mbedtls/tests/suites
Manuel Pégourié-Gonnard 5709811dd2 Add test for session_load() from small buffers
This uncovered a bug that led to a double-free (in practice, in general could
be free() on any invalid value): initially the session structure is loaded
with `memcpy()` which copies the previous values of pointers peer_cert and
ticket to heap-allocated buffers (or any other value if the input is
attacker-controlled). Now if we exit before we got a chance to replace those
invalid values with valid ones (for example because the input buffer is too
small, or because the second malloc() failed), then the next call to
session_free() is going to call free() on invalid pointers.

This bug is fixed in this commit by always setting the pointers to NULL right
after they've been read from the serialised state, so that the invalid values
can never be used.

(An alternative would be to NULL-ify them when writing, which was rejected
mostly because we need to do it when reading anyway (as the consequences of
free(invalid) are too severe to take any risk), so doing it when writing as
well is redundant and a waste of code size.)

Also, while thinking about what happens in case of errors, it became apparent
to me that it was bad practice to leave the session structure in an
half-initialised state and rely on the caller to call session_free(), so this
commit also ensures we always clear the structure when loading failed.
2019-06-03 09:51:08 +02:00
..
helpers.function Merge remote-tracking branch 'public/pr/2232' into mbedtls-2.16 2019-01-08 15:33:37 +00:00
host_test.function Change the use of setjmp/longjmp in parameter failure callback 2018-12-11 12:28:56 +01:00
main_test.function Change the use of setjmp/longjmp in parameter failure callback 2018-12-11 12:28:56 +01:00
target_test.function Style fixes 2018-08-06 11:42:56 +01:00
test_suite_aes.cbc.data
test_suite_aes.cfb.data
test_suite_aes.ecb.data
test_suite_aes.function Fix unused param warnings in test function 2018-12-18 13:05:49 +01:00
test_suite_aes.ofb.data Add test cases for AES OFB block mode 2018-06-11 14:03:22 +01:00
test_suite_aes.rest.data Add param validation for mbedtls_aes_crypt_cbc() 2018-12-18 12:22:40 +01:00
test_suite_aes.xts.data tests: Remove NIST AES-XTS test vectors 2018-06-13 12:13:58 +01:00
test_suite_arc4.data
test_suite_arc4.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_aria.data Move testing of mbedtls_aria_free() to separate test 2018-12-19 12:51:00 +00:00
test_suite_aria.function Avoid unused variable warning in ARIA param validation test 2018-12-19 12:51:00 +00:00
test_suite_asn1write.data
test_suite_asn1write.function Add dependency of mbedtls_asn1_write_len() test on ASN.1 parsing 2018-10-16 13:48:23 +01:00
test_suite_base64.data
test_suite_base64.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_blowfish.data Move testing of mbedtls_blowfish_free() to separate test case 2018-12-19 12:52:59 +00:00
test_suite_blowfish.function Move testing of mbedtls_blowfish_free() to separate test case 2018-12-19 12:52:59 +00:00
test_suite_camellia.data Move test of mbedtls_camellia_free() to separate test 2018-12-19 12:47:55 +00:00
test_suite_camellia.function Move test of mbedtls_camellia_free() to separate test 2018-12-19 12:47:55 +00:00
test_suite_ccm.data Merge remote-tracking branch 'public/pr/2228' into mbedtls-2.16 2019-01-08 15:29:18 +00:00
test_suite_ccm.function Add tests for valid NULL in ccm_free() 2018-12-19 19:02:39 +01:00
test_suite_chacha20.data chacha20: add test for parameter validation 2018-05-24 13:37:31 +02:00
test_suite_chacha20.function Test that xxx_free() functions accept NULL parameter 2018-12-18 15:30:30 +00:00
test_suite_chachapoly.data chachapoly: add test for state flow 2018-05-24 13:37:31 +02:00
test_suite_chachapoly.function Test that xxx_free() functions accept NULL parameter 2018-12-18 15:30:30 +00:00
test_suite_cipher.aes.data Fix after PR comments 2018-07-23 18:18:32 +01:00
test_suite_cipher.arc4.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-27 19:25:35 -07:00
test_suite_cipher.blowfish.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-27 19:25:35 -07:00
test_suite_cipher.camellia.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-27 19:25:35 -07:00
test_suite_cipher.ccm.data Fix test functions and data after moving hexify/unhexify out 2018-08-06 11:40:57 +01:00
test_suite_cipher.chacha20.data cipher: add stream test vectors for chacha20(poly1305) 2018-05-24 13:37:31 +02:00
test_suite_cipher.chachapoly.data Fix test functions and data after moving hexify/unhexify out 2018-08-06 11:40:57 +01:00
test_suite_cipher.des.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-27 19:25:35 -07:00
test_suite_cipher.function Fix errors in AEAD test function 2019-03-14 11:06:02 +02:00
test_suite_cipher.gcm.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-27 19:25:35 -07:00
test_suite_cipher.misc.data Split the unconditional and conditional parameter validation tests 2018-12-19 18:06:35 +01:00
test_suite_cipher.null.data Add tests for "return plaintext data faster on unpadded decryption" 2018-03-27 19:25:35 -07:00
