curl/tests/unit/unit1655.c

/***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 2019 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
#include "curlcheck.h"

#include "doh.h" /* from the lib dir */

static CURLcode unit_setup(void)
{
  /* whatever you want done first */
  return CURLE_OK;
}

static void unit_stop(void)
{
    /* done before shutting down and exiting */
}

#ifndef CURL_DISABLE_DOH

UNITTEST_START

/*
 * Prove detection of write overflow using a short buffer and a name
 * of maximal valid length.
 *
 * Prove detection of other invalid input.
 */
do {
  const char *max =
    /* ..|....1.........2.........3.........4.........5.........6... */
    /* 3456789012345678901234567890123456789012345678901234567890123 */
    "this.is.a.maximum-length.hostname."                  /* 34:  34 */
    "with-no-label-of-greater-length-than-the-sixty-three-characters."
                                                          /* 64:  98 */
    "specified.in.the.RFCs."                              /* 22: 120 */
    "and.with.a.QNAME.encoding.whose.length.is.exactly."  /* 50: 170 */
    "the.maximum.length.allowed."                         /* 27: 197 */
    "that.is.two-hundred.and.fifty-six."                  /* 34: 231 */
    "including.the.last.null."                            /* 24: 255 */
    "";
  const char *toolong =
    /* ..|....1.........2.........3.........4.........5.........6... */
    /* 3456789012345678901234567890123456789012345678901234567890123 */
    "here.is.a.hostname.which.is.just.barely.too.long."   /* 49:  49 */
    "to.be.encoded.as.a.QNAME.of.the.maximum.allowed.length."
                                                          /* 55: 104 */
    "which.is.256.including.a.final.zero-length.label."   /* 49: 153 */
    "representing.the.root.node.so.that.a.name.with."     /* 47: 200 */
    "a.trailing.dot.may.have.up.to."                      /* 30: 230 */
    "255.characters.never.more."                          /* 26: 256 */
    "";
  const char *emptylabel =
    "this.is.an.otherwise-valid.hostname."
    ".with.an.empty.label.";
  const char *outsizelabel =
    "this.is.an.otherwise-valid.hostname."
    "with-a-label-of-greater-length-than-the-sixty-three-characters-"
    "specified.in.the.RFCs.";
  int i;

  struct test {
    const char *name;
    const DOHcode expected_result;
  };

  /* plays the role of struct dnsprobe in urldata.h */
  struct demo {
    unsigned char dohbuffer[255 + 16]; /* deliberately short buffer */
    unsigned char canary1;
    unsigned char canary2;
    unsigned char canary3;
  };

  const struct test playlist[4] = {
    { toolong, DOH_DNS_NAME_TOO_LONG },  /* expect early failure */
    { emptylabel, DOH_DNS_BAD_LABEL },   /* also */
    { outsizelabel, DOH_DNS_BAD_LABEL }, /* also */
    { max, DOH_OK }                      /* expect buffer overwrite */
  };

  for(i = 0; i < (int)(sizeof(playlist)/sizeof(*playlist)); i++) {
    const char *name = playlist[i].name;
    size_t olen = 100000;
    struct demo victim;
    DOHcode d;

    victim.canary1 = 87; /* magic numbers, arbritrarily picked */
    victim.canary2 = 35;
    victim.canary3 = 41;
    d = doh_encode(name, DNS_TYPE_A, victim.dohbuffer,
                   sizeof(struct demo), /* allow room for overflow */
                   &olen);

    fail_unless(d == playlist[i].expected_result,
                "result returned was not as expected");
    if(d == playlist[i].expected_result) {
      if(name == max) {
        fail_if(victim.canary1 == 87,
                "demo one-byte buffer overwrite did not happen");
      }
      else {
        fail_unless(victim.canary1 == 87,
                    "one-byte buffer overwrite has happened");
      }
      fail_unless(victim.canary2 == 35,
                  "two-byte buffer overwrite has happened");
      fail_unless(victim.canary3 == 41,
                  "three-byte buffer overwrite has happened");
    }
    else {
      if(d == DOH_OK) {
        fail_unless(olen <= sizeof(victim.dohbuffer), "wrote outside bounds");
        fail_unless(olen > strlen(name), "unrealistic low size");
      }
    }
  }
} while(0);

/* run normal cases and try to trigger buffer length related errors */
do {
  DNStype dnstype = DNS_TYPE_A;
  unsigned char buffer[128];
  const size_t buflen = sizeof(buffer);
  const size_t magic1 = 9765;
  size_t olen1 = magic1;
  const char *sunshine1 = "a.com";
  const char *dotshine1 = "a.com.";
  const char *sunshine2 = "aa.com";
  size_t olen2;
  DOHcode ret2;
  size_t olen;

