tests: added check for invalid UTF8 encoded string

3 files changed, 45 insertions, 4 deletions

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 2dc1befbec..be95eb493f 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -33,13 +33,13 @@ EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem aki-cert.pem \
 	single-ca.p7b single-ca.p7b.out full.p7b full.p7b.out detached.p7b \
 	pkcs7-detached.txt p7-combined.out template-generalized.pem \
 	template-generalized.tmpl privkey1.pem privkey2.pem privkey3.pem \
-	name-constraints-ip.pem
+	name-constraints-ip.pem cert-invalid-utf8.der
 
 dist_check_SCRIPTS = pathlen aki template-test pem-decoding dane crq certtool invalid-sig email \
-	pkcs7 privkey-import name-constraints
+	pkcs7 privkey-import name-constraints certtool-utf8
 
 TESTS = pathlen aki pem-decoding certtool invalid-sig email pkcs7 privkey-import \
-	name-constraints
+	name-constraints certtool-utf8
 
 if ENABLE_NON_SUITEB_CURVES
 TESTS += crq
@@ -55,7 +55,7 @@ endif
 
 TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \
 	LC_ALL="C"				\
-	VALGRIND="$(VALGRIND)"			\
+	VALGRIND="$(VALGRIND)" 			\
 	LIBTOOL="$(LIBTOOL)"			\
 	top_builddir="$(top_builddir)"		\
 	srcdir="$(srcdir)"
diff --git a/tests/cert-tests/cert-invalid-utf8.der b/tests/cert-tests/cert-invalid-utf8.der
new file mode 100644
index 0000000000..b6b45e320b
--- /dev/null
+++ b/tests/cert-tests/cert-invalid-utf8.der
diff --git a/tests/cert-tests/certtool-utf8 b/tests/cert-tests/certtool-utf8
new file mode 100755
index 0000000000..ce5141a39a
--- /dev/null
+++ b/tests/cert-tests/certtool-utf8
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+# Copyright (C) 2015 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+# This checks whether invalid UTF8 strings trigger valgrind warnings.
+
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
+DIFF="${DIFF:-diff}"
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
+
+	# Check improper UTF8 errors
+	${VALGRIND} --error-exitcode=3 "${CERTTOOL}" -i --inder --infile "${srcdir}/cert-invalid-utf8.der"
+	rc=$?
+
+	if test "${rc}" = 3;then
+		echo "Invalid memory access with invalid UTF8"
+		exit 1
+	fi
+fi
+
+exit 0