diff options
author | Demi Marie Obenour <demi@invisiblethingslab.com> | 2021-09-18 17:07:19 -0400 |
---|---|---|
committer | Michal Domonkos <mdomonko@redhat.com> | 2022-07-01 10:52:14 +0200 |
commit | 52a829324e0d04bfae961ea1d67d85bac6f13a52 (patch) | |
tree | 5f2c5490c96933b05d179ad90ed857c4b53b415d | |
parent | 465716176e8bcea5fddff9dbad5105c1d7d648c5 (diff) | |
download | rpm-52a829324e0d04bfae961ea1d67d85bac6f13a52.tar.gz |
Add test for OpenPGP packet parsing bug
This checks that old-format OpenPGP packets with excessive lengths are
rejected.
(cherry picked from commit ad97e2fceaae3a853d9332324156630677384989)
-rw-r--r-- | tests/Makefile.am | 1 | ||||
-rw-r--r-- | tests/rpmpgp.at | 11 | ||||
-rw-r--r-- | tests/rpmpgpcheck.c | 52 |
3 files changed, 64 insertions, 0 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index bc535d283..66cee3273 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -35,6 +35,7 @@ TESTSUITE_AT += rpmspec.at TESTSUITE_AT += rpmio.at TESTSUITE_AT += rpmorder.at TESTSUITE_AT += rpmvfylevel.at +TESTSUITE_AT += rpmpgp.at EXTRA_DIST += $(TESTSUITE_AT) ## testsuite data diff --git a/tests/rpmpgp.at b/tests/rpmpgp.at new file mode 100644 index 000000000..0e78675f3 --- /dev/null +++ b/tests/rpmpgp.at @@ -0,0 +1,11 @@ +# rpmpgp.at: rpm OpenPGP parsing test + +AT_BANNER([RPM OpenPGP parsing]) + +# Test OpenPGP parsing +AT_SETUP([[Running tests for malformed OpenPGP packages]]) +AT_KEYWORDS([[rpmkeys digest OpenPGP]]) +AT_CHECK([[ +../../rpmpgpcheck +]],0,) +AT_CLEANUP diff --git a/tests/rpmpgpcheck.c b/tests/rpmpgpcheck.c new file mode 100644 index 000000000..16c5f99c6 --- /dev/null +++ b/tests/rpmpgpcheck.c @@ -0,0 +1,52 @@ +#include <stddef.h> +#include <assert.h> +#include <limits.h> +#include <stdio.h> + +#include <unistd.h> +#include <sys/mman.h> + +#include <rpm/rpmpgp.h> + +static unsigned char data_eddsa_asc[] = { + 0x88, 0x75, 0x04, 0x00, 0x16, 0x08, 0x00, 0x1d, 0x16, 0x21, 0x04, 0xe8, + 0x3a, 0x38, 0x0b, 0x85, 0x75, 0x56, 0x2b, 0x3c, 0x6f, 0x41, 0xca, 0x28, + 0xa4, 0x5c, 0x93, 0xb0, 0xb5, 0xb6, 0xe0, 0x05, 0x02, 0x60, 0x0f, 0x77, + 0x1a, 0x00, 0x0a, 0x09, 0x10, 0x28, 0xa4, 0x5c, 0x93, 0xb0, 0xb5, 0xb6, + 0xe0, 0x61, 0x58, 0x00, 0xff, 0x7a, 0xb7, 0xaf, 0xa7, 0x82, 0x3a, 0x1e, + 0xd3, 0x0b, 0x1f, 0xbe, 0xee, 0x50, 0x6c, 0xa0, 0xa7, 0xb1, 0x89, 0x7a, + 0x97, 0x69, 0xb8, 0x6d, 0x84, 0x44, 0x09, 0x77, 0x8c, 0xfa, 0xfe, 0x10, + 0xf6, 0x01, 0x00, 0xcb, 0x53, 0xd9, 0xc5, 0xc1, 0x0e, 0x2c, 0x84, 0x62, + 0x20, 0x65, 0xb0, 0xb9, 0x1a, 0x46, 0xf7, 0xf9, 0xb4, 0xfe, 0xfd, 0x2c, + 0x1e, 0x99, 0x72, 0x58, 0x48, 0xc0, 0x22, 0x63, 0x47, 0x12, 0x0a +}; +static long data_eddsa_asc_len = 119; + +int main(void) +{ + long s = sysconf(_SC_PAGE_SIZE); + assert(s > data_eddsa_asc_len && s < LONG_MAX / 2); + + void *addr = mmap(NULL, 2 * s, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + if (addr == MAP_FAILED) { + perror("mmap"); + return 1; + } + if (mprotect((unsigned char *)addr + s, (size_t)s, PROT_NONE)) { + perror("mprotect"); + return 1; + } + memcpy((unsigned char *)addr + (s - data_eddsa_asc_len), data_eddsa_asc, data_eddsa_asc_len); + pgpDigParams params = NULL; + addr += s - data_eddsa_asc_len; + if (pgpPrtParams(addr, data_eddsa_asc_len, PGPTAG_SIGNATURE, ¶ms)) { + fprintf(stderr, "Valid signature not properly accepted\n"); + return 1; + } + data_eddsa_asc[1] += 1; + if (pgpPrtParams(addr, data_eddsa_asc_len, PGPTAG_SIGNATURE, ¶ms) != -1) { + fprintf(stderr, "Invalid signature not properly rejected\n"); + return 1; + } + return 0; +} |