvalidLengths) { | ||
const SECItem& original_input(GetParam()); | ||
|
||
ScopedSECItem copy_of_input(SECITEM_AllocItem(nullptr, nullptr, 0U)); | ||
ASSERT_TRUE(copy_of_input); | ||
ASSERT_EQ(SECSuccess, | ||
SECITEM_CopyItem(nullptr, copy_of_input.get(), &original_input)); | ||
|
||
PORTCheapArenaPool pool; | ||
PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE); | ||
ScopedSECItem parsed_value(SECITEM_AllocItem(nullptr, nullptr, 0U)); | ||
ASSERT_TRUE(parsed_value); | ||
ASSERT_EQ(SECFailure, SEC_QuickDERDecodeItem(&pool.arena, parsed_value.get(), | ||
SEC_ASN1_SUB(SEC_NullTemplate), | ||
copy_of_input.get())); | ||
ASSERT_EQ(SEC_ERROR_BAD_DER, PR_GetError()); | ||
PORT_DestroyCheapArena(&pool); | ||
} | ||
|
||
INSTANTIATE_TEST_CASE_P(QuickderTestsInvalidLengths, QuickDERTest, | ||
testing::ValuesIn(kInvalidDER)); | ||
|
||
} // namespace nss_test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters