diff --git a/tests/suites/test_suite_mps.data b/tests/suites/test_suite_mps.data index f25d70332..442f32188 100644 --- a/tests/suites/test_suite_mps.data +++ b/tests/suites/test_suite_mps.data @@ -120,3 +120,6 @@ mbedtls_reader_inconsistent_usage:8 MPS Reader: Feed with invalid buffer (NULL) mbedtls_mps_reader_feed_empty: + +MPS Reader: Excess request leading to integer overflow +mbedtls_mps_reader_reclaim_overflow: diff --git a/tests/suites/test_suite_mps.function b/tests/suites/test_suite_mps.function index d4cb69b78..870e201e9 100644 --- a/tests/suites/test_suite_mps.function +++ b/tests/suites/test_suite_mps.function @@ -289,6 +289,38 @@ void mbedtls_mps_reader_pausing_needed_buffer_too_small() } /* END_CASE */ +/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ +void mbedtls_mps_reader_reclaim_overflow() +{ + /* This test exercises the behaviour of the MPS reader with accumulator + * in the situation where upon calling mbedtls_mps_reader_reclaim(), the + * uncommitted data together with the excess data missing in the last + * call to medtls_mps_reader_get() exceeds the bounds of the the type + * holding the buffer length. + */ + + unsigned char buf[100]; + unsigned char acc[50]; + unsigned char *tmp; + mbedtls_mps_reader rd; + + /* Preparation (lower layer) */ + mbedtls_mps_reader_init( &rd, acc, sizeof( acc ) ); + TEST_ASSERT( mbedtls_mps_reader_feed( &rd, buf, sizeof( buf ) ) == 0 ); + /* Consumption (upper layer) */ + TEST_ASSERT( mbedtls_mps_reader_get( &rd, 50, &tmp, NULL ) == 0 ); + ASSERT_COMPARE( tmp, 50, buf, 50 ); + /* Excess request */ + TEST_ASSERT( mbedtls_mps_reader_get( &rd, (mbedtls_mps_size_t) -1, &tmp, NULL ) == + MBEDTLS_ERR_MPS_READER_OUT_OF_DATA ); + /* Wrapup (lower layer) */ + TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) == + MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL ); + + mbedtls_mps_reader_free( &rd ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */ void mbedtls_mps_reader_pausing( int option ) {