Test bogus KDC-REQs

Send encodings that are invalid KDC-REQs, but pass krb5_is_as_req()
and krb5_is_tgs_req(), to make sure that the KDC recovers correctly
from failures in decode_krb5_as_req() and decode_krb5_tgs_req().  Also
send an encoding that isn't a valid KDC-REQ.

(back ported from commit dae7693f8bf970d89d4c697f3d66a7d458281b93)

ticket: 7846 (new)
version_fixed: 1.10.8
status: resolved

diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 793f312c8a844def275f01a9278bcd563187721f..864b9fdfa4d0f3aa927fb4e3a134aa5d73f451b6 100644 (file)
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -78,6 +78,7 @@ check-pytests:: hist
 #      $(RUNPYTEST) $(srcdir)/kdc_realm/kdcref.py $(PYTESTFLAGS)
        $(RUNPYTEST) $(srcdir)/t_cve-2012-1014.py $(PYTESTFLAGS)
        $(RUNPYTEST) $(srcdir)/t_cve-2012-1015.py $(PYTESTFLAGS)
+       $(RUNPYTEST) $(srcdir)/t_bogus_kdc_req.py $(PYTESTFLAGS)
 
 clean::
        $(RM) kdc.conf

diff --git a/src/tests/t_bogus_kdc_req.py b/src/tests/t_bogus_kdc_req.py
new file mode 100644 (file)
index 0000000..b6208ca
--- /dev/null
+++ b/src/tests/t_bogus_kdc_req.py
@@ -0,0 +1,44 @@
+#!/usr/bin/python
+
+import base64
+import socket
+from k5test import *
+
+realm = K5Realm()
+
+# Send encodings that are invalid KDC-REQs, but pass krb5_is_as_req()
+# and krb5_is_tgs_req(), to make sure that the KDC recovers correctly
+# from failures in decode_krb5_as_req() and decode_krb5_tgs_req().
+
+s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+a = (hostname, realm.portbase)
+
+
+# Bogus AS-REQ
+
+x1 = base64.b16decode('6AFF')
+s.sendto(x1, a)
+
+# Make sure kinit still works.
+
+realm.kinit(realm.user_princ, password('user'))
+
+# Bogus TGS-REQ
+
+x2 = base64.b16decode('6CFF')
+s.sendto(x2, a)
+
+# Make sure kinit still works.
+
+realm.kinit(realm.user_princ, password('user'))
+
+# Not a KDC-REQ, even a little bit
+
+x3 = base64.b16decode('FFFF')
+s.sendto(x3, a)
+
+# Make sure kinit still works.
+
+realm.kinit(realm.user_princ, password('user'))
+
+success('Bogus KDC-REQ test')