  DOHcode ret = doh_encode(sunshine1, dnstype, buffer, buflen, &olen1);
  fail_unless(ret == DOH_OK, "sunshine case 1 should pass fine");
  fail_if(olen1 == magic1, "olen has not been assigned properly");
  fail_unless(olen1 > strlen(sunshine1), "bad out length");

  /* with a trailing dot, the response should have the same length */
  olen2 = magic1;
  ret2 = doh_encode(dotshine1, dnstype, buffer, buflen, &olen2);
  fail_unless(ret2 == DOH_OK, "dotshine case should pass fine");
  fail_if(olen2 == magic1, "olen has not been assigned properly");
  fail_unless(olen1 == olen2, "olen should not grow for a trailing dot");

  /* add one letter, the response should be one longer */
  olen2 = magic1;
  ret2 = doh_encode(sunshine2, dnstype, buffer, buflen, &olen2);
  fail_unless(ret2 == DOH_OK, "sunshine case 2 should pass fine");
  fail_if(olen2 == magic1, "olen has not been assigned properly");
  fail_unless(olen1 + 1 == olen2, "olen should grow with the hostname");

  /* pass a short buffer, should fail */
  ret = doh_encode(sunshine1, dnstype, buffer, olen1 - 1, &olen);
  fail_if(ret == DOH_OK, "short buffer should have been noticed");

  /* pass a minimum buffer, should succeed */
  ret = doh_encode(sunshine1, dnstype, buffer, olen1, &olen);
  fail_unless(ret == DOH_OK, "minimal length buffer should be long enough");
  fail_unless(olen == olen1, "bad buffer length");
} while(0);
UNITTEST_STOP

#else /* CURL_DISABLE_DOH */

UNITTEST_START
{
  return 1; /* nothing to do, just fail */
}
UNITTEST_STOP

#endif
doh: fix (harmless) buffer overrun Added unit test case 1655 to verify. Close #4352 the code correctly finds the flaws in the old code, if one temporarily restores doh.c to the old version. 2019-09-13 21:16:09 -04:00			`/***************************************************************************`
			`* _ _ ____ _`
			`* Project ___\| \| \| \| _ \\| \|`
			`* / __\| \| \| \| \|_) \| \|`
			`* \| (__\| \|_\| \| _ <\| \|___`
			`* \___\|\___/\|_\| \_\_____\|`
			`*`
src: Remove C99 constructs to ensure C89 compliance This fixes the error: 'for' loop initial declaration used outside C99 mode by declaring the loop increment variable in the beginning of the block instead of inside the for loop. Fixes #5254 Reviewed-by: Daniel Gustafsson <daniel@yesql.se> 2020-04-17 10:53:40 -04:00			`* Copyright (C) 2019 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.`
doh: fix (harmless) buffer overrun Added unit test case 1655 to verify. Close #4352 the code correctly finds the flaws in the old code, if one temporarily restores doh.c to the old version. 2019-09-13 21:16:09 -04:00			`*`
			`* This software is licensed as described in the file COPYING, which`
			`* you should have received as part of this distribution. The terms`
			`* are also available at https://curl.haxx.se/docs/copyright.html.`
			`*`
			`* You may opt to use, copy, modify, merge, publish, distribute and/or sell`
			`* copies of the Software, and permit persons to whom the Software is`
			`* furnished to do so, under the terms of the COPYING file.`
			`*`
			`* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY`
			`* KIND, either express or implied.`
			`*`
			`***************************************************************************/`
			`#include "curlcheck.h"`

			`#include "doh.h" /* from the lib dir */`

			`static CURLcode unit_setup(void)`
			`{`
			`/* whatever you want done first */`
			`return CURLE_OK;`
			`}`

