lib/asn1/check-common.c

   1 /*
   2  * Copyright (c) 1999 - 2006 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in the
  17  *    documentation and/or other materials provided with the distribution.
  18  *
  19  * 3. Neither the name of the Institute nor the names of its contributors
  20  *    may be used to endorse or promote products derived from this software
  21  *    without specific prior written permission.
  22  *
  23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  33  * SUCH DAMAGE.
  34  */
  35
  36 #ifdef HAVE_CONFIG_H
  37 #include <config.h>
  38 #endif
  39 #ifdef HAVE_SYS_MMAN_H
  40 #include <sys/mman.h>
  41 #endif
  42 #include <stdio.h>
  43 #include <string.h>
  44 #include <err.h>
  45 #include <roken.h>
  46
  47 #include "asn1-common.h"
  48 #include "check-common.h"
  49
  50 RCSID("$Id$");
  51
  52 struct map_page {
  53     void *start;
  54     size_t size;
  55     void *data_start;
  56     size_t data_size;
  57     enum map_type type;
  58 };
  59
  60 /* #undef HAVE_MMAP */
  61
  62 void *
  63 map_alloc(enum map_type type, const void *buf,
  64           size_t size, struct map_page **map)
  65 {
  66 #ifndef HAVE_MMAP
  67     unsigned char *p;
  68     size_t len = size + sizeof(long) * 2;
  69     int i;
  70
  71     *map = ecalloc(1, sizeof(**map));
  72
  73     p = emalloc(len);
  74     (*map)->type = type;
  75     (*map)->start = p;
  76     (*map)->size = len;
  77     (*map)->data_start = p + sizeof(long);
  78     for (i = sizeof(long); i > 0; i--)
  79         p[sizeof(long) - i] = 0xff - i;
  80     for (i = sizeof(long); i > 0; i--)
  81         p[len - i] = 0xff - i;
  82 #else
  83     unsigned char *p;
  84     int flags, ret, fd;
  85     size_t pagesize = getpagesize();
  86
  87     *map = ecalloc(1, sizeof(**map));
  88
  89     (*map)->type = type;
  90
  91 #ifdef MAP_ANON
  92     flags = MAP_ANON;
  93     fd = -1;
  94 #else
  95     flags = 0;
  96     fd = open ("/dev/zero", O_RDONLY);
  97     if(fd < 0)
  98         err (1, "open /dev/zero");
  99 #endif
 100     flags |= MAP_PRIVATE;
 101
 102     (*map)->size = size + pagesize - (size % pagesize) + pagesize * 2;
 103
 104     p = (unsigned char *)mmap(0, (*map)->size, PROT_READ | PROT_WRITE,
 105                               flags, fd, 0);
 106     if (p == (unsigned char *)MAP_FAILED)
 107         err (1, "mmap");
 108
 109     (*map)->start = p;
 110
 111     ret = mprotect (p, pagesize, 0);
 112     if (ret < 0)
 113         err (1, "mprotect");
 114
 115     ret = mprotect (p + (*map)->size - pagesize, pagesize, 0);
 116     if (ret < 0)
 117         err (1, "mprotect");
 118
 119     switch (type) {
 120     case OVERRUN:
 121         (*map)->data_start = p + (*map)->size - pagesize - size;
 122         break;
 123     case UNDERRUN:
 124         (*map)->data_start = p + pagesize;
 125         break;
 126    default:
 127         abort();
 128     }
 129 #endif
 130     (*map)->data_size = size;
 131     if (buf)
 132         memcpy((*map)->data_start, buf, size);
 133     return (*map)->data_start;
 134 }
 135
 136 void
 137 map_free(struct map_page *map, const char *test_name, const char *map_name)
 138 {
 139 #ifndef HAVE_MMAP
 140     unsigned char *p = map->start;
 141     int i;
 142
 143     for (i = sizeof(long); i > 0; i--)
 144         if (p[sizeof(long) - i] != 0xff - i)
 145             errx(1, "%s: %s underrun %d\n", test_name, map_name, i);
 146     for (i = sizeof(long); i > 0; i--)
 147         if (p[map->size - i] != 0xff - i)
 148             errx(1, "%s: %s overrun %lu\n", test_name, map_name,
 149                  (unsigned long)map->size - i);
 150     free(map->start);
 151 #else
 152     int ret;
 153
 154     ret = munmap (map->start, map->size);
 155     if (ret < 0)
 156         err (1, "munmap");
 157 #endif
 158     free(map);
 159 }
 160
 161 static void
 162 print_bytes (unsigned const char *buf, size_t len)
 163 {
 164     int i;
 165
 166     for (i = 0; i < len; ++i)
 167         printf ("%02x ", buf[i]);
 168 }
 169
 170 #ifndef MAP_FAILED
 171 #define MAP_FAILED (-1)
 172 #endif
 173
 174 static char *current_test = "<uninit>";
