From 78bc9e7403cb812103722384402006b33bc53e79 Mon Sep 17 00:00:00 2001
From: zoff99 <zoff@zoff.cc>
Date: Thu, 1 Nov 2018 19:09:06 +0100
Subject: Added test and patch for VLA stack overflow vuln.

Also added and used the new crypto_malloc and crypto_free.

The latter also zeroes out the memory safely. The former only exists for
symmetry (static analysis can detect asymmetric usages).
---
 auto_tests/encryptsave_test.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

(limited to 'auto_tests/encryptsave_test.c')

diff --git a/auto_tests/encryptsave_test.c b/auto_tests/encryptsave_test.c
index 906bf3f8..19574d16 100644
--- a/auto_tests/encryptsave_test.c
+++ b/auto_tests/encryptsave_test.c
@@ -142,7 +142,8 @@ static void test_keys(void)
     Tox_Err_Encryption encerr;
     Tox_Err_Decryption decerr;
     Tox_Err_Key_Derivation keyerr;
-    Tox_Pass_Key *key = tox_pass_key_derive((const uint8_t *)"123qweasdzxc", 12, &keyerr);
+    const uint8_t *key_char = (const uint8_t *)"123qweasdzxc";
+    Tox_Pass_Key *key = tox_pass_key_derive(key_char, 12, &keyerr);
     ck_assert_msg(key != nullptr, "generic failure 1: %d", keyerr);
     const uint8_t *string = (const uint8_t *)"No Patrick, mayonnaise is not an instrument."; // 44
 
@@ -150,8 +151,27 @@ static void test_keys(void)
     bool ret = tox_pass_key_encrypt(key, string, 44, encrypted, &encerr);
     ck_assert_msg(ret, "generic failure 2: %d", encerr);
 
+    // Testing how tox handles encryption of large messages.
+    int size_large = 30 * 1024 * 1024;
+    int ciphertext_length2a = size_large + TOX_PASS_ENCRYPTION_EXTRA_LENGTH;
+    int plaintext_length2a = size_large;
+    uint8_t *encrypted2a = (uint8_t *)malloc(ciphertext_length2a);
+    uint8_t *in_plaintext2a = (uint8_t *)malloc(plaintext_length2a);
+    ret = tox_pass_encrypt(in_plaintext2a, plaintext_length2a, key_char, 12, encrypted2a, &encerr);
+    ck_assert_msg(ret, "tox_pass_encrypt failure 2a: %d", encerr);
+
+    // Decryption of same message.
+    uint8_t *out_plaintext2a = (uint8_t *) malloc(plaintext_length2a);
+    ret = tox_pass_decrypt(encrypted2a, ciphertext_length2a, key_char, 12, out_plaintext2a, &decerr);
+    ck_assert_msg(ret, "tox_pass_decrypt failure 2a: %d", decerr);
+    ck_assert_msg(memcmp(in_plaintext2a, out_plaintext2a, plaintext_length2a) == 0, "Large message decryption failed");
+    free(encrypted2a);
+    free(in_plaintext2a);
+    free(out_plaintext2a);
+
+
     uint8_t encrypted2[44 + TOX_PASS_ENCRYPTION_EXTRA_LENGTH];
-    ret = tox_pass_encrypt(string, 44, (const uint8_t *)"123qweasdzxc", 12, encrypted2, &encerr);
+    ret = tox_pass_encrypt(string, 44, key_char, 12, encrypted2, &encerr);
     ck_assert_msg(ret, "generic failure 3: %d", encerr);
 
     uint8_t out1[44 + TOX_PASS_ENCRYPTION_EXTRA_LENGTH];
-- 
cgit v1.2.3