			`static void unit_stop(void)`
			`{`
			`/* done before shutting down and exiting */`
			`}`

tests: fix build with `CURL_DISABLE_DOH` Closes https://github.com/curl/curl/pull/4692 2019-12-09 05:42:26 -05:00			`#ifndef CURL_DISABLE_DOH`

doh: fix (harmless) buffer overrun Added unit test case 1655 to verify. Close #4352 the code correctly finds the flaws in the old code, if one temporarily restores doh.c to the old version. 2019-09-13 21:16:09 -04:00			`UNITTEST_START`

doh: improced both encoding and decoding Improved estimation of expected_len and updated related comments; increased strictness of QNAME-encoding, adding error detection for empty labels and names longer than the overall limit; avoided treating DNAME as unexpected; updated unit test 1655 with more thorough set of proofs and tests Closes #4598 2019-11-14 14:21:09 -05:00			`/*`
			`* Prove detection of write overflow using a short buffer and a name`
			`* of maximal valid length.`
			`*`
			`* Prove detection of other invalid input.`
doh: fix (harmless) buffer overrun Added unit test case 1655 to verify. Close #4352 the code correctly finds the flaws in the old code, if one temporarily restores doh.c to the old version. 2019-09-13 21:16:09 -04:00			`*/`
			`do {`
doh: improced both encoding and decoding Improved estimation of expected_len and updated related comments; increased strictness of QNAME-encoding, adding error detection for empty labels and names longer than the overall limit; avoided treating DNAME as unexpected; updated unit test 1655 with more thorough set of proofs and tests Closes #4598 2019-11-14 14:21:09 -05:00			`const char *max =`
			`/* ..\|....1.........2.........3.........4.........5.........6... */`
			`/* 3456789012345678901234567890123456789012345678901234567890123 */`
			`"this.is.a.maximum-length.hostname." /* 34: 34 */`
			`"with-no-label-of-greater-length-than-the-sixty-three-characters."`
			`/* 64: 98 */`
			`"specified.in.the.RFCs." /* 22: 120 */`
			`"and.with.a.QNAME.encoding.whose.length.is.exactly." /* 50: 170 */`
			`"the.maximum.length.allowed." /* 27: 197 */`
			`"that.is.two-hundred.and.fifty-six." /* 34: 231 */`
			`"including.the.last.null." /* 24: 255 */`
			`"";`
			`const char *toolong =`
			`/* ..\|....1.........2.........3.........4.........5.........6... */`
			`/* 3456789012345678901234567890123456789012345678901234567890123 */`
			`"here.is.a.hostname.which.is.just.barely.too.long." /* 49: 49 */`
			`"to.be.encoded.as.a.QNAME.of.the.maximum.allowed.length."`
			`/* 55: 104 */`
			`"which.is.256.including.a.final.zero-length.label." /* 49: 153 */`
			`"representing.the.root.node.so.that.a.name.with." /* 47: 200 */`
			`"a.trailing.dot.may.have.up.to." /* 30: 230 */`
			`"255.characters.never.more." /* 26: 256 */`
			`"";`
			`const char *emptylabel =`
			`"this.is.an.otherwise-valid.hostname."`
			`".with.an.empty.label.";`
			`const char *outsizelabel =`
			`"this.is.an.otherwise-valid.hostname."`
			`"with-a-label-of-greater-length-than-the-sixty-three-characters-"`
			`"specified.in.the.RFCs.";`
src: Remove C99 constructs to ensure C89 compliance This fixes the error: 'for' loop initial declaration used outside C99 mode by declaring the loop increment variable in the beginning of the block instead of inside the for loop. Fixes #5254 Reviewed-by: Daniel Gustafsson <daniel@yesql.se> 2020-04-17 10:53:40 -04:00			`int i;`
doh: improced both encoding and decoding Improved estimation of expected_len and updated related comments; increased strictness of QNAME-encoding, adding error detection for empty labels and names longer than the overall limit; avoided treating DNAME as unexpected; updated unit test 1655 with more thorough set of proofs and tests Closes #4598 2019-11-14 14:21:09 -05:00
			`struct test {`
			`const char *name;`
			`const DOHcode expected_result;`
			`};`
doh: fix (harmless) buffer overrun Added unit test case 1655 to verify. Close #4352 the code correctly finds the flaws in the old code, if one temporarily restores doh.c to the old version. 2019-09-13 21:16:09 -04:00
unit1655: make it C90 compliant Unclear why this was not detected in the CI. Follow-up to b7666027296a 2019-09-16 08:30:44 -04:00			`/* plays the role of struct dnsprobe in urldata.h */`
			`struct demo {`
doh: improced both encoding and decoding Improved estimation of expected_len and updated related comments; increased strictness of QNAME-encoding, adding error detection for empty labels and names longer than the overall limit; avoided treating DNAME as unexpected; updated unit test 1655 with more thorough set of proofs and tests Closes #4598 2019-11-14 14:21:09 -05:00			`unsigned char dohbuffer[255 + 16]; /* deliberately short buffer */`
doh: fix (harmless) buffer overrun Added unit test case 1655 to verify. Close #4352 the code correctly finds the flaws in the old code, if one temporarily restores doh.c to the old version. 2019-09-13 21:16:09 -04:00			`unsigned char canary1;`
			`unsigned char canary2;`
			`unsigned char canary3;`
unit1655: make it C90 compliant Unclear why this was not detected in the CI. Follow-up to b7666027296a 2019-09-16 08:30:44 -04:00			`};`
doh: fix (harmless) buffer overrun Added unit test case 1655 to verify. Close #4352 the code correctly finds the flaws in the old code, if one temporarily restores doh.c to the old version. 2019-09-13 21:16:09 -04:00
doh: improced both encoding and decoding Improved estimation of expected_len and updated related comments; increased strictness of QNAME-encoding, adding error detection for empty labels and names longer than the overall limit; avoided treating DNAME as unexpected; updated unit test 1655 with more thorough set of proofs and tests Closes #4598 2019-11-14 14:21:09 -05:00			`const struct test playlist[4] = {`
			`{ toolong, DOH_DNS_NAME_TOO_LONG }, /* expect early failure */`
			`{ emptylabel, DOH_DNS_BAD_LABEL }, /* also */`
			`{ outsizelabel, DOH_DNS_BAD_LABEL }, /* also */`
			`{ max, DOH_OK } /* expect buffer overwrite */`
			`};`