 175 static char *current_state = "<uninit>";
 176
 177 static RETSIGTYPE
 178 segv_handler(int sig)
 179 {
 180     int fd;
 181     ssize_t ret;
 182     char msg[] = "SIGSEGV i current test: ";
 183
 184     fd = open("/dev/stdout", O_WRONLY, 0600);
 185     if (fd >= 0) {
 186         ret = write(fd, msg, sizeof(msg));
 187         if (ret != -1)
 188             ret = write(fd, current_test, strlen(current_test));
 189         if (ret != -1)
 190             ret = write(fd, " ", 1);
 191         if (ret != -1)
 192             ret = write(fd, current_state, strlen(current_state));
 193         if (ret != -1)
 194             ret = write(fd, "\n", 1);
 195         close(fd);
 196     }
 197     _exit(1);
 198 }
 199
 200 int
 201 generic_test (const struct test_case *tests,
 202               unsigned ntests,
 203               size_t data_size,
 204               int (ASN1CALL *encode)(unsigned char *, size_t, void *, size_t *),
 205               int (ASN1CALL *length)(void *),
 206               int (ASN1CALL *decode)(unsigned char *, size_t, void *, size_t *),
 207               int (ASN1CALL *free_data)(void *),
 208               int (*cmp)(void *a, void *b),
 209               int (ASN1CALL *copy)(const void *from, void *to))
 210 {
 211     unsigned char *buf, *buf2;
 212     int i;
 213     int failures = 0;
 214     void *data;
 215     struct map_page *data_map, *buf_map, *buf2_map;
 216
 217 #ifdef HAVE_SIGACTION
 218     struct sigaction sa, osa;
 219 #endif
 220
 221     for (i = 0; i < ntests; ++i) {
 222         int ret;
 223         size_t sz, consumed_sz, length_sz, buf_sz;
 224         void *to = NULL;
 225
 226         current_test = tests[i].name;
 227
 228         current_state = "init";
 229
 230 #ifdef HAVE_SIGACTION
 231         sigemptyset (&sa.sa_mask);
 232         sa.sa_flags = 0;
 233 #ifdef SA_RESETHAND
 234         sa.sa_flags |= SA_RESETHAND;
 235 #endif
 236         sa.sa_handler = segv_handler;
 237         sigaction (SIGSEGV, &sa, &osa);
 238 #endif
 239
 240         data = map_alloc(OVERRUN, NULL, data_size, &data_map);
 241
 242         buf_sz = tests[i].byte_len;
 243         buf = map_alloc(UNDERRUN, NULL, buf_sz, &buf_map);
 244
 245         current_state = "encode";
 246         ret = (*encode) (buf + buf_sz - 1, buf_sz,
 247                          tests[i].val, &sz);
 248         if (ret != 0) {
 249             printf ("encoding of %s failed %d\n", tests[i].name, ret);
 250             ++failures;
 251             continue;
 252         }
 253         if (sz != tests[i].byte_len) {
 254             printf ("encoding of %s has wrong len (%lu != %lu)\n",
 255                     tests[i].name,
 256                     (unsigned long)sz, (unsigned long)tests[i].byte_len);
 257             ++failures;
 258             continue;
 259         }
 260
 261         current_state = "length";
 262         length_sz = (*length) (tests[i].val);
 263         if (sz != length_sz) {
 264             printf ("length for %s is bad (%lu != %lu)\n",
 265                     tests[i].name, (unsigned long)length_sz, (unsigned long)sz);
 266             ++failures;
 267             continue;
 268         }
 269
 270         current_state = "memcmp";
 271         if (memcmp (buf, tests[i].bytes, tests[i].byte_len) != 0) {
 272             printf ("encoding of %s has bad bytes:\n"
 273                     "correct: ", tests[i].name);
 274             print_bytes ((unsigned char *)tests[i].bytes, tests[i].byte_len);
 275             printf ("\nactual:  ");
 276             print_bytes (buf, sz);
 277             printf ("\n");
 278 #if 0
 279             rk_dumpdata("correct", tests[i].bytes, tests[i].byte_len);
 280             rk_dumpdata("actual", buf, sz);
 281             exit (1);
 282 #endif
 283             ++failures;
 284             continue;
 285         }
 286
 287         buf2 = map_alloc(OVERRUN, buf, sz, &buf2_map);
 288
 289         current_state = "decode";
 290         ret = (*decode) (buf2, sz, data, &consumed_sz);
 291         if (ret != 0) {
 292             printf ("decoding of %s failed %d\n", tests[i].name, ret);
