Commit Graph

1659 Commits

Author SHA1 Message Date
Michael Rash
389e55ddfc [test suite] consolidate valgrind success/failure criteria into a single function 2014-06-16 17:13:54 -04:00
Michael Rash
55a03f3392 [test suite] added suppressions to fko-wrapper/run_valgrind.sh 2014-06-16 17:12:59 -04:00
Michael Rash
4878607254 [libfko] removed fko_new_strdup() fault injection tag since fko_destroy() isn't called 2014-06-16 17:11:52 -04:00
Michael Rash
054793fd9e [server] check fiu_enable() return value in --fault-injection mode 2014-06-15 09:48:37 -04:00
Michael Rash
34f7ebd082 [test suite] added strtol_wrapper() fault injection tags 2014-06-15 09:41:43 -04:00
Michael Rash
42a20616b4 [libfko] additional fault injection additions with test suite support 2014-06-14 21:27:18 -04:00
Michael Rash
c00a3e7b26 [test suite] additional fault injection tests 2014-06-12 20:29:54 -04:00
Michael Rash
13ca6261b3 [test suite] minor update to not parse crash messages out of crash test output file 2014-06-12 20:29:24 -04:00
Michael Rash
06ce514111 [test suite] add several fault injection tests 2014-06-12 00:02:18 -04:00
Michael Rash
d8b2ae370a [test suite] always run crash check at the end of test run 2014-06-12 00:01:58 -04:00
Michael Rash
e02750e666 [server] skip firewall rules check in --test mode 2014-06-12 00:01:12 -04:00
Michael Rash
410624a858 [libfko] free() temp buffer right after strdup() call, add libfiu fault injection tags 2014-06-12 00:00:40 -04:00
Michael Rash
816962982f [server] clean up fko_destroy() calls in main access stanza loop 2014-06-11 23:59:08 -04:00
Michael Rash
b8ad48eaa9 [test suite] added fiu-run fault injection tests against the fwknopd server 2014-06-10 09:34:48 -04:00
Michael Rash
8d31de7295 [server] skip replay storage in --test mode (since we're not granting access anyway) 2014-06-10 09:32:17 -04:00
Michael Rash
70f70091b1 [server] skip fw initialization and cleanup in --test mode 2014-06-10 09:21:01 -04:00
Michael Rash
4ab677cfe0 [server] minor fwknopd --help output update 2014-06-09 20:40:44 -04:00
Michael Rash
ffde9c3f1a [libfko] bug fix to check strdup() return value
Using the 'fiu-run' fault injection binary, a couple of cases were
turned up with libfko does not properly check the strdup() return value.
This commit fixes these issues, and here is an illustration of the stack
trace for one such issue:

