crypto/external/bsd/heimdal/dist/lib/asn1/check-common.c

   1 /*      $NetBSD: check-common.c,v 1.1.1.2 2014/04/24 12:45:28 pettai Exp $      */
   2
   3 /*
   4  * Copyright (c) 1999 - 2006 Kungliga Tekniska Högskolan
   5  * (Royal Institute of Technology, Stockholm, Sweden).
   6  * All rights reserved.
   7  *
   8  * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
   9  *
  10  * Redistribution and use in source and binary forms, with or without
  11  * modification, are permitted provided that the following conditions
  12  * are met:
  13  *
  14  * 1. Redistributions of source code must retain the above copyright
  15  *    notice, this list of conditions and the following disclaimer.
  16  *
  17  * 2. Redistributions in binary form must reproduce the above copyright
  18  *    notice, this list of conditions and the following disclaimer in the
  19  *    documentation and/or other materials provided with the distribution.
  20  *
  21  * 3. Neither the name of the Institute nor the names of its contributors
  22  *    may be used to endorse or promote products derived from this software
  23  *    without specific prior written permission.
  24  *
  25  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  26  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  27  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  28  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  29  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  30  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  31  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  32  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  33  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  34  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  35  * SUCH DAMAGE.
  36  */
  37
  38 #ifdef HAVE_CONFIG_H
  39 #include <config.h>
  40 #endif
  41 #ifdef HAVE_SYS_MMAN_H
  42 #include <sys/mman.h>
  43 #endif
  44 #include <stdio.h>
  45 #include <string.h>
  46 #include <err.h>
  47 #include <krb5/roken.h>
  48
  49 #include <krb5/asn1-common.h>
  50 #include "check-common.h"
  51
  52 __RCSID("NetBSD");
  53
  54 struct map_page {
  55     void *start;
  56     size_t size;
  57     void *data_start;
  58     size_t data_size;
  59     enum map_type type;
  60 };
  61
  62 /* #undef HAVE_MMAP */
  63
  64 void *
  65 map_alloc(enum map_type type, const void *buf,
  66           size_t size, struct map_page **map)
  67 {
  68 #ifndef HAVE_MMAP
  69     unsigned char *p;
  70     size_t len = size + sizeof(long) * 2;
  71     int i;
  72
  73     *map = ecalloc(1, sizeof(**map));
  74
  75     p = emalloc(len);
  76     (*map)->type = type;
  77     (*map)->start = p;
  78     (*map)->size = len;
  79     (*map)->data_start = p + sizeof(long);
  80     for (i = sizeof(long); i > 0; i--)
  81         p[sizeof(long) - i] = 0xff - i;
  82     for (i = sizeof(long); i > 0; i--)
  83         p[len - i] = 0xff - i;
  84 #else
  85     unsigned char *p;
  86     int flags, ret, fd;
  87     size_t pagesize = getpagesize();
  88
  89     *map = ecalloc(1, sizeof(**map));
  90
  91     (*map)->type = type;
  92
  93 #ifdef MAP_ANON
  94     flags = MAP_ANON;
  95     fd = -1;
  96 #else
  97     flags = 0;
  98     fd = open ("/dev/zero", O_RDONLY);
  99     if(fd < 0)
 100         err (1, "open /dev/zero");
 101 #endif
 102     flags |= MAP_PRIVATE;
 103
 104     (*map)->size = size + pagesize - (size % pagesize) + pagesize * 2;
 105
 106     p = (unsigned char *)mmap(0, (*map)->size, PROT_READ | PROT_WRITE,
 107                               flags, fd, 0);
 108     if (p == (unsigned char *)MAP_FAILED)
 109         err (1, "mmap");
 110
 111     (*map)->start = p;
 112
 113     ret = mprotect (p, pagesize, 0);
 114     if (ret < 0)
 115         err (1, "mprotect");
 116
 117     ret = mprotect (p + (*map)->size - pagesize, pagesize, 0);
 118     if (ret < 0)
 119         err (1, "mprotect");
 120
 121     switch (type) {
 122     case OVERRUN:
 123         (*map)->data_start = p + (*map)->size - pagesize - size;
 124         break;
 125     case UNDERRUN:
 126         (*map)->data_start = p + pagesize;
 127         break;
 128    default:
 129         abort();
 130     }
 131 #endif
 132     (*map)->data_size = size;
 133     if (buf)
 134         memcpy((*map)->data_start, buf, size);
 135     return (*map)->data_start;
 136 }
 137
 138 void
 139 map_free(struct map_page *map, const char *test_name, const char *map_name)
 140 {
 141 #ifndef HAVE_MMAP