 293             ++failures;
 294             continue;
 295         }
 296         if (sz != consumed_sz) {
 297             printf ("different length decoding %s (%ld != %ld)\n",
 298                     tests[i].name,
 299                     (unsigned long)sz, (unsigned long)consumed_sz);
 300             ++failures;
 301             continue;
 302         }
 303         current_state = "cmp";
 304         if ((*cmp)(data, tests[i].val) != 0) {
 305             printf ("%s: comparison failed\n", tests[i].name);
 306             ++failures;
 307             continue;
 308         }
 309
 310         current_state = "copy";
 311         if (copy) {
 312             to = emalloc(data_size);
 313             ret = (*copy)(data, to);
 314             if (ret != 0) {
 315                 printf ("copy of %s failed %d\n", tests[i].name, ret);
 316                 ++failures;
 317                 continue;
 318             }
 319
 320             current_state = "cmp-copy";
 321             if ((*cmp)(data, to) != 0) {
 322                 printf ("%s: copy comparison failed\n", tests[i].name);
 323                 ++failures;
 324                 continue;
 325             }
 326         }
 327
 328         current_state = "free";
 329         if (free_data) {
 330             (*free_data)(data);
 331             if (to) {
 332                 (*free_data)(to);
 333                 free(to);
 334             }
 335         }
 336
 337         current_state = "free";
 338         map_free(buf_map, tests[i].name, "encode");
 339         map_free(buf2_map, tests[i].name, "decode");
 340         map_free(data_map, tests[i].name, "data");
 341
 342 #ifdef HAVE_SIGACTION
 343         sigaction (SIGSEGV, &osa, NULL);
 344 #endif
 345     }
 346     current_state = "done";
 347     return failures;
 348 }
 349
 350 /*
 351  * check for failures
 352  *
 353  * a test size (byte_len) of -1 means that the test tries to trigger a
 354  * integer overflow (and later a malloc of to little memory), just
 355  * allocate some memory and hope that is enough for that test.
 356  */
 357
 358 int
 359 generic_decode_fail (const struct test_case *tests,
 360                      unsigned ntests,
 361                      size_t data_size,
 362                      int (ASN1CALL *decode)(unsigned char *, size_t, void *, size_t *))
 363 {
 364     unsigned char *buf;
 365     int i;
 366     int failures = 0;
 367     void *data;
 368     struct map_page *data_map, *buf_map;
 369
 370 #ifdef HAVE_SIGACTION
 371     struct sigaction sa, osa;
 372 #endif
 373
 374     for (i = 0; i < ntests; ++i) {
 375         int ret;
 376         size_t sz;
 377         const void *bytes;
 378
 379         current_test = tests[i].name;
 380
 381         current_state = "init";
 382
 383 #ifdef HAVE_SIGACTION
 384         sigemptyset (&sa.sa_mask);
 385         sa.sa_flags = 0;
 386 #ifdef SA_RESETHAND
 387         sa.sa_flags |= SA_RESETHAND;
 388 #endif
 389         sa.sa_handler = segv_handler;
 390         sigaction (SIGSEGV, &sa, &osa);
 391 #endif
 392
 393         data = map_alloc(OVERRUN, NULL, data_size, &data_map);
 394
 395         if (tests[i].byte_len < 0xffffff && tests[i].byte_len >= 0) {
 396             sz = tests[i].byte_len;
 397             bytes = tests[i].bytes;
 398         } else {
 399             sz = 4096;
 400             bytes = NULL;
 401         }
 402
 403         buf = map_alloc(OVERRUN, bytes, sz, &buf_map);
 404
 405         if (tests[i].byte_len == -1)
 406             memset(buf, 0, sz);
 407
 408         current_state = "decode";
 409         ret = (*decode) (buf, tests[i].byte_len, data, &sz);
 410         if (ret == 0) {
 411             printf ("sucessfully decoded %s\n", tests[i].name);
 412             ++failures;
 413             continue;
 414         }
 415
 416         current_state = "free";
 417         if (buf)
 418             map_free(buf_map, tests[i].name, "encode");
 419         map_free(data_map, tests[i].name, "data");
 420
 421 #ifdef HAVE_SIGACTION
 422         sigaction (SIGSEGV, &osa, NULL);
 423 #endif
 424     }
 425     current_state = "done";
 426     return failures;
 427 }