  Core was generated by `../client/.libs/fwknop -A tcp/22 -a 127.0.0.2 -D
  127.0.0.1 --get-key local_spa.'.
  Program terminated with signal 11, Segmentation fault.
  #0  __strnlen_sse2 () at ../sysdeps/x86_64/multiarch/../strnlen.S:34
  34      ../sysdeps/x86_64/multiarch/../strnlen.S: No such file or directory.
  (gdb) where
  #0  __strnlen_sse2 () at ../sysdeps/x86_64/multiarch/../strnlen.S:34
  #1  0x00007effa38189bc in _rijndael_encrypt (enc_key_len=<optimized out>, enc_key=<optimized out>, ctx=0x7effa5945750) at fko_encryption.c:141
  #2  fko_encrypt_spa_data (ctx=0x7effa5945750, enc_key=<optimized out>, enc_key_len=<optimized out>) at fko_encryption.c:605
  #3  0x00007effa381a2d6 in fko_spa_data_final (ctx=0x7effa5945750, enc_key=enc_key@entry=0x7fff3ff4aa10 "fwknoptest", enc_key_len=<optimized out>, hmac_key=hmac_key@entry=0x7fff3ff4aaa0 "", hmac_key_len=0) at fko_funcs.c:489
  #4  0x00007effa405f2fb in main (argc=<optimized out>, argv=<optimized out>) at fwknop.c:449
2014-06-08 23:09:55 -04:00
Michael Rash
989d48b7e9 [test suite] make valgrind suppressions slightly more perscriptive 2014-06-08 20:22:19 -04:00
Michael Rash
7fb2f292bc [test suite] in valgrind mode, make tests fail whenever there are 'definitely' or 'indirectly' lost bytes in memory 2014-06-08 20:20:19 -04:00
Michael Rash
53a1e1bc00 [client] minor bug fix for condition under which fiu_* functions are called for fault injection 2014-06-08 20:19:03 -04:00
Michael Rash
82b05b9530 [libfko] fko_new() bug fix to not leak memory under fko_set_... error conditions
This commit changes how fko_new() deals with FKO context initialization
to not set ctx->initval back to zero (uninitialized) imediately after
calling each fko_set_... function and before checking the fko_set_... return
value.  The reason for this change is that fko_destroy() checks for
context initialization via ctx->initval before calling free() against
any heap allocated context member. So, if fko_set_... returns an error,
fko_destroy() (previous to this commit) would have no opportunity to
free such members.

This bug was found with fault injection testing provided by libfiu
together with valgrind. Specifically the following test suite command
exposes the problem (from the test/ directory):

./test-fwknop.pl --enable-complete --include "fault injection.*libfko"

In the resulting output/2.test file valgrind reports the following:

==27941== LEAK SUMMARY:
==27941==    definitely lost: 264 bytes in 1 blocks
==27941==    indirectly lost: 28 bytes in 3 blocks
==27941==      possibly lost: 0 bytes in 0 blocks
==27941==    still reachable: 1,099 bytes in 12 blocks
==27941==         suppressed: 0 bytes in 0 blocks

After this commit is applied, this changes to:

==7137== LEAK SUMMARY:
==7137==    definitely lost: 0 bytes in 0 blocks
==7137==    indirectly lost: 0 bytes in 0 blocks
==7137==      possibly lost: 0 bytes in 0 blocks
==7137==    still reachable: 1,099 bytes in 12 blocks
==7137==         suppressed: 0 bytes in 0 blocks

Note that 'definitely lost' in valgrind output means there is a real
memory leak that needs to be fixed whereas 'still reachable' is most
likely not a real problem according to:

http://valgrind.org/docs/manual/faq.html#faq.deflost
2014-06-06 21:28:28 -04:00
Michael Rash
dfeecf5c29 [test suite] additional fix for duplicate fault injection tags 2014-06-06 10:31:07 -04:00
Michael Rash
1b4d7f5b19 [test suite] minor fix for duplicate fault injection tags 2014-06-06 10:25:33 -04:00
Michael Rash
6d1d66fe03 add --fault-injection-tag support to the client/server/libfko
This is a significant commit to add the ability to leverage libfko fault
injections from both the fwknop client and server command lines via a
new option '--fault-injection-tag <tag name>'.  This option is used by
the test suite with the tests/fault_injection.pl tests.
2014-06-05 23:05:49 -04:00
Michael Rash
6a0af8ed8e [test suite] added coverage_diff.py
This commit adds support for diff'ing before and after gcov/lcov results
to see when new function/line coverage is added by the test suite.  Here
is an example of its output:

