tests: add blob-buffer overflow test

The blob buffer has no limitation in place
to prevent buflen to exceed maximum size.

This commit adds a test to demonstrate how
a blob increases past the maximum allowd
size of 16MB. It continuously adds chunks
of 64KB and with the 255th one blob_add()
returns a valid attribute pointer but the
blob's buflen does not increase.

The test is used to demonstrate the
failure, which is fixed with a follow-up
commit.

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@gmail.com>
[adjusted test case for cram usage]
Signed-off-by: Petr Štetiar <ynezz@true.cz>

2 files changed, 40 insertions, 0 deletions

diff --git a/tests/cram/test_blob_buflen.t b/tests/cram/test_blob_buflen.t
new file mode 100644
index 0000000..986e476
--- /dev/null
+++ b/tests/cram/test_blob_buflen.t
@@ -0,0 +1,9 @@
+check that blob buffer cannot exceed maximum buffer length:
+
+  $ [ -n "$TEST_BIN_DIR" ] && export PATH="$TEST_BIN_DIR:$PATH"
+
+  $ valgrind --quiet --leak-check=full test-blob-buflen
+  SUCCESS: failed to allocate attribute
+
+  $ test-blob-buflen-san
+  SUCCESS: failed to allocate attribute
diff --git a/tests/test-blob-buflen.c b/tests/test-blob-buflen.c
new file mode 100644
index 0000000..45ea379
--- /dev/null
+++ b/tests/test-blob-buflen.c
@@ -0,0 +1,31 @@
+#include <stdio.h>
+
+#include "blobmsg.h"
+
+/* chunks of 64KB to be added to blob-buffer */
+#define BUFF_SIZE	0x10000
+/* exceed maximum blob buff-length */
+#define BUFF_CHUNKS	(((BLOB_ATTR_LEN_MASK + 1) / BUFF_SIZE) + 1)
+
+int main(int argc, char **argv)
+{
+	int i;
+	static struct blob_buf buf;
+	blobmsg_buf_init(&buf);
+	int prev_len = buf.buflen;
+
+	for (i = 0; i < BUFF_CHUNKS; i++) {
+		struct blob_attr *attr = blob_new(&buf, 0, BUFF_SIZE);
+		if (!attr) {
+			fprintf(stderr, "SUCCESS: failed to allocate attribute\n");
+			break;
+		}
+		if (prev_len < buf.buflen) {
+			prev_len = buf.buflen;
+			continue;
+		}
+		fprintf(stderr, "ERROR: buffer length did not increase\n");
+		return -1;
+	}
+	return 0;
+}