 142     unsigned char *p = map->start;
 143     int i;
 144
 145     for (i = sizeof(long); i > 0; i--)
 146         if (p[sizeof(long) - i] != 0xff - i)
 147             errx(1, "%s: %s underrun %d\n", test_name, map_name, i);
 148     for (i = sizeof(long); i > 0; i--)
 149         if (p[map->size - i] != 0xff - i)
 150             errx(1, "%s: %s overrun %lu\n", test_name, map_name,
 151                  (unsigned long)map->size - i);
 152     free(map->start);
 153 #else
 154     int ret;
 155
 156     ret = munmap (map->start, map->size);
 157     if (ret < 0)
 158         err (1, "munmap");
 159 #endif
 160     free(map);
 161 }
 162
 163 static void
 164 print_bytes (unsigned const char *buf, size_t len)
 165 {
 166     int i;
 167
 168     for (i = 0; i < len; ++i)
 169         printf ("%02x ", buf[i]);
 170 }
 171
 172 #ifndef MAP_FAILED
 173 #define MAP_FAILED (-1)
 174 #endif
 175
 176 static char *current_test = "<uninit>";
 177 static char *current_state = "<uninit>";
 178
 179 static RETSIGTYPE
 180 segv_handler(int sig)
 181 {
 182     int fd;
 183     char msg[] = "SIGSEGV i current test: ";
 184
 185     fd = open("/dev/stdout", O_WRONLY, 0600);
 186     if (fd >= 0) {
 187         write(fd, msg, sizeof(msg));
 188         write(fd, current_test, strlen(current_test));
 189         write(fd, " ", 1);
 190         write(fd, current_state, strlen(current_state));
 191         write(fd, "\n", 1);
 192         close(fd);
 193     }
 194     _exit(1);
 195 }
 196
 197 int
 198 generic_test (const struct test_case *tests,
 199               unsigned ntests,
 200               size_t data_size,
 201               int (ASN1CALL *encode)(unsigned char *, size_t, void *, size_t *),
 202               int (ASN1CALL *length)(void *),
 203               int (ASN1CALL *decode)(unsigned char *, size_t, void *, size_t *),
 204               int (ASN1CALL *free_data)(void *),
 205               int (*cmp)(void *a, void *b),
 206               int (ASN1CALL *copy)(const void *from, void *to))
 207 {
 208     unsigned char *buf, *buf2;
 209     int i;
 210     int failures = 0;
 211     void *data;
 212     struct map_page *data_map, *buf_map, *buf2_map;
 213
 214 #ifdef HAVE_SIGACTION
 215     struct sigaction sa, osa;
 216 #endif
 217
 218     for (i = 0; i < ntests; ++i) {
 219         int ret;
 220         size_t sz, consumed_sz, length_sz, buf_sz;
 221         void *to = NULL;
 222
 223         current_test = tests[i].name;
 224
 225         current_state = "init";
 226
 227 #ifdef HAVE_SIGACTION
 228         sigemptyset (&sa.sa_mask);
 229         sa.sa_flags = 0;
 230 #ifdef SA_RESETHAND
 231         sa.sa_flags |= SA_RESETHAND;
 232 #endif
 233         sa.sa_handler = segv_handler;
 234         sigaction (SIGSEGV, &sa, &osa);
 235 #endif
 236
 237         data = map_alloc(OVERRUN, NULL, data_size, &data_map);
 238
 239         buf_sz = tests[i].byte_len;
 240         buf = map_alloc(UNDERRUN, NULL, buf_sz, &buf_map);
 241
 242         current_state = "encode";
 243         ret = (*encode) (buf + buf_sz - 1, buf_sz,
 244                          tests[i].val, &sz);
 245         if (ret != 0) {
 246             printf ("encoding of %s failed %d\n", tests[i].name, ret);
 247             ++failures;
 248             continue;
 249         }
 250         if (sz != tests[i].byte_len) {
 251             printf ("encoding of %s has wrong len (%lu != %lu)\n",
 252                     tests[i].name,
 253                     (unsigned long)sz, (unsigned long)tests[i].byte_len);
 254             ++failures;
 255             continue;
 256         }
 257
 258         current_state = "length";
 259         length_sz = (*length) (tests[i].val);
 260         if (sz != length_sz) {
 261             printf ("length for %s is bad (%lu != %lu)\n",
 262                     tests[i].name, (unsigned long)length_sz, (unsigned long)sz);
 263             ++failures;
 264             continue;
 265         }
 266
 267         current_state = "memcmp";
 268         if (memcmp (buf, tests[i].bytes, tests[i].byte_len) != 0) {
 269             printf ("encoding of %s has bad bytes:\n"
 270                     "correct: ", tests[i].name);
 271             print_bytes ((unsigned char *)tests[i].bytes, tests[i].byte_len);
 272             printf ("\nactual:  ");
 273             print_bytes (buf, sz);
 274             printf ("\n");
 275 #if 0
 276             rk_dumpdata("correct", tests[i].bytes, tests[i].byte_len);
 277             rk_dumpdata("actual", buf, sz);
 278             exit (1);