Sun Jun  1 22:28:00 2014 CMD: ./coverage_diff.py
[+] Coverage: /home/mbr/git/fwknop.git/server/config_init.c
[+] new 'fcns' coverage: usage()
[+] new 'lines' coverage: 1015
[+] new 'lines' coverage: 1017
[+] new 'lines' coverage: 1019
[+] new 'lines' coverage: 1059
[+] new 'lines' coverage: 979
[+] Coverage: /home/mbr/git/fwknop.git/server/fw_util_iptables.c
[+] new 'lines' coverage: 560
[+] new 'lines' coverage: 561
2014-06-01 22:30:54 -04:00
Michael Rash
040b7b10a0 [test suite] add shell escape for /usr/include/* wildcard on lcov command line 2014-05-26 23:15:09 -04:00
Michael Rash
2e150d47a7 restore trustdb.gpg files 2014-05-26 23:06:14 -04:00
Michael Rash
2697bd260c [test suite] fix LD_LIBRARY_PATH for fiu-run execution against fko-wrapper binaries 2014-05-26 22:53:44 -04:00
Michael Rash
ed58dcb635 Revert "add gcc '-pg' flag in --enable-profile-coverage mode"
This reverts commit bbe5626566 because -pg
is needed for gprof, not gcov, and valgrind is incompatible with -pg.
2014-05-26 21:28:19 -04:00
Michael Rash
ddaf0134d6 use fiu.h instead of fiu-local.h 2014-05-26 15:54:12 -04:00
Michael Rash
e893ecad21 [test suite] added first test to run fwknop client underneath fiu-run for libc fault injection 2014-05-26 15:09:02 -04:00
Michael Rash
a1f1e4b328 [test suite] in --enable-fuzzing-interfaces mode create fko-wrapper/send_spa_payloads file if it does exist 2014-05-26 14:18:27 -04:00
Michael Rash
237602114f [test suite] minor fko_wrapper comment update 2014-05-26 08:40:26 -04:00
Michael Rash
15aff82980 client/server added libfiu header files in --enable-libfiu-support mode 2014-05-26 08:39:44 -04:00
Michael Rash
55ae7d5095 [test suite] auto-generate fko-wrapper/fuzz_spa_payload file with spa_fuzzing.py if necessary in --enable-complete/--enable-fuzzing-interfaces mode 2014-05-25 22:10:43 -04:00
Michael Rash
23e8dcfddd [test suite] added configure_max_coverage.sh for --enable-complete mode 2014-05-25 16:23:40 -04:00
Michael Rash
fa53cc62e1 [test suite] SPA packet fuzzer minor comment additions to clearly define SPA packet types 2014-05-25 15:50:09 -04:00
Michael Rash
d625a24a87 [test suite] added fko_new_with_data() call with SPA data that is too short 2014-05-25 15:08:31 -04:00
Michael Rash
00ea2ce0ef [test suite] added --enable-complete option for fuzzing, fault injection, and code coverage 2014-05-25 12:37:35 -04:00
Michael Rash
de03ed702e [test suite] added the ability to run fiu-run fault injection binary against fwknop 2014-05-24 17:55:57 -04:00
Michael Rash
597a3d3953 [libfko] added fault injections for remaining ...set...() functions called by fko_new() 2014-05-24 15:12:07 -04:00
Michael Rash
5f227cfa48 [libfko] added fault injections for fko_set_username() 2014-05-24 14:47:10 -04:00
Michael Rash
17f325eceb [libfko] added fault injections for fko_set_rand_value() 2014-05-24 14:01:49 -04:00
Michael Rash
35ad832392 [libfko] started on libfiu fault injection code 2014-05-24 10:14:28 -04:00
Michael Rash
8d61a8cf7f [test suite] added tests/rijndael_hmac_fuzzing.pl file 2014-05-23 18:55:06 -04:00
Michael Rash
0a82c68451 [test suite] add hmac_fuzzing_access.conf file 2014-05-23 18:50:47 -04:00
Michael Rash
cf3f41821b [test suite] add fault injection tests 2014-05-22 08:36:11 -05:00
Michael Rash
a65fff7e7b [test suite] make fko_wrapper binary path absolute 2014-05-22 08:30:36 -05:00
Michael Rash
c5e8eee743 [test suite] make fko_wrapper binary path absolute 2014-05-22 08:29:06 -05:00