From f017b749ea9f1586d2308504553d40bf4cc5439d Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Tue, 6 Feb 2018 11:46:26 +0100 Subject: Update NSS to 3.32.1-RTM --- .../nss/gtests/der_gtest/der_quickder_unittest.cc | 84 ++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 security/nss/gtests/der_gtest/der_quickder_unittest.cc (limited to 'security/nss/gtests/der_gtest/der_quickder_unittest.cc') diff --git a/security/nss/gtests/der_gtest/der_quickder_unittest.cc b/security/nss/gtests/der_gtest/der_quickder_unittest.cc new file mode 100644 index 000000000..944117909 --- /dev/null +++ b/security/nss/gtests/der_gtest/der_quickder_unittest.cc @@ -0,0 +1,84 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include + +#include "gtest/gtest.h" +#include "scoped_ptrs_util.h" + +#include "nss.h" +#include "prerror.h" +#include "secasn1.h" +#include "secder.h" +#include "secerr.h" +#include "secitem.h" + +const SEC_ASN1Template mySEC_NullTemplate[] = { + {SEC_ASN1_NULL, 0, NULL, sizeof(SECItem)}}; + +namespace nss_test { + +class QuickDERTest : public ::testing::Test, + public ::testing::WithParamInterface {}; + +static const uint8_t kNullTag = 0x05; +static const uint8_t kLongLength = 0x80; + +// Length of zero wrongly encoded as 0x80 instead of 0x00. +static uint8_t kOverlongLength_0_0[] = {kNullTag, kLongLength | 0}; + +// Length of zero wrongly encoded as { 0x81, 0x00 } instead of 0x00. +static uint8_t kOverlongLength_1_0[] = {kNullTag, kLongLength | 1, 0x00}; + +// Length of zero wrongly encoded as: +// +// { 0x90, , +// 0x00, 0x00, 0x00, 0x00 } +// +// instead of 0x00. Note in particular that if there is an integer overflow +// then the arbitrary junk is likely get left-shifted away, as long as there +// are at least sizeof(length) bytes following it. This would be a good way to +// smuggle arbitrary input into DER-encoded data in a way that an non-careful +// parser would ignore. +static uint8_t kOverlongLength_16_0[] = {kNullTag, kLongLength | 0x10, + 0x11, 0x22, + 0x33, 0x44, + 0x55, 0x66, + 0x77, 0x88, + 0x99, 0xAA, + 0xBB, 0xCC, + 0x00, 0x00, + 0x00, 0x00}; + +static const SECItem kInvalidDER[] = { + {siBuffer, kOverlongLength_0_0, sizeof(kOverlongLength_0_0)}, + {siBuffer, kOverlongLength_1_0, sizeof(kOverlongLength_1_0)}, + {siBuffer, kOverlongLength_16_0, sizeof(kOverlongLength_16_0)}, +}; + +TEST_P(QuickDERTest, InvalidLengths) { + const SECItem& original_input(GetParam()); + + ScopedSECItem copy_of_input(SECITEM_AllocItem(nullptr, nullptr, 0U)); + ASSERT_TRUE(copy_of_input); + ASSERT_EQ(SECSuccess, + SECITEM_CopyItem(nullptr, copy_of_input.get(), &original_input)); + + PORTCheapArenaPool pool; + PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE); + ScopedSECItem parsed_value(SECITEM_AllocItem(nullptr, nullptr, 0U)); + ASSERT_TRUE(parsed_value); + ASSERT_EQ(SECFailure, + SEC_QuickDERDecodeItem(&pool.arena, parsed_value.get(), + mySEC_NullTemplate, copy_of_input.get())); + ASSERT_EQ(SEC_ERROR_BAD_DER, PR_GetError()); + PORT_DestroyCheapArena(&pool); +} + +INSTANTIATE_TEST_CASE_P(QuickderTestsInvalidLengths, QuickDERTest, + testing::ValuesIn(kInvalidDER)); + +} // namespace nss_test -- cgit v1.2.3