 279 #endif
 280             ++failures;
 281             continue;
 282         }
 283
 284         buf2 = map_alloc(OVERRUN, buf, sz, &buf2_map);
 285
 286         current_state = "decode";
 287         ret = (*decode) (buf2, sz, data, &consumed_sz);
 288         if (ret != 0) {
 289             printf ("decoding of %s failed %d\n", tests[i].name, ret);
 290             ++failures;
 291             continue;
 292         }
 293         if (sz != consumed_sz) {
 294             printf ("different length decoding %s (%ld != %ld)\n",
 295                     tests[i].name,
 296                     (unsigned long)sz, (unsigned long)consumed_sz);
 297             ++failures;
 298             continue;
 299         }
 300         current_state = "cmp";
 301         if ((*cmp)(data, tests[i].val) != 0) {
 302             printf ("%s: comparison failed\n", tests[i].name);
 303             ++failures;
 304             continue;
 305         }
 306
 307         current_state = "copy";
 308         if (copy) {
 309             to = emalloc(data_size);
 310             ret = (*copy)(data, to);
 311             if (ret != 0) {
 312                 printf ("copy of %s failed %d\n", tests[i].name, ret);
 313                 ++failures;
 314                 continue;
 315             }
 316
 317             current_state = "cmp-copy";
 318             if ((*cmp)(data, to) != 0) {
 319                 printf ("%s: copy comparison failed\n", tests[i].name);
 320                 ++failures;
 321                 continue;
 322             }
 323         }
 324
 325         current_state = "free";
 326         if (free_data) {
 327             (*free_data)(data);
 328             if (to) {
 329                 (*free_data)(to);
 330                 free(to);
 331             }
 332         }
 333
 334         current_state = "free";
 335         map_free(buf_map, tests[i].name, "encode");
 336         map_free(buf2_map, tests[i].name, "decode");
 337         map_free(data_map, tests[i].name, "data");
 338
 339 #ifdef HAVE_SIGACTION
 340         sigaction (SIGSEGV, &osa, NULL);
 341 #endif
 342     }
 343     current_state = "done";
 344     return failures;
 345 }
 346
 347 /*
 348  * check for failures
 349  *
 350  * a test size (byte_len) of -1 means that the test tries to trigger a
 351  * integer overflow (and later a malloc of to little memory), just
 352  * allocate some memory and hope that is enough for that test.
 353  */
 354
 355 int
 356 generic_decode_fail (const struct test_case *tests,
 357                      unsigned ntests,
 358                      size_t data_size,
 359                      int (ASN1CALL *decode)(unsigned char *, size_t, void *, size_t *))
 360 {
 361     unsigned char *buf;
 362     int i;
 363     int failures = 0;
 364     void *data;
 365     struct map_page *data_map, *buf_map;
 366
 367 #ifdef HAVE_SIGACTION
 368     struct sigaction sa, osa;
 369 #endif
 370
 371     for (i = 0; i < ntests; ++i) {
 372         int ret;
 373         size_t sz;
 374         const void *bytes;
 375
 376         current_test = tests[i].name;
 377
 378         current_state = "init";
 379
 380 #ifdef HAVE_SIGACTION
 381         sigemptyset (&sa.sa_mask);
 382         sa.sa_flags = 0;
 383 #ifdef SA_RESETHAND
 384         sa.sa_flags |= SA_RESETHAND;
 385 #endif
 386         sa.sa_handler = segv_handler;
 387         sigaction (SIGSEGV, &sa, &osa);
 388 #endif
 389
 390         data = map_alloc(OVERRUN, NULL, data_size, &data_map);
 391
 392         if (tests[i].byte_len < 0xffffff && tests[i].byte_len >= 0) {
 393             sz = tests[i].byte_len;
 394             bytes = tests[i].bytes;
 395         } else {
 396             sz = 4096;
 397             bytes = NULL;
 398         }
 399
 400         buf = map_alloc(OVERRUN, bytes, sz, &buf_map);
 401
 402         if (tests[i].byte_len == -1)
 403             memset(buf, 0, sz);
 404
 405         current_state = "decode";
 406         ret = (*decode) (buf, tests[i].byte_len, data, &sz);
 407         if (ret == 0) {
 408             printf ("sucessfully decoded %s\n", tests[i].name);
 409             ++failures;
 410             continue;
 411         }
 412
 413         current_state = "free";
 414         if (buf)
 415             map_free(buf_map, tests[i].name, "encode");
 416         map_free(data_map, tests[i].name, "data");
 417
 418 #ifdef HAVE_SIGACTION
 419         sigaction (SIGSEGV, &osa, NULL);
 420 #endif
 421     }
 422     current_state = "done";
 423     return failures;
 424 }