diff options
author | Nicolas Boichat <drinkcat@chromium.org> | 2018-06-21 09:10:30 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-06-22 02:39:42 -0700 |
commit | 8032e90ccbceaf799eeabf6709ab66981b6cf720 (patch) | |
tree | 54350e25e55423d809b57e9ae1733465b2b3bfec | |
parent | 64aa8638f134f8aca4f48f3efc5fa7427caeb772 (diff) | |
download | chrome-ec-8032e90ccbceaf799eeabf6709ab66981b6cf720.tar.gz |
test/rma_auth: Pad authcode before passing it to rma_try_authcode
rma_try_authcode expects a buffer that is at least RMA_AUTHCODE_CHARS
long, so copy the input string to a buffer before calling the
function, else AddressSanitizer will complain.
BRANCH=none
BUG=chromium:854924
TEST=make TEST_ASAN=y run-rma_auth -j
Change-Id: Iff2b195a7c7b01b925df6d9f53e0055f98f59ded
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1109658
Reviewed-by: Randall Spangler <rspangler@chromium.org>
-rw-r--r-- | include/rma_auth.h | 4 | ||||
-rw-r--r-- | test/rma_auth.c | 24 |
2 files changed, 22 insertions, 6 deletions
diff --git a/include/rma_auth.h b/include/rma_auth.h index 427e5c90de..698f4a71e9 100644 --- a/include/rma_auth.h +++ b/include/rma_auth.h @@ -61,7 +61,9 @@ const char *rma_get_challenge(void); /** * Try a RMA authorization code * - * @param code Authorization code to try + * @param code Authorization code to try (buffer needs to be at least + * RMA_AUTHCODE_CHARS bytes long, no matter the actual string length, as the + * function uses safe_memcmp to prevent timing attacks). * @return EC_SUCCESS if the response was correct, or non-zero error code. */ int rma_try_authcode(const char *code); diff --git a/test/rma_auth.c b/test/rma_auth.c index ced910d778..c03ba70acd 100644 --- a/test/rma_auth.c +++ b/test/rma_auth.c @@ -130,6 +130,20 @@ int rma_server_side(char *out_auth_code, const char *challenge) #define FORCE_TIME(t) { ts.val = (t); force_time(ts); } +/* + * rma_try_authcode expects a buffer that is at least RMA_AUTHCODE_CHARS long, + * so copy the input string to a buffer before calling the function. + */ +static int rma_try_authcode_pad(const char *code) +{ + char authcode[RMA_AUTHCODE_BUF_SIZE]; + + memset(authcode, 0, sizeof(authcode)); + strncpy(authcode, code, sizeof(authcode)); + + return rma_try_authcode(authcode); +} + static int test_rma_auth(void) { const char *challenge; @@ -139,7 +153,7 @@ static int test_rma_auth(void) /* Test rate limiting */ FORCE_TIME(9 * SECOND); TEST_ASSERT(rma_create_challenge() == EC_ERROR_TIMEOUT); - TEST_ASSERT(rma_try_authcode("Bad") == EC_ERROR_ACCESS_DENIED); + TEST_ASSERT(rma_try_authcode_pad("Bad") == EC_ERROR_ACCESS_DENIED); TEST_ASSERT(strlen(rma_get_challenge()) == 0); FORCE_TIME(10 * SECOND); @@ -147,14 +161,14 @@ static int test_rma_auth(void) TEST_ASSERT(strlen(rma_get_challenge()) == RMA_CHALLENGE_CHARS); /* Test using up tries */ - TEST_ASSERT(rma_try_authcode("Bad") == EC_ERROR_INVAL); + TEST_ASSERT(rma_try_authcode_pad("Bad") == EC_ERROR_INVAL); TEST_ASSERT(strlen(rma_get_challenge()) == RMA_CHALLENGE_CHARS); - TEST_ASSERT(rma_try_authcode("BadCodeZ") == EC_ERROR_INVAL); + TEST_ASSERT(rma_try_authcode_pad("BadCodeZ") == EC_ERROR_INVAL); TEST_ASSERT(strlen(rma_get_challenge()) == RMA_CHALLENGE_CHARS); - TEST_ASSERT(rma_try_authcode("BadLongCode") == EC_ERROR_INVAL); + TEST_ASSERT(rma_try_authcode_pad("BadLongCode") == EC_ERROR_INVAL); /* Out of tries now */ TEST_ASSERT(strlen(rma_get_challenge()) == 0); - TEST_ASSERT(rma_try_authcode("Bad") == EC_ERROR_ACCESS_DENIED); + TEST_ASSERT(rma_try_authcode_pad("Bad") == EC_ERROR_ACCESS_DENIED); FORCE_TIME(19 * SECOND); TEST_ASSERT(rma_create_challenge() == EC_ERROR_TIMEOUT); |