From: Hugo Landau <hlandau@openssl.org>
Date: Tue, 25 Jul 2023 10:32:25 +0000 (+0100)
Subject: QUIC CONFORMANCE: Test that CRYPTO frames with bad offsets/lengths are rejected
X-Git-Tag: openssl-3.2.0-alpha1~276
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=27c2f62f96287d7bbe2aade5fc3e3c86e88c4496;p=thirdparty%2Fopenssl.git

QUIC CONFORMANCE: Test that CRYPTO frames with bad offsets/lengths are rejected

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
---

diff --git a/test/quic_multistream_test.c b/test/quic_multistream_test.c
index f49a440ab69..20db5d5767c 100644
--- a/test/quic_multistream_test.c
+++ b/test/quic_multistream_test.c
@@ -3026,6 +3026,65 @@ static const struct script_op script_41[] = {
     OP_END
 };
 
+/* 42. Fault injection - CRYPTO frame with illegal offset */
+static int script_42_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
+                                  unsigned char *buf, size_t len)
+{
+    int ok = 0;
+    unsigned char frame_buf[64];
+    size_t written;
+    WPACKET wpkt;
+
+    if (h->inject_word0 == 0)
+        return 1;
+
+    --h->inject_word0;
+
+    if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
+                                           sizeof(frame_buf), 0)))
+        return 0;
+
+    if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO))
+        || !TEST_true(WPACKET_quic_write_vlint(&wpkt, (((uint64_t)1) << 62) - 1))
+        || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 1))
+        || !TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
+        goto err;
+
+    if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
+        goto err;
+
+    if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
+        goto err;
+
+    ok = 1;
+err:
+    if (ok)
+        WPACKET_finish(&wpkt);
+    else
+        WPACKET_cleanup(&wpkt);
+    return ok;
+}
+
+static const struct script_op script_42[] = {
+    OP_S_SET_INJECT_PLAIN   (script_42_inject_plain)
+    OP_C_SET_ALPN           ("ossltest")
+    OP_C_CONNECT_WAIT       ()
+    OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
+
+    OP_C_NEW_STREAM_BIDI    (a, C_BIDI_ID(0))
+    OP_C_WRITE              (a, "apple", 5)
+
+    OP_S_BIND_STREAM_ID     (a, C_BIDI_ID(0))
+    OP_S_READ_EXPECT        (a, "apple", 5)
+
+    OP_SET_INJECT_WORD      (1, 0)
+    OP_S_WRITE              (a, "orange", 6)
+
+    OP_C_EXPECT_CONN_CLOSE_INFO(QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
+
+    OP_END
+};
+
 static const struct script_op *const scripts[] = {
     script_1,
     script_2,
@@ -3068,6 +3127,7 @@ static const struct script_op *const scripts[] = {
     script_39,
     script_40,
     script_41,
+    script_42,
 };
 
 static int test_script(int idx)