diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-03-01 07:58:04 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-01 09:37:14 +0100 |
commit | 68c895e9ba7a1c98e96eccf3c30207277d2dea2d (patch) | |
tree | ec39e93027c0ed781b9dff6002a4ee30077bcc8b | |
parent | 43a4546e7f0842b2e4b70da6d97295f3d18c681c (diff) | |
download | gnutls-68c895e9ba7a1c98e96eccf3c30207277d2dea2d.tar.gz |
tests: added test cases with invalid openpgp certs
These certificates contain invalid secret key sub-packets.
These trigger invalid memory accesses:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | tests/cert-tests/Makefile.am | 3 | ||||
-rw-r--r-- | tests/cert-tests/data/openpgp-invalid7.pub | bin | 0 -> 383 bytes | |||
-rw-r--r-- | tests/cert-tests/data/openpgp-invalid8.pub | bin | 0 -> 6590 bytes | |||
-rwxr-xr-x | tests/cert-tests/openpgp-cert-parser | 2 |
4 files changed, 3 insertions, 2 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 3776538762..b309cc013d 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -64,7 +64,8 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/openssl-keyid.p7b data/openssl-keyid.p7b.out data/openssl.p12 \ data/openpgp-invalid1.pub data/openpgp-invalid2.pub data/openpgp-invalid3.pub \ data/openpgp-invalid4.pub data/openpgp-invalid5.pub \ - data/openpgp-invalid5.pub data/openpgp-invalid6.pub + data/openpgp-invalid5.pub data/openpgp-invalid6.pub \ + data/openpgp-invalid7.pub data/openpgp-invalid8.pub dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ diff --git a/tests/cert-tests/data/openpgp-invalid7.pub b/tests/cert-tests/data/openpgp-invalid7.pub Binary files differnew file mode 100644 index 0000000000..f808f49c0c --- /dev/null +++ b/tests/cert-tests/data/openpgp-invalid7.pub diff --git a/tests/cert-tests/data/openpgp-invalid8.pub b/tests/cert-tests/data/openpgp-invalid8.pub Binary files differnew file mode 100644 index 0000000000..3ee82dab01 --- /dev/null +++ b/tests/cert-tests/data/openpgp-invalid8.pub diff --git a/tests/cert-tests/openpgp-cert-parser b/tests/cert-tests/openpgp-cert-parser index 1039cf136e..7f22271077 100755 --- a/tests/cert-tests/openpgp-cert-parser +++ b/tests/cert-tests/openpgp-cert-parser @@ -42,7 +42,7 @@ echo "Checking OpenPGP certificate parsing" for i in "truncated.pub" "attribute-leak-1.pub" "subpkt-leak.pub" "openpgp-invalid1.pub" \ "openpgp-invalid2.pub" "openpgp-invalid3.pub" "openpgp-invalid4.pub" "openpgp-invalid5.pub" \ - "openpgp-invalid6.pub";do + "openpgp-invalid6.pub" "openpgp-invalid7.pub" "openpgp-invalid8.pub";do ${VALGRIND} "${CERTTOOL}" --inraw --pgp-certificate-info --infile "${srcdir}/data/${i}" rc=$? if test $rc != 1;then |