Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 1095118 - Add ASN.1 GTest for non-DER complaint lengths, r=ttaubert
Differential Revision: https://nss-review.dev.mozaws.net/D268

--HG--
extra : rebase_source : c5f2033f46daa406f076d3c9128217fcb0467849
extra : histedit_source : 7c61ab7fe350df8601e1c46872b5d58ae64c1cf5%2Cc6be27a6a41bea23ba26c222702d65f83b9bdb0c
  • Loading branch information
franziskuskiefer committed Mar 22, 2017
1 parent 092d015 commit b89882d
Show file tree
Hide file tree
Showing 3 changed files with 82 additions and 0 deletions.
1 change: 1 addition & 0 deletions gtests/der_gtest/der_gtest.gyp
Expand Up @@ -13,6 +13,7 @@
'sources': [
'der_getint_unittest.cc',
'der_private_key_import_unittest.cc',
'der_quickder_unittest.cc',
'<(DEPTH)/gtests/common/gtests.cc'
],
'dependencies': [
Expand Down
80 changes: 80 additions & 0 deletions gtests/der_gtest/der_quickder_unittest.cc
@@ -0,0 +1,80 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */

#include <stdint.h>

#include "gtest/gtest.h"
#include "scoped_ptrs.h"

#include "nss.h"
#include "prerror.h"
#include "secasn1.h"
#include "secerr.h"
#include "secitem.h"

namespace nss_test {

class QuickDERTest : public ::testing::Test,
public ::testing::WithParamInterface<SECItem> {};

static const uint8_t kNullTag = 0x05;
static const uint8_t kLongLength = 0x80;

// Length of zero wrongly encoded as 0x80 instead of 0x00.
static uint8_t kOverlongLength_0_0[] = {kNullTag, kLongLength | 0};

// Length of zero wrongly encoded as { 0x81, 0x00 } instead of 0x00.
static uint8_t kOverlongLength_1_0[] = {kNullTag, kLongLength | 1, 0x00};

// Length of zero wrongly encoded as:
//
// { 0x90, <arbitrary junk of 12 bytes>,
// 0x00, 0x00, 0x00, 0x00 }
//
// instead of 0x00. Note in particular that if there is an integer overflow
// then the arbitrary junk is likely get left-shifted away, as long as there
// are at least sizeof(length) bytes following it. This would be a good way to
// smuggle arbitrary input into DER-encoded data in a way that an non-careful
// parser would ignore.
static uint8_t kOverlongLength_16_0[] = {kNullTag, kLongLength | 0x10,
0x11, 0x22,
0x33, 0x44,
0x55, 0x66,
0x77, 0x88,
0x99, 0xAA,
0xBB, 0xCC,
0x00, 0x00,
0x00, 0x00};

static const SECItem kInvalidDER[] = {
{siBuffer, kOverlongLength_0_0, sizeof(kOverlongLength_0_0)},
{siBuffer, kOverlongLength_1_0, sizeof(kOverlongLength_1_0)},
{siBuffer, kOverlongLength_16_0, sizeof(kOverlongLength_16_0)},
};

TEST_P(QuickDERTest, InvalidLengths) {
const SECItem& original_input(GetParam());

ScopedSECItem copy_of_input(SECITEM_AllocItem(nullptr, nullptr, 0U));
ASSERT_TRUE(copy_of_input);
ASSERT_EQ(SECSuccess,
SECITEM_CopyItem(nullptr, copy_of_input.get(), &original_input));

PORTCheapArenaPool pool;
PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE);
ScopedSECItem parsed_value(SECITEM_AllocItem(nullptr, nullptr, 0U));
ASSERT_TRUE(parsed_value);
ASSERT_EQ(SECFailure, SEC_QuickDERDecodeItem(&pool.arena, parsed_value.get(),
SEC_ASN1_SUB(SEC_NullTemplate),
copy_of_input.get()));
ASSERT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
PORT_DestroyCheapArena(&pool);
}

INSTANTIATE_TEST_CASE_P(QuickderTestsInvalidLengths, QuickDERTest,
testing::ValuesIn(kInvalidDER));

} // namespace nss_test
1 change: 1 addition & 0 deletions gtests/der_gtest/manifest.mn
Expand Up @@ -9,6 +9,7 @@ MODULE = nss
CPPSRCS = \
der_getint_unittest.cc \
der_private_key_import_unittest.cc \
der_quickder_unittest.cc \
$(NULL)

INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
Expand Down

0 comments on commit b89882d

Please sign in to comment.