From: Guillem Jover Date: Sat, 29 Jan 2022 13:48:22 +0000 (+0100) Subject: test: Import explicit_bzero and strtonum test cases from OpenBSD X-Git-Tag: 0.11.6~5 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c9ff83687c3d100551d8cff967eb1541b187333d;p=thirdparty%2Flibbsd.git test: Import explicit_bzero and strtonum test cases from OpenBSD - Remove trailing spaces. - Declare file-scope functions and variables static. - Declare functions with a proper prototype. - Do not mix declarations and code for C90 conformance. - Do not compare size_t and ssize_t variables. --- diff --git a/COPYING b/COPYING index 32a1130..c225ede 100644 --- a/COPYING +++ b/COPYING @@ -383,6 +383,8 @@ Files: src/recallocarray.c src/strlcat.c src/strlcpy.c + test/explicit_bzero.c + test/strtonum.c Copyright: Copyright © 2004 Ted Unangst and Todd Miller All rights reserved. @@ -391,6 +393,7 @@ Copyright: Copyright © 1998, 2000-2002, 2004-2005, 2007, 2010, 2012-2015 Todd C. Miller Copyright © 2004 Ted Unangst + Copyright © 2004 Otto Moerbeek Copyright © 2008 Damien Miller Copyright © 2008, 2010-2011, 2016-2017 Otto Moerbeek Copyright © 2013 Markus Friedl @@ -398,6 +401,7 @@ Copyright: Copyright © 2014 Brent Cook Copyright © 2014 Pawel Jakub Dawidek Copyright © 2014 Theo de Raadt + Copyright © 2014 Google Inc. Copyright © 2015 Michael Felt Copyright © 2015 Guillem Jover License: ISC diff --git a/test/.gitignore b/test/.gitignore index f226451..a80f854 100644 --- a/test/.gitignore +++ b/test/.gitignore @@ -2,6 +2,7 @@ arc4random bzero closefrom endian +explicit_bzero fgetln fparseln fpurge @@ -20,5 +21,6 @@ setmode strl strmode strnstr +strtonum vis vis-openbsd diff --git a/test/Makefile.am b/test/Makefile.am index 5ef4f29..3939583 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -34,6 +34,7 @@ check_PROGRAMS = \ bzero \ closefrom \ endian \ + explicit_bzero \ humanize \ fgetln \ funopen \ @@ -48,6 +49,7 @@ check_PROGRAMS = \ strl \ strmode \ strnstr \ + strtonum \ vis \ vis-openbsd \ $(nil) diff --git a/test/explicit_bzero.c b/test/explicit_bzero.c new file mode 100644 index 0000000..74993c2 --- /dev/null +++ b/test/explicit_bzero.c @@ -0,0 +1,214 @@ +/* $OpenBSD: explicit_bzero.c,v 1.7 2021/03/27 11:17:58 bcook Exp $ */ +/* + * Copyright (c) 2014 Google Inc. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include +#include + +#define ASSERT_EQ(a, b) assert((a) == (b)) +#define ASSERT_NE(a, b) assert((a) != (b)) +#define ASSERT_GE(a, b) assert((a) >= (b)) + +/* 128 bits of random data. */ +static const char secret[16] = { + 0xa0, 0x6c, 0x0c, 0x81, 0xba, 0xd8, 0x5b, 0x0c, + 0xb0, 0xd6, 0xd4, 0xe3, 0xeb, 0x52, 0x5f, 0x96, +}; + +enum { + SECRETCOUNT = 64, + SECRETBYTES = SECRETCOUNT * sizeof(secret) +}; + +/* + * As of glibc 2.34, when _GNU_SOURCE is defined, SIGSTKSZ is no longer + * constant on Linux. SIGSTKSZ is redefined to sysconf (_SC_SIGSTKSZ). + */ +static char *altstack; +#define ALTSTACK_SIZE (SIGSTKSZ + SECRETBYTES) + +static void +setup_stack(void) +{ + const stack_t sigstk = { + .ss_sp = altstack = calloc(1, ALTSTACK_SIZE), + .ss_size = ALTSTACK_SIZE + }; + + ASSERT_NE(NULL, altstack); + ASSERT_EQ(0, sigaltstack(&sigstk, NULL)); +} + +static void +cleanup_stack(void) +{ + free(altstack); +} + +static void +assert_on_stack(void) +{ + stack_t cursigstk; + ASSERT_EQ(0, sigaltstack(NULL, &cursigstk)); + ASSERT_EQ(SS_ONSTACK, cursigstk.ss_flags & (SS_DISABLE|SS_ONSTACK)); +} + +static void +call_on_stack(void (*fn)(int)) +{ + /* + * This is a bit more complicated than strictly necessary, but + * it ensures we don't have any flaky test failures due to + * inherited signal masks/actions/etc. + * + * On systems where SA_ONSTACK is not supported, this could + * alternatively be implemented using makecontext() or + * pthread_attr_setstack(). + */ + + const struct sigaction sigact = { + .sa_handler = fn, + .sa_flags = SA_ONSTACK, + }; + struct sigaction oldsigact; + sigset_t sigset, oldsigset; + + /* First, block all signals. */ + ASSERT_EQ(0, sigemptyset(&sigset)); + ASSERT_EQ(0, sigfillset(&sigset)); + ASSERT_EQ(0, sigprocmask(SIG_BLOCK, &sigset, &oldsigset)); + + /* Next setup the signal handler for SIGUSR1. */ + ASSERT_EQ(0, sigaction(SIGUSR1, &sigact, &oldsigact)); + + /* Raise SIGUSR1 and momentarily unblock