This commit adds a couple of suppressions for known issues that valgrind
finds in libcap, and then makes a significant change to how the test
suite deals with any valgrind errors (in --enable-valgrind mode) that
are outside of these suppressions. That is, any new valgrind errors
that are discovered will cause the test that triggers them to fail.
Previous to this commit, the final valgrind "flagged functions" test
attmpted to do this by comparing valgrind output across test runs. This
worked well enough for a while, but this latest commit enforces a
stricter stance for valgrind validation of the fwknop code base.
This commit adds a lot of test coverage support as guided by gcov +
lcov.
Also added the --no-ipt-check-support option to fwknopd (this is only
useful in practice on older Linux distros where 'iptables -C' is not
available, but it helps with test coverage).
Add a new fko_set_encoded_data() function gated by #define
FUZZING_INTERFACES to allow encryption and authentication to be bypassed
for fuzzing purposes (and only fuzzing purposes). The fko-wrapper code
has been extended to process data in the
test/fko-wrapper/fuzz_spa_payloads file, which is created by the new
python fuzzer. Typical workflow is:
$ cd test/fko-wrapper
$ ../spa_fuzzer.py > fuzz_spa_payloads
$ make fuzzing
(as root):
./test-fwknop.pl --enable-profile-coverage --enable-fuzzing-interfaces --enable-all --include wrapper
[+] Starting the fwknop test suite...
args: --enable-profile-coverage --enable-fuzzing-interfaces --enable-all --include wrapper
Saved results from previous run to: output.last/
Valgrind mode enabled, will import previous coverage from:
output.last/valgrind-coverage/
[+] Total test buckets to execute: 2
[Rijndael] [fko-wrapper] multiple libfko calls (with valgrind)......pass (1)
[Rijndael] [fko-wrapper] multiple libfko calls......................pass (2)
[profile coverage] gcov profile coverage............................pass (3)
[valgrind output] [flagged functions] ..............................pass (4)
Run time: 5.85 minutes
[+] 0/0/0 OpenSSL tests passed/failed/executed
[+] 0/0/0 OpenSSL HMAC tests passed/failed/executed
[+] 4/0/4 test buckets passed/failed/executed
This commit fixes a minor memory leak in the fwknop client before
calling exit() when an abnormally large number of command line arguments
are given. The leak was found with valgrind together with the test
suite (specifically the 'show last args (4)' test):
==23748== 175 bytes in 50 blocks are definitely lost in loss record 1 of 1
==23748== at 0x4C2C494: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23748== by 0x1112F1: run_last_args (fwknop.c:991)
==23748== by 0x110D36: prev_exec (fwknop.c:916)
==23748== by 0x10D953: main (fwknop.c:170)
Additional test coverage was added for the client via the
basic_operations.pl tests.
