From 8032e90ccbceaf799eeabf6709ab66981b6cf720 Mon Sep 17 00:00:00 2001 From: Nicolas Boichat Date: Thu, 21 Jun 2018 09:10:30 +0800 Subject: test/rma_auth: Pad authcode before passing it to rma_try_authcode rma_try_authcode expects a buffer that is at least RMA_AUTHCODE_CHARS long, so copy the input string to a buffer before calling the function, else AddressSanitizer will complain. BRANCH=none BUG=chromium:854924 TEST=make TEST_ASAN=y run-rma_auth -j Change-Id: Iff2b195a7c7b01b925df6d9f53e0055f98f59ded Signed-off-by: Nicolas Boichat Reviewed-on: https://chromium-review.googlesource.com/1109658 Reviewed-by: Randall Spangler --- include/rma_auth.h | 4 +++- test/rma_auth.c | 24 +++++++++++++++++++----- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/include/rma_auth.h b/include/rma_auth.h index 427e5c90de..698f4a71e9 100644 --- a/include/rma_auth.h +++ b/include/rma_auth.h @@ -61,7 +61,9 @@ const char *rma_get_challenge(void); /** * Try a RMA authorization code * - * @param code Authorization code to try + * @param code Authorization code to try (buffer needs to be at least + * RMA_AUTHCODE_CHARS bytes long, no matter the actual string length, as the + * function uses safe_memcmp to prevent timing attacks). * @return EC_SUCCESS if the response was correct, or non-zero error code. */ int rma_try_authcode(const char *code); diff --git a/test/rma_auth.c b/test/rma_auth.c index ced910d778..c03ba70acd 100644 --- a/test/rma_auth.c +++ b/test/rma_auth.c @@ -130,6 +130,20 @@ int rma_server_side(char *out_auth_code, const char *challenge) #define FORCE_TIME(t) { ts.val = (t); force_time(ts); } +/* + * rma_try_authcode expects a buffer that is at least RMA_AUTHCODE_CHARS long, + * so copy the input string to a buffer before calling the function. + */ +static int rma_try_authcode_pad(const char *code) +{ + char authcode[RMA_AUTHCODE_BUF_SIZE]; + + memset(authcode, 0, sizeof(authcode)); + strncpy(authcode, code, sizeof(authcode)); + + return rma_try_authcode(authcode); +} + static int test_rma_auth(void) { const char *challenge; @@ -139,7 +153,7 @@ static int test_rma_auth(void) /* Test rate limiting */ FORCE_TIME(9 * SECOND); TEST_ASSERT(rma_create_challenge() == EC_ERROR_TIMEOUT); - TEST_ASSERT(rma_try_authcode("Bad") == EC_ERROR_ACCESS_DENIED); + TEST_ASSERT(rma_try_authcode_pad("Bad") == EC_ERROR_ACCESS_DENIED); TEST_ASSERT(strlen(rma_get_challenge()) == 0); FORCE_TIME(10 * SECOND); @@ -147,14 +161,14 @@ static int test_rma_auth(void) TEST_ASSERT(strlen(rma_get_challenge()) == RMA_CHALLENGE_CHARS); /* Test using up tries */ - TEST_ASSERT(rma_try_authcode("Bad") == EC_ERROR_INVAL); + TEST_ASSERT(rma_try_authcode_pad("Bad") == EC_ERROR_INVAL); TEST_ASSERT(strlen(rma_get_challenge()) == RMA_CHALLENGE_CHARS); - TEST_ASSERT(rma_try_authcode("BadCodeZ") == EC_ERROR_INVAL); + TEST_ASSERT(rma_try_authcode_pad("BadCodeZ") == EC_ERROR_INVAL); TEST_ASSERT(strlen(rma_get_challenge()) == RMA_CHALLENGE_CHARS); - TEST_ASSERT(rma_try_authcode("BadLongCode") == EC_ERROR_INVAL); + TEST_ASSERT(rma_try_authcode_pad("BadLongCode") == EC_ERROR_INVAL); /* Out of tries now */ TEST_ASSERT(strlen(rma_get_challenge()) == 0); - TEST_ASSERT(rma_try_authcode("Bad") == EC_ERROR_ACCESS_DENIED); + TEST_ASSERT(rma_try_authcode_pad("Bad") == EC_ERROR_ACCESS_DENIED); FORCE_TIME(19 * SECOND); TEST_ASSERT(rma_create_challenge() == EC_ERROR_TIMEOUT); -- cgit v1.2.1