it to run the handler. */ + ASSERT_EQ(0, raise(SIGUSR1)); + ASSERT_EQ(0, sigdelset(&sigset, SIGUSR1)); + ASSERT_EQ(-1, sigsuspend(&sigset)); + ASSERT_EQ(EINTR, errno); + + /* Restore the original signal action, stack, and mask. */ + ASSERT_EQ(0, sigaction(SIGUSR1, &oldsigact, NULL)); + ASSERT_EQ(0, sigprocmask(SIG_SETMASK, &oldsigset, NULL)); +} + +static void +populate_secret(char *buf, ssize_t len) +{ + int i, fds[2]; + ASSERT_EQ(0, pipe(fds)); + + for (i = 0; i < SECRETCOUNT; i++) + ASSERT_EQ(sizeof(secret), write(fds[1], secret, sizeof(secret))); + ASSERT_EQ(0, close(fds[1])); + + ASSERT_EQ(len, read(fds[0], buf, len)); + ASSERT_EQ(0, close(fds[0])); +} + +static int +count_secrets(const char *buf) +{ + int res = 0; + size_t i; + for (i = 0; i < SECRETCOUNT; i++) { + if (memcmp(buf + i * sizeof(secret), secret, + sizeof(secret)) == 0) + res += 1; + } + return (res); +} + +static char * +test_without_bzero(void) +{ + char buf[SECRETBYTES]; + char *res; + assert_on_stack(); + populate_secret(buf, sizeof(buf)); + res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf)); + ASSERT_NE(NULL, res); + return (res); +} + +static char * +test_with_bzero(void) +{ + char buf[SECRETBYTES]; + char *res; + assert_on_stack(); + populate_secret(buf, sizeof(buf)); + res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf)); + ASSERT_NE(NULL, res); + explicit_bzero(buf, sizeof(buf)); + return (res); +} + +static void +do_test_without_bzero(int signo) +{ + char *buf = test_without_bzero(); + ASSERT_GE(count_secrets(buf), 1); +} + +static void +do_test_with_bzero(int signo) +{ + char *buf = test_with_bzero(); + ASSERT_EQ(count_secrets(buf), 0); +} + +int +main(int argc, char **argv) +{ + setup_stack(); + + /* + * Solaris and OS X clobber the signal stack after returning to the + * normal stack, so we need to inspect altstack while we're still + * running on it. Unfortunately, this means we risk clobbering the + * buffer ourselves. + * + * To minimize this risk, test_with{,out}_bzero() are responsible for + * locating the offset of their buf variable within altstack, and + * and returning that address. Then we can simply memcmp() repeatedly + * to count how many instances of secret we found. + */ + + /* + * First, test that if we *don't* call explicit_bzero, that we + * *are* able to find at least one instance of the secret data still + * on the stack. This sanity checks that call_on_stack() and + * populate_secret() work as intended. + */ + memset(altstack, 0, ALTSTACK_SIZE); + call_on_stack(do_test_without_bzero); + + /* + * Now test with a call to explicit_bzero() and check that we + * *don't* find any instances of the secret data. + */ + memset(altstack, 0, ALTSTACK_SIZE); + call_on_stack(do_test_with_bzero); + + cleanup_stack(); + + return (0); +} diff --git a/test/strtonum.c b/test/strtonum.c new file mode 100644 index 0000000..6dee3da --- /dev/null +++ b/test/strtonum.c @@ -0,0 +1,64 @@ +/* $OpenBSD: strtonumtest.c,v 1.1 2004/08/03 20:38:36 otto Exp $ */ +/* + * Copyright (c) 2004 Otto Moerbeek + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include + +static int fail; + +static void +test(const char *p, long long lb, long long ub, int ok) +{ + long long val; + const char *q; + + val = strtonum(p, lb, ub, &q); + if (ok && q != NULL) { + fprintf(stderr, "%s [%lld-%lld] ", p, lb, ub); + fprintf(stderr, "NUMBER NOT ACCEPTED %s\n", q); + fail = 1; + } else if (!ok && q == NULL) { + fprintf(stderr, "%s [%lld-%lld] %lld ", p, lb, ub, val); + fprintf(stderr, "NUMBER ACCEPTED\n"); + fail = 1; + } +} + +int main(int argc, char *argv[]) +{ + test("1", 0, 10, 1); + test("0", -2, 5, 1); + test("0", 2, 5, 0); + test("0", 2, LLONG_MAX, 0); + test("-2", 0, LLONG_MAX, 0); + test("0", -5, LLONG_MAX, 1); + test("-3", -3, LLONG_MAX, 1); + test("-9223372036854775808", LLONG_MIN, LLONG_MAX, 1); + test("9223372036854775807", LLONG_MIN, LLONG_MAX, 1); + test("-9223372036854775809", LLONG_MIN, LLONG_MAX, 0); + test("9223372036854775808", LLONG_MIN, LLONG_MAX, 0); + test("1000000000000000000000000", LLONG_MIN, LLONG_MAX, 0); + test("-1000000000000000000000000", LLONG_MIN, LLONG_MAX, 0); + test("-2", 10, -1, 0); + test("-2", -10, -1, 1); + test("-20", -10, -1, 0); + test("20", -10, -1, 0); + + return (fail); +} +