From: Nikos Mavrogiannopoulos Date: Wed, 1 Mar 2017 06:58:04 +0000 (+0100) Subject: tests: added test cases with invalid openpgp certs X-Git-Tag: gnutls_3_6_0~929 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d8b2117106fafef83f253aa0e1d7ff46735e6a5e;p=thirdparty%2Fgnutls.git tests: added test cases with invalid openpgp certs These certificates contain invalid secret key sub-packets. These trigger invalid memory accesses: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 Signed-off-by: Nikos Mavrogiannopoulos --- diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 2578559402..87b4b50418 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -65,7 +65,8 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/openpgp-invalid1.pub data/openpgp-invalid2.pub data/openpgp-invalid3.pub \ data/x509-v1-with-sid.pem data/x509-v1-with-iid.pem data/x509-v3-with-fractional-time.pem \ data/openpgp-invalid5.pub data/openpgp-invalid6.pub templates/template-long-dns.tmpl \ - data/long-dns.pem data/template-long-dns-crq.pem + data/long-dns.pem data/template-long-dns-crq.pem data/openpgp-invalid7.pub \ + data/openpgp-invalid8.pub dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ diff --git a/tests/cert-tests/data/openpgp-invalid7.pub b/tests/cert-tests/data/openpgp-invalid7.pub new file mode 100644 index 0000000000..f808f49c0c Binary files /dev/null and b/tests/cert-tests/data/openpgp-invalid7.pub differ diff --git a/tests/cert-tests/data/openpgp-invalid8.pub b/tests/cert-tests/data/openpgp-invalid8.pub new file mode 100644 index 0000000000..3ee82dab01 Binary files /dev/null and b/tests/cert-tests/data/openpgp-invalid8.pub differ diff --git a/tests/cert-tests/openpgp-cert-parser b/tests/cert-tests/openpgp-cert-parser index 1039cf136e..7f22271077 100755 --- a/tests/cert-tests/openpgp-cert-parser +++ b/tests/cert-tests/openpgp-cert-parser @@ -42,7 +42,7 @@ echo "Checking OpenPGP certificate parsing" for i in "truncated.pub" "attribute-leak-1.pub" "subpkt-leak.pub" "openpgp-invalid1.pub" \ "openpgp-invalid2.pub" "openpgp-invalid3.pub" "openpgp-invalid4.pub" "openpgp-invalid5.pub" \ - "openpgp-invalid6.pub";do + "openpgp-invalid6.pub" "openpgp-invalid7.pub" "openpgp-invalid8.pub";do ${VALGRIND} "${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/data/${i}" rc=$? if test $rc != 1;then