src: Remove C99 constructs to ensure C89 compliance This fixes the error: 'for' loop initial declaration used outside C99 mode by declaring the loop increment variable in the beginning of the block instead of inside the for loop. Fixes #5254 Reviewed-by: Daniel Gustafsson <daniel@yesql.se> 2020-04-17 10:53:40 -04:00			`for(i = 0; i < (int)(sizeof(playlist)/sizeof(*playlist)); i++) {`
doh: improced both encoding and decoding Improved estimation of expected_len and updated related comments; increased strictness of QNAME-encoding, adding error detection for empty labels and names longer than the overall limit; avoided treating DNAME as unexpected; updated unit test 1655 with more thorough set of proofs and tests Closes #4598 2019-11-14 14:21:09 -05:00			`const char *name = playlist[i].name;`
			`size_t olen = 100000;`
			`struct demo victim;`
			`DOHcode d;`

			`victim.canary1 = 87; /* magic numbers, arbritrarily picked */`
			`victim.canary2 = 35;`
			`victim.canary3 = 41;`
			`d = doh_encode(name, DNS_TYPE_A, victim.dohbuffer,`
			`sizeof(struct demo), /* allow room for overflow */`
			`&olen);`

			`fail_unless(d == playlist[i].expected_result,`
			`"result returned was not as expected");`
			`if(d == playlist[i].expected_result) {`
			`if(name == max) {`
			`fail_if(victim.canary1 == 87,`
			`"demo one-byte buffer overwrite did not happen");`
			`}`
			`else {`
			`fail_unless(victim.canary1 == 87,`
			`"one-byte buffer overwrite has happened");`
			`}`
			`fail_unless(victim.canary2 == 35,`
			`"two-byte buffer overwrite has happened");`
			`fail_unless(victim.canary3 == 41,`
			`"three-byte buffer overwrite has happened");`
			`}`
			`else {`
			`if(d == DOH_OK) {`
			`fail_unless(olen <= sizeof(victim.dohbuffer), "wrote outside bounds");`
			`fail_unless(olen > strlen(name), "unrealistic low size");`
			`}`
			`}`
unit1655: make it C90 compliant Unclear why this was not detected in the CI. Follow-up to b7666027296a 2019-09-16 08:30:44 -04:00			`}`
doh: fix (harmless) buffer overrun Added unit test case 1655 to verify. Close #4352 the code correctly finds the flaws in the old code, if one temporarily restores doh.c to the old version. 2019-09-13 21:16:09 -04:00			`} while(0);`

