diff options
author | zoff99 <zoff@zoff.cc> | 2018-11-01 19:09:06 +0100 |
---|---|---|
committer | iphydf <iphydf@users.noreply.github.com> | 2019-01-03 11:13:27 +0000 |
commit | 78bc9e7403cb812103722384402006b33bc53e79 (patch) | |
tree | d2928c30e6583abc97426c24a72019ba3d325cb9 /auto_tests | |
parent | 72ef08597ece599f14165722191b5650ce5dcb3f (diff) |
Added test and patch for VLA stack overflow vuln.
Also added and used the new crypto_malloc and crypto_free.
The latter also zeroes out the memory safely. The former only exists for
symmetry (static analysis can detect asymmetric usages).
Diffstat (limited to 'auto_tests')
-rw-r--r-- | auto_tests/encryptsave_test.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/auto_tests/encryptsave_test.c b/auto_tests/encryptsave_test.c index 906bf3f8..19574d16 100644 --- a/auto_tests/encryptsave_test.c +++ b/auto_tests/encryptsave_test.c | |||
@@ -142,7 +142,8 @@ static void test_keys(void) | |||
142 | Tox_Err_Encryption encerr; | 142 | Tox_Err_Encryption encerr; |
143 | Tox_Err_Decryption decerr; | 143 | Tox_Err_Decryption decerr; |
144 | Tox_Err_Key_Derivation keyerr; | 144 | Tox_Err_Key_Derivation keyerr; |
145 | Tox_Pass_Key *key = tox_pass_key_derive((const uint8_t *)"123qweasdzxc", 12, &keyerr); | 145 | const uint8_t *key_char = (const uint8_t *)"123qweasdzxc"; |
146 | Tox_Pass_Key *key = tox_pass_key_derive(key_char, 12, &keyerr); | ||
146 | ck_assert_msg(key != nullptr, "generic failure 1: %d", keyerr); | 147 | ck_assert_msg(key != nullptr, "generic failure 1: %d", keyerr); |
147 | const uint8_t *string = (const uint8_t *)"No Patrick, mayonnaise is not an instrument."; // 44 | 148 | const uint8_t *string = (const uint8_t *)"No Patrick, mayonnaise is not an instrument."; // 44 |
148 | 149 | ||
@@ -150,8 +151,27 @@ static void test_keys(void) | |||
150 | bool ret = tox_pass_key_encrypt(key, string, 44, encrypted, &encerr); | 151 | bool ret = tox_pass_key_encrypt(key, string, 44, encrypted, &encerr); |
151 | ck_assert_msg(ret, "generic failure 2: %d", encerr); | 152 | ck_assert_msg(ret, "generic failure 2: %d", encerr); |
152 | 153 | ||
154 | // Testing how tox handles encryption of large messages. | ||
155 | int size_large = 30 * 1024 * 1024; | ||
156 | int ciphertext_length2a = size_large + TOX_PASS_ENCRYPTION_EXTRA_LENGTH; | ||
157 | int plaintext_length2a = size_large; | ||
158 | uint8_t *encrypted2a = (uint8_t *)malloc(ciphertext_length2a); | ||
159 | uint8_t *in_plaintext2a = (uint8_t *)malloc(plaintext_length2a); | ||
160 | ret = tox_pass_encrypt(in_plaintext2a, plaintext_length2a, key_char, 12, encrypted2a, &encerr); | ||
161 | ck_assert_msg(ret, "tox_pass_encrypt failure 2a: %d", encerr); | ||
162 | |||
163 | // Decryption of same message. | ||
164 | uint8_t *out_plaintext2a = (uint8_t *) malloc(plaintext_length2a); | ||
165 | ret = tox_pass_decrypt(encrypted2a, ciphertext_length2a, key_char, 12, out_plaintext2a, &decerr); | ||
166 | ck_assert_msg(ret, "tox_pass_decrypt failure 2a: %d", decerr); | ||
167 | ck_assert_msg(memcmp(in_plaintext2a, out_plaintext2a, plaintext_length2a) == 0, "Large message decryption failed"); | ||
168 | free(encrypted2a); | ||
169 | free(in_plaintext2a); | ||
170 | free(out_plaintext2a); | ||
171 | |||
172 | |||
153 | uint8_t encrypted2[44 + TOX_PASS_ENCRYPTION_EXTRA_LENGTH]; | 173 | uint8_t encrypted2[44 + TOX_PASS_ENCRYPTION_EXTRA_LENGTH]; |
154 | ret = tox_pass_encrypt(string, 44, (const uint8_t *)"123qweasdzxc", 12, encrypted2, &encerr); | 174 | ret = tox_pass_encrypt(string, 44, key_char, 12, encrypted2, &encerr); |
155 | ck_assert_msg(ret, "generic failure 3: %d", encerr); | 175 | ck_assert_msg(ret, "generic failure 3: %d", encerr); |
156 | 176 | ||
157 | uint8_t out1[44 + TOX_PASS_ENCRYPTION_EXTRA_LENGTH]; | 177 | uint8_t out1[44 + TOX_PASS_ENCRYPTION_EXTRA_LENGTH]; |