diff options
| -rw-r--r-- | .gitignore | 4 | ||||
| -rw-r--r-- | LICENSING | 3 | ||||
| -rw-r--r-- | Makefile.am | 4 | ||||
| -rw-r--r-- | test-crypt-badsalt.c | 133 |
4 files changed, 142 insertions, 2 deletions
@@ -54,6 +54,7 @@ /test-alg-sha512 /test-bigcrypt /test-byteorder +/test-crypt-badsalt /test-crypt-bcrypt /test-crypt-des /test-crypt-md5 @@ -70,3 +71,6 @@ # archives *.tar* + +# Valgrind +vgcore.* @@ -15,7 +15,8 @@ source tree. For specific licensing terms consult the files themselves. crypt-base.h, crypt-obsolete.h, crypt-private.h alg-md5.h, alg-md5.c, crypt-md5.c, alg-sha256.h, alg-sha256.c, crypt-sha256.c, - alg-sha512.h, alg-sha512.c, crypt-sha256.c + alg-sha512.h, alg-sha512.c, crypt-sha256.c, + test-crypt-badsalt * Copyright David Burren et al.; 3-clause BSD: alg-des.h, alg-des.c, crypt-des.c, crypt-des-obsolete.c, gen-des-tables.c diff --git a/Makefile.am b/Makefile.am index 8eb44f3..246bc9b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -142,7 +142,8 @@ alg-des-tables.c: gen-des-tables check_PROGRAMS += \ test-alg-des test-alg-md4 test-alg-md5 \ - test-crypt-des test-crypt-md5 test-crypt-nthash + test-crypt-badsalt test-crypt-des test-crypt-md5 \ + test-crypt-nthash endif if ENABLE_OBSOLETE_API @@ -174,6 +175,7 @@ LOG_COMPILER = m4/skip-if-exec-format-error endif EXTRA_DIST += m4/skip-if-exec-format-error +test_crypt_badsalt_LDADD = libcrypt.la test_crypt_bcrypt_LDADD = libcrypt.la test_crypt_des_LDADD = libcrypt.la test_crypt_md5_LDADD = libcrypt.la diff --git a/test-crypt-badsalt.c b/test-crypt-badsalt.c new file mode 100644 index 0000000..336ac3d --- /dev/null +++ b/test-crypt-badsalt.c @@ -0,0 +1,133 @@ +/* Test program for bad DES salt detection in crypt. + Copyright (C) 2012-2017 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +#include <stdio.h> +#include <string.h> +#include <unistd.h> +#include <sys/mman.h> +#include <crypt.h> + +static const char *tests[][3] = + { + { "no salt", "", "..ogcgXxFhnjI" /* valid setting */ }, + { "single char", "/", "*0" /* invalid setting */ }, + { "first char bad", "!x", "*0" /* invalid setting */ }, + { "second char bad", "Z%", "*0" /* invalid setting */ }, + { "both chars bad", ":@", "*0" /* invalid setting */ }, + { "un$upported algorithm", "$2$", "*0" /* invalid setting */ }, + { "un$upported $etting", "$2a$", "*0" /* invalid setting */ }, + { "un$upported $etting", "$2b$", "*0" /* invalid setting */ }, + { "un$upported $etting", "$2x$", "*0" /* invalid setting */ }, + { "bad salt for BSDi", "_1", "*0" /* invalid setting */ }, + { "end of page", NULL, "*0" /* invalid setting */ } + }; + +int +main (void) +{ + int cdsize = sizeof (struct crypt_data); + int result = 0; + struct crypt_data cd; + struct crypt_data *cdptr = &cd; + size_t n = sizeof (tests) / sizeof (*tests); + size_t pagesize = (size_t) sysconf (_SC_PAGESIZE); + char *page, *retval; + const char *saltstr, *special = "%"; + + /* Check that crypt won't look at the second character if the first + one is invalid. */ + page = mmap (NULL, pagesize * 2, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANON, -1, 0); + if (page == MAP_FAILED) + { + perror ("mmap"); + n--; + } + else + { + if (mmap (page + pagesize, pagesize, 0, + MAP_PRIVATE | MAP_ANON | MAP_FIXED, + -1, 0) != page + pagesize) + perror ("mmap 2"); + page[pagesize - 1] = special[0]; + tests[n - 1][1] = &page[pagesize - 1]; + } + + for (size_t i = 0; i < n; i++) + { + retval = crypt (tests[i][0], tests[i][1]); + if (strcmp (tests[i][2], retval)) + { + result++; + if (memcmp (&page[pagesize - 1], tests[i][1], 1) != 0) + saltstr = tests[i][1]; + else + saltstr = special; + printf ("%s: crypt returned wrong magic value with salt \"%s\".\n", + tests[i][0], saltstr); + printf (" expected: \"%s\"\n got: \"%s\"\n\n", + tests[i][2], retval); + } + + retval = crypt_r (tests[i][0], tests[i][1], &cd); + if (strcmp (tests[i][2], retval)) + { + result++; + if (memcmp (&page[pagesize - 1], tests[i][1], 1) != 0) + saltstr = tests[i][1]; + else + saltstr = special; + printf ("%s: crypt_r returned wrong magic value with salt \"%s\".\n", + tests[i][0], saltstr); + printf (" expected: \"%s\"\n got: \"%s\"\n\n", + tests[i][2], retval); + } + + crypt_rn (tests[i][0], tests[i][1], cdptr, cdsize); + retval = cd.output; + if (strcmp (tests[i][2], retval)) + { + result++; + if (memcmp (&page[pagesize - 1], tests[i][1], 1) != 0) + saltstr = tests[i][1]; + else + saltstr = special; + printf ("%s: crypt_rn returned wrong magic value with salt \"%s\".\n", + tests[i][0], saltstr); + printf (" expected: \"%s\"\n got: \"%s\"\n\n", + tests[i][2], retval); + } + + crypt_ra (tests[i][0], tests[i][1], (void **)&cdptr, &cdsize); + retval = cd.output; + if (strcmp (tests[i][2], retval)) + { + result++; + if (memcmp (&page[pagesize - 1], tests[i][1], 1) != 0) + saltstr = tests[i][1]; + else + saltstr = special; + printf ("%s: crypt_ra returned wrong magic value with salt \"%s\".\n", + tests[i][0], saltstr); + printf (" expected: \"%s\"\n got: \"%s\"\n\n", + tests[i][2], retval); + } + } + + return result; +} |