			`/* run normal cases and try to trigger buffer length related errors */`
			`do {`
unit1655: make it C90 compliant Unclear why this was not detected in the CI. Follow-up to b7666027296a 2019-09-16 08:30:44 -04:00			`DNStype dnstype = DNS_TYPE_A;`
			`unsigned char buffer[128];`
			`const size_t buflen = sizeof(buffer);`
			`const size_t magic1 = 9765;`
			`size_t olen1 = magic1;`
			`const char *sunshine1 = "a.com";`
doh: improced both encoding and decoding Improved estimation of expected_len and updated related comments; increased strictness of QNAME-encoding, adding error detection for empty labels and names longer than the overall limit; avoided treating DNAME as unexpected; updated unit test 1655 with more thorough set of proofs and tests Closes #4598 2019-11-14 14:21:09 -05:00			`const char *dotshine1 = "a.com.";`
unit1655: make it C90 compliant Unclear why this was not detected in the CI. Follow-up to b7666027296a 2019-09-16 08:30:44 -04:00			`const char *sunshine2 = "aa.com";`
			`size_t olen2;`
			`DOHcode ret2;`
			`size_t olen;`
doh: fix (harmless) buffer overrun Added unit test case 1655 to verify. Close #4352 the code correctly finds the flaws in the old code, if one temporarily restores doh.c to the old version. 2019-09-13 21:16:09 -04:00
unit1655: make it C90 compliant Unclear why this was not detected in the CI. Follow-up to b7666027296a 2019-09-16 08:30:44 -04:00			`DOHcode ret = doh_encode(sunshine1, dnstype, buffer, buflen, &olen1);`
			`fail_unless(ret == DOH_OK, "sunshine case 1 should pass fine");`
			`fail_if(olen1 == magic1, "olen has not been assigned properly");`
			`fail_unless(olen1 > strlen(sunshine1), "bad out length");`
doh: fix (harmless) buffer overrun Added unit test case 1655 to verify. Close #4352 the code correctly finds the flaws in the old code, if one temporarily restores doh.c to the old version. 2019-09-13 21:16:09 -04:00
doh: improced both encoding and decoding Improved estimation of expected_len and updated related comments; increased strictness of QNAME-encoding, adding error detection for empty labels and names longer than the overall limit; avoided treating DNAME as unexpected; updated unit test 1655 with more thorough set of proofs and tests Closes #4598 2019-11-14 14:21:09 -05:00			`/* with a trailing dot, the response should have the same length */`
			`olen2 = magic1;`
			`ret2 = doh_encode(dotshine1, dnstype, buffer, buflen, &olen2);`
			`fail_unless(ret2 == DOH_OK, "dotshine case should pass fine");`
			`fail_if(olen2 == magic1, "olen has not been assigned properly");`
			`fail_unless(olen1 == olen2, "olen should not grow for a trailing dot");`

unit1655: make it C90 compliant Unclear why this was not detected in the CI. Follow-up to b7666027296a 2019-09-16 08:30:44 -04:00			`/* add one letter, the response should be one longer */`
			`olen2 = magic1;`
			`ret2 = doh_encode(sunshine2, dnstype, buffer, buflen, &olen2);`
			`fail_unless(ret2 == DOH_OK, "sunshine case 2 should pass fine");`
			`fail_if(olen2 == magic1, "olen has not been assigned properly");`
			`fail_unless(olen1 + 1 == olen2, "olen should grow with the hostname");`
doh: fix (harmless) buffer overrun Added unit test case 1655 to verify. Close #4352 the code correctly finds the flaws in the old code, if one temporarily restores doh.c to the old version. 2019-09-13 21:16:09 -04:00
unit1655: make it C90 compliant Unclear why this was not detected in the CI. Follow-up to b7666027296a 2019-09-16 08:30:44 -04:00			`/* pass a short buffer, should fail */`
			`ret = doh_encode(sunshine1, dnstype, buffer, olen1 - 1, &olen);`
			`fail_if(ret == DOH_OK, "short buffer should have been noticed");`
doh: fix (harmless) buffer overrun Added unit test case 1655 to verify. Close #4352 the code correctly finds the flaws in the old code, if one temporarily restores doh.c to the old version. 2019-09-13 21:16:09 -04:00
unit1655: make it C90 compliant Unclear why this was not detected in the CI. Follow-up to b7666027296a 2019-09-16 08:30:44 -04:00			`/* pass a minimum buffer, should succeed */`
			`ret = doh_encode(sunshine1, dnstype, buffer, olen1, &olen);`
			`fail_unless(ret == DOH_OK, "minimal length buffer should be long enough");`
			`fail_unless(olen == olen1, "bad buffer length");`
doh: fix (harmless) buffer overrun Added unit test case 1655 to verify. Close #4352 the code correctly finds the flaws in the old code, if one temporarily restores doh.c to the old version. 2019-09-13 21:16:09 -04:00			`} while(0);`
			`UNITTEST_STOP`
tests: fix build with `CURL_DISABLE_DOH` Closes https://github.com/curl/curl/pull/4692 2019-12-09 05:42:26 -05:00
			`#else /* CURL_DISABLE_DOH */`

			`UNITTEST_START`
			`{`
			`return 1; /* nothing to do, just fail */`
			`}`
			`UNITTEST_STOP`

			`#endif`