summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicolas Boichat <drinkcat@chromium.org>2018-06-21 09:10:30 +0800
committerchrome-bot <chrome-bot@chromium.org>2018-06-22 02:39:42 -0700
commit8032e90ccbceaf799eeabf6709ab66981b6cf720 (patch)
tree54350e25e55423d809b57e9ae1733465b2b3bfec
parent64aa8638f134f8aca4f48f3efc5fa7427caeb772 (diff)
downloadchrome-ec-8032e90ccbceaf799eeabf6709ab66981b6cf720.tar.gz
test/rma_auth: Pad authcode before passing it to rma_try_authcode
rma_try_authcode expects a buffer that is at least RMA_AUTHCODE_CHARS long, so copy the input string to a buffer before calling the function, else AddressSanitizer will complain. BRANCH=none BUG=chromium:854924 TEST=make TEST_ASAN=y run-rma_auth -j Change-Id: Iff2b195a7c7b01b925df6d9f53e0055f98f59ded Signed-off-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1109658 Reviewed-by: Randall Spangler <rspangler@chromium.org>
-rw-r--r--include/rma_auth.h4
-rw-r--r--test/rma_auth.c24
2 files changed, 22 insertions, 6 deletions
diff --git a/include/rma_auth.h b/include/rma_auth.h
index 427e5c90de..698f4a71e9 100644
--- a/include/rma_auth.h
+++ b/include/rma_auth.h
@@ -61,7 +61,9 @@ const char *rma_get_challenge(void);
/**
* Try a RMA authorization code
*
- * @param code Authorization code to try
+ * @param code Authorization code to try (buffer needs to be at least
+ * RMA_AUTHCODE_CHARS bytes long, no matter the actual string length, as the
+ * function uses safe_memcmp to prevent timing attacks).
* @return EC_SUCCESS if the response was correct, or non-zero error code.
*/
int rma_try_authcode(const char *code);
diff --git a/test/rma_auth.c b/test/rma_auth.c
index ced910d778..c03ba70acd 100644
--- a/test/rma_auth.c
+++ b/test/rma_auth.c
@@ -130,6 +130,20 @@ int rma_server_side(char *out_auth_code, const char *challenge)
#define FORCE_TIME(t) { ts.val = (t); force_time(ts); }
+/*
+ * rma_try_authcode expects a buffer that is at least RMA_AUTHCODE_CHARS long,
+ * so copy the input string to a buffer before calling the function.
+ */
+static int rma_try_authcode_pad(const char *code)
+{
+ char authcode[RMA_AUTHCODE_BUF_SIZE];
+
+ memset(authcode, 0, sizeof(authcode));
+ strncpy(authcode, code, sizeof(authcode));
+
+ return rma_try_authcode(authcode);
+}
+
static int test_rma_auth(void)
{
const char *challenge;
@@ -139,7 +153,7 @@ static int test_rma_auth(void)
/* Test rate limiting */
FORCE_TIME(9 * SECOND);
TEST_ASSERT(rma_create_challenge() == EC_ERROR_TIMEOUT);
- TEST_ASSERT(rma_try_authcode("Bad") == EC_ERROR_ACCESS_DENIED);
+ TEST_ASSERT(rma_try_authcode_pad("Bad") == EC_ERROR_ACCESS_DENIED);
TEST_ASSERT(strlen(rma_get_challenge()) == 0);
FORCE_TIME(10 * SECOND);
@@ -147,14 +161,14 @@ static int test_rma_auth(void)
TEST_ASSERT(strlen(rma_get_challenge()) == RMA_CHALLENGE_CHARS);
/* Test using up tries */
- TEST_ASSERT(rma_try_authcode("Bad") == EC_ERROR_INVAL);
+ TEST_ASSERT(rma_try_authcode_pad("Bad") == EC_ERROR_INVAL);
TEST_ASSERT(strlen(rma_get_challenge()) == RMA_CHALLENGE_CHARS);
- TEST_ASSERT(rma_try_authcode("BadCodeZ") == EC_ERROR_INVAL);
+ TEST_ASSERT(rma_try_authcode_pad("BadCodeZ") == EC_ERROR_INVAL);
TEST_ASSERT(strlen(rma_get_challenge()) == RMA_CHALLENGE_CHARS);
- TEST_ASSERT(rma_try_authcode("BadLongCode") == EC_ERROR_INVAL);
+ TEST_ASSERT(rma_try_authcode_pad("BadLongCode") == EC_ERROR_INVAL);
/* Out of tries now */
TEST_ASSERT(strlen(rma_get_challenge()) == 0);
- TEST_ASSERT(rma_try_authcode("Bad") == EC_ERROR_ACCESS_DENIED);
+ TEST_ASSERT(rma_try_authcode_pad("Bad") == EC_ERROR_ACCESS_DENIED);
FORCE_TIME(19 * SECOND);
TEST_ASSERT(rma_create_challenge() == EC_ERROR_TIMEOUT);