Add self-tests for security problems.

3 files changed, 195 insertions, 2 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 5d7aa6ea7f..58a7f575dc 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -1,5 +1,5 @@
 ## Process this file with automake to produce Makefile.in
-# Copyright (C) 2004, 2005, 2006, 2007, 2008 Free Software Foundation
+# Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation
 #
 # Author: Simon Josefsson
 #
@@ -52,7 +52,7 @@ libutils_la_SOURCES = utils.h utils.c
 ctests = simple gc set_pkcs12_cred certder mpi				\
 	certificate_set_x509_crl dn parse_ca moredn crypto_rng mini	\
 	finished hostname-check cve-2008-4989 pkcs12_s2k chainverify	\
-	crq_key_id x509sign-verify
+	crq_key_id x509sign-verify cve-2009-1415 cve-2009-1416
 
 if ENABLE_OPENSSL
 ctests +=  openssl
diff --git a/tests/cve-2009-1415.c b/tests/cve-2009-1415.c
new file mode 100644
index 0000000000..fe89aa4cfb
--- /dev/null
+++ b/tests/cve-2009-1415.c
@@ -0,0 +1,105 @@
+/*
+ * Copyright (C) 2009 Free Software Foundation
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GNUTLS.
+ *
+ * GNUTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GNUTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+/*
+ * Small code to reproduce the CVE-2009-1415 double-free problem.
+ *
+ * Build it using:
+ *
+ *  gcc -o cve-2009-1415 cve-2009-1415.c -lgnutls
+ *
+ * If your gnutls library is OK then running it will just print 'success!'.
+ *
+ * If your gnutls library is buggy, then running it will crash like this:
+ *
+ * ** glibc detected *** ./cve-2009-1415: munmap_chunk(): invalid pointer: 0xb7f80a9c ***
+ * ======= Backtrace: =========
+ * ...
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+static char dsa_cert[] =
+  "-----BEGIN CERTIFICATE-----\n"
+  "MIIDbzCCAtqgAwIBAgIERiYdRTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
+  "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTQxWhcNMDgwNDE3MTMyOTQxWjA3MRsw\n"
+  "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
+  "Lm9yZzCCAbQwggEpBgcqhkjOOAQBMIIBHAKBgLmE9VqBvhoNxYpzjwybL5u2DkvD\n"
+  "dBp/ZK2d8yjFoEe8m1dW8ZfVfjcD6fJM9OOLfzCjXS+7oaI3wuo1jx+xX6aiXwHx\n"
+  "IzYr5E8vLd2d1TqmOa96UXzSJY6XdM8exXtLdkOBBx8GFLhuWBLhkOI3b9Ib7GjF\n"
+  "WOLmMOBqXixjeOwHAhSfVoxIZC/+jap6bZbbBF0W7wilcQKBgGIGfuRcdgi3Rhpd\n"
+  "15fUKiH7HzHJ0vT6Odgn0Zv8J12nCqca/FPBL0PCN8iFfz1Mq12BMvsdXh5UERYg\n"
+  "xoBa2YybQ/Dda6D0w/KKnDnSHHsP7/ook4/SoSLr3OCKi60oDs/vCYXpNr2LelDV\n"
+  "e/clDWxgEcTvcJDP1hvru47GPjqXA4GEAAKBgA+Kh1fy0cLcrN9Liw+Luin34QPk\n"
+  "VfqymAfW/RKxgLz1urRQ1H+gDkPnn8l4EV/l5Awsa2qkNdy9VOVgNpox0YpZbmsc\n"
+  "ur0uuut8h+/ayN2h66SD5out+vqOW9c3yDI+lsI+9EPafZECD7e8+O+P90EAXpbf\n"
+  "DwiW3Oqy6QaCr9Ivo4GTMIGQMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPdGVz\n"
+  "dC5nbnV0bHMub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMH\n"
+  "gAAwHQYDVR0OBBYEFL/su87Y6HtwVuzz0SuS1tSZClvzMB8GA1UdIwQYMBaAFOk8\n"
+  "HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOBgQBCsrnfD1xzh8/Eih1f\n"
+  "x+M0lPoX1Re5L2ElHI6DJpHYOBPwf9glwxnet2+avzgUQDUFwUSxOhodpyeaACXD\n"
+  "o0gGVpcH8sOBTQ+aTdM37hGkPxoXjtIkR/LgG5nP2H2JRd5TkW8l13JdM4MJFB4W\n"
+  "QcDzQ8REwidsfh9uKAluk1c/KQ==\n"
+  "-----END CERTIFICATE-----\n";
+
+const gnutls_datum_t dsa_cert_dat = {
+  dsa_cert, sizeof (dsa_cert)
+};
+
+int
+main (void)
+{
+  gnutls_x509_crt_t crt;
+  gnutls_datum_t data = { (char *) "foo", 3 };
+  gnutls_datum_t sig = { (char *) "bar", 3 };
+  int ret;
+
+  gnutls_global_init ();
+
+  ret = gnutls_x509_crt_init (&crt);
+  if (ret < 0)
+    return 1;
+
+  ret = gnutls_x509_crt_import (crt, &dsa_cert_dat, GNUTLS_X509_FMT_PEM);
+  if (ret < 0)
+    return 1;
+
+  ret = gnutls_x509_crt_verify_data (crt, 0, &data, &sig);
+  if (ret < 0)
+    return 1;
+
+  printf ("success!\n");
+
+  gnutls_x509_crt_deinit (crt);
+  gnutls_global_deinit ();
+
+  return 0;
+}
diff --git a/tests/cve-2009-1416.c b/tests/cve-2009-1416.c
new file mode 100644
index 0000000000..b637344949
--- /dev/null
+++ b/tests/cve-2009-1416.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright (C) 2009 Free Software Foundation
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GNUTLS.
+ *
+ * GNUTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GNUTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+/*
+ * Small code to reproduce the CVE-2009-1416 bad DSA key problem.
+ *
+ * Build it using:
+ *
+ *  gcc -o cve-2009-1416 cve-2009-1416.c -lgnutls
+ *
+ * If your gnutls library is OK then running it will print 'success!'.
+ *
+ * If your gnutls library is buggy then running it will print 'buggy'.
+ *
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+
+#include <gcrypt.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+int
+main (void)
+{
+  gnutls_x509_privkey_t key;
+  gnutls_datum_t p, q, g, y, x;
+  int ret;
+
+  gnutls_global_init ();
+  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+
+  ret = gnutls_x509_privkey_init (&key);
+  if (ret < 0)
+    return 1;
+
+  ret = gnutls_x509_privkey_generate (key, GNUTLS_PK_DSA, 512, 0);
+  if (ret < 0)
+    return 1;
+
+  ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);
+  if (ret < 0)
+    return 1;
+
+  if (q.size == 3 && memcmp (q.data, "\x01\x00\x01", 3) == 0)
+    {
+      printf ("buggy\n");
+      return 1;
+    }
+  else
+    printf ("success!\n");
+
+  gnutls_free (p.data);
+  gnutls_free (q.data);
+  gnutls_free (g.data);
+  gnutls_free (y.data);
+  gnutls_free (x.data);
+
+  gnutls_x509_privkey_deinit (key);
+  gnutls_global_deinit ();
+
+  return 0;
+}