diff options
| author | Sumit Bose <sbose@redhat.com> | 2010-12-06 21:18:50 +0100 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-01-11 12:21:09 -0500 |
| commit | 82e5f65e0447afe750719969cd8d74befe1ea00b (patch) | |
| tree | d354bc1fd04a99e8e63fbd86ff6540012b132baa /src/tests/util-tests.c | |
| parent | bbb33eef19b6ad5da9ec2bba534494edb750e2bc (diff) | |
| download | sssd2-82e5f65e0447afe750719969cd8d74befe1ea00b.tar.gz sssd2-82e5f65e0447afe750719969cd8d74befe1ea00b.tar.xz sssd2-82e5f65e0447afe750719969cd8d74befe1ea00b.zip | |
Validate user supplied size of data items
Specially crafted packages might lead to an integer overflow and the
parsing of the input buffer might not continue as expected. This issue
was identified by Sebastian Krahmer <krahmer@suse.de>.
Diffstat (limited to 'src/tests/util-tests.c')
| -rw-r--r-- | src/tests/util-tests.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/tests/util-tests.c b/src/tests/util-tests.c index d8d3800f..d05e6837 100644 --- a/src/tests/util-tests.c +++ b/src/tests/util-tests.c @@ -175,6 +175,20 @@ START_TEST(test_diff_string_lists) } END_TEST +START_TEST(test_size_t_overflow) +{ + fail_unless(!SIZE_T_OVERFLOW(1, 1), "unexpected overflow"); + fail_unless(!SIZE_T_OVERFLOW(SIZE_T_MAX, 0), "unexpected overflow"); + fail_unless(!SIZE_T_OVERFLOW(SIZE_T_MAX-10, 10), "unexpected overflow"); + fail_unless(SIZE_T_OVERFLOW(SIZE_T_MAX, 1), "overflow not detected"); + fail_unless(SIZE_T_OVERFLOW(SIZE_T_MAX, SIZE_T_MAX), + "overflow not detected"); + fail_unless(SIZE_T_OVERFLOW(SIZE_T_MAX, ULLONG_MAX), + "overflow not detected"); + fail_unless(SIZE_T_OVERFLOW(SIZE_T_MAX, -10), "overflow not detected"); +} +END_TEST + Suite *util_suite(void) { Suite *s = suite_create("util"); @@ -182,6 +196,7 @@ Suite *util_suite(void) TCase *tc_util = tcase_create("util"); tcase_add_test (tc_util, test_diff_string_lists); + tcase_add_test (tc_util, test_size_t_overflow); tcase_set_timeout(tc_util, 60); suite_add_tcase (s, tc_util); |