From c00a3e7b2670566c9a403e07a5a34df0fcda1811 Mon Sep 17 00:00:00 2001 From: Michael Rash Date: Thu, 12 Jun 2014 20:29:54 -0400 Subject: [PATCH] [test suite] additional fault injection tests --- lib/fko_util.c | 11 +++++++ test/tests/fault_injection.pl | 58 +++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) diff --git a/lib/fko_util.c b/lib/fko_util.c index c39bdbdb..0d5adb26 100644 --- a/lib/fko_util.c +++ b/lib/fko_util.c @@ -333,6 +333,9 @@ hmac_digest_inttostr(int digest, char* digest_str, size_t digest_size) int is_valid_pt_msg_len(const int len) { +#if HAVE_LIBFIU + fiu_return_on("is_valid_pt_msg_len_val", 0); +#endif if(len < MIN_SPA_PLAINTEXT_MSG_SIZE || len >= MAX_SPA_PLAINTEXT_MSG_SIZE) return(0); @@ -481,6 +484,10 @@ int zero_free(char *buf, int len) free(buf); +#if HAVE_LIBFIU + fiu_return_on("zero_free_err", FKO_ERROR_ZERO_OUT_DATA); +#endif + return res; } @@ -493,6 +500,10 @@ zero_buf(char *buf, int len) { int i, res = FKO_SUCCESS; +#if HAVE_LIBFIU + fiu_return_on("zero_buf_err", FKO_ERROR_ZERO_OUT_DATA); +#endif + if(buf == NULL || len == 0) return res; diff --git a/test/tests/fault_injection.pl b/test/tests/fault_injection.pl index b4c8aae9..b1b3e1e8 100644 --- a/test/tests/fault_injection.pl +++ b/test/tests/fault_injection.pl @@ -384,6 +384,34 @@ 'positive_output_matches' => [qr/FKO_ERROR_INVALID_DATA_MESSAGE_TYPE_VALIDFAIL/] }, + { + 'category' => 'fault injection', + 'subcategory' => 'client', + 'detail' => 'tag is_valid_pt_msg_len_val', + 'function' => \&fault_injection_tag, + 'cmdline' => "$default_client_hmac_args " . + "--fault-injection-tag is_valid_pt_msg_len_val", + 'positive_output_matches' => [qr/FKO_ERROR_INVALID_DATA_ENCRYPT_PTLEN_VALIDFAIL/] + }, + { + 'category' => 'fault injection', + 'subcategory' => 'client', + 'detail' => 'tag zero_buf_err', + 'function' => \&fault_injection_tag, + 'cmdline' => "$default_client_hmac_args " . + "--fault-injection-tag zero_buf_err", + 'positive_output_matches' => [qr/Could not zero out sensitive data/] + }, + { + 'category' => 'fault injection', + 'subcategory' => 'client', + 'detail' => 'tag zero_free_err', + 'function' => \&fault_injection_tag, + 'cmdline' => "$default_client_hmac_args " . + "--fault-injection-tag zero_free_err", + 'positive_output_matches' => [qr/Could not zero out sensitive data/] + }, + ### fwknopd injections ### username tags { @@ -765,6 +793,36 @@ 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, }, + ### zero out buffer tags + { + 'category' => 'fault injection', + 'subcategory' => 'server', + 'detail' => 'tag zero_free_err', + 'function' => \&fault_injection_tag, + 'no_ip_check' => 1, + 'client_pkt_tries' => 1, + 'cmdline' => $default_client_hmac_args, + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'hmac_access'} " . + "-d $default_digest_file -p $default_pid_file $intf_str " . + "--fault-injection-tag zero_free_err", + 'server_positive_output_matches' => [qr/Could not zero out sensitive data/], + 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, + }, + { + 'category' => 'fault injection', + 'subcategory' => 'server', + 'detail' => 'tag zero_buf_err', + 'function' => \&fault_injection_tag, + 'no_ip_check' => 1, + 'client_pkt_tries' => 1, + 'cmdline' => $default_client_hmac_args, + 'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'disable_aging'} -a $cf{'hmac_access'} " . + "-d $default_digest_file -p $default_pid_file $intf_str " . + "--fault-injection-tag zero_buf_err", + 'server_positive_output_matches' => [qr/Could not zero out sensitive data/], + 'fw_rule_created' => $REQUIRE_NO_NEW_RULE, + }, + ### fw_config_init { 'category' => 'fault injection',