test_suite_cipher.padding.data Include static cipher functions in the parameter validation scheme 2018-12-19 17:34:13 +01:00
test_suite_cmac.data Extend test coverage of CMAC 2016-10-13 13:53:13 +01:00
test_suite_cmac.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_ctr_drbg.data Refactor test code for CTR DRBG to clarify test functions 2018-08-29 23:38:57 +03:00
test_suite_ctr_drbg.function CTR_DRBG: deprecate mbedtls_ctr_drbg_update because it ignores errors 2018-11-26 19:26:00 +01:00
test_suite_debug.data Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug 2017-09-04 14:17:10 +02:00
test_suite_debug.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_des.data
test_suite_des.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_dhm.data Test parameter validation for DHM module 2018-12-18 16:59:09 +00:00
test_suite_dhm.function Minor improvements to DHM module 2018-12-18 16:59:09 +00:00
test_suite_ecdh.data Add test case for ecdh_get_params with mismatching group 2019-02-22 10:24:31 +01:00
test_suite_ecdh.function Add test case for ecdh_get_params with mismatching group 2019-02-22 10:24:31 +01:00
test_suite_ecdsa.data Test parameter validation in ECDSA module 2018-12-18 14:31:50 +00:00
test_suite_ecdsa.function Remove parameter validation for deprecated function in ECDSA module 2018-12-20 09:53:24 +00:00
test_suite_ecjpake.data Test parameter validation for ECJPAKE module 2018-12-18 14:31:18 +00:00
test_suite_ecjpake.function Test parameter validation for ECJPAKE module 2018-12-18 14:31:18 +00:00
test_suite_ecp.data Add separate test for xxx_free() functions in ECP module 2018-12-18 13:00:48 +00:00
test_suite_ecp.function Move a restartable ecp context to a conditional compilation block 2019-02-11 07:28:04 -05:00
test_suite_entropy.data Move flag indicating presence of strong entropy to test code 2017-07-24 15:31:30 +01:00
test_suite_entropy.function Fix typo in test_suite_entropy.function 2018-08-15 13:55:37 +01:00
test_suite_error.data
test_suite_error.function Intermediate hexify out change 2018-08-06 11:40:57 +01:00
test_suite_gcm.aes128_de.data Fix test functions and data after moving hexify/unhexify out 2018-08-06 11:40:57 +01:00
test_suite_gcm.aes128_en.data fix for issue 1118: check if iv is zero in gcm. 2017-07-27 21:44:33 +01:00
test_suite_gcm.aes192_de.data Fix test functions and data after moving hexify/unhexify out 2018-08-06 11:40:57 +01:00
test_suite_gcm.aes192_en.data fix for issue 1118: check if iv is zero in gcm. 2017-07-27 21:44:33 +01:00
test_suite_gcm.aes256_de.data Fix test functions and data after moving hexify/unhexify out 2018-08-06 11:40:57 +01:00
test_suite_gcm.aes256_en.data fix for issue 1118: check if iv is zero in gcm. 2017-07-27 21:44:33 +01:00
test_suite_gcm.camellia.data Fix test functions and data after moving hexify/unhexify out 2018-08-06 11:40:57 +01:00
test_suite_gcm.function Add tests for valid NULL in gcm_free() 2018-12-19 17:30:38 +01:00
test_suite_gcm.misc.data Add tests for valid NULL in gcm_free() 2018-12-19 17:30:38 +01:00
test_suite_hkdf.data hkdf: Add negative tests 2018-06-11 13:10:14 +01:00
test_suite_hkdf.function Increase okm_hex buffer to contain null character 2019-01-28 15:20:10 +02:00
test_suite_hmac_drbg.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_hmac_drbg.misc.data
test_suite_hmac_drbg.no_reseed.data
test_suite_hmac_drbg.nopr.data
test_suite_hmac_drbg.pr.data
test_suite_md.data Allow comments in test data files 2017-10-06 11:58:50 +01:00
test_suite_md.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_mdx.data Allow comments in test data files 2017-10-06 11:58:50 +01:00
test_suite_mdx.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_memory_buffer_alloc.data Test corner case uses of memory_buffer_alloc.c 2018-01-23 19:37:44 +00:00
test_suite_memory_buffer_alloc.function Intermediate hexify out change 2018-08-06 11:40:57 +01:00
test_suite_mpi.data Add non-regression test for buffer overflow 2019-03-06 13:51:25 +00:00
test_suite_mpi.function Add non-regression test for buffer overflow 2019-03-06 13:51:25 +00:00
test_suite_nist_kw.data Enhance nist_kw with some NULL buffers tests 2018-08-13 14:46:45 +03:00
test_suite_nist_kw.function Fix indentation 2018-08-21 16:11:13 +03:00
test_suite_pem.data Add negative testing for mbedtls_pem_read_buffer() 2017-05-30 16:54:23 +01:00
test_suite_pem.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_pk.data Properly test pk_write with an empty output buffer 2018-12-19 17:08:51 +01:00
test_suite_pk.function Avoid unused-variable warnings for str as well 2018-12-20 12:29:48 +01:00
test_suite_pkcs1_v15.data Add tests for PKCS#1 v1.5 decoding 2018-10-08 11:13:21 +02:00
test_suite_pkcs1_v15.function Add tests for PKCS#1 v1.5 decoding 2018-10-08 11:13:21 +02:00
test_suite_pkcs1_v21.data rsa: pss: Add no possible salt size tests 2018-09-27 18:23:08 +01:00
test_suite_pkcs1_v21.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_pkcs5.data tests/pkcs5/pbkdf2_hmac: add unit tests for additional SHA algorithms 2018-02-08 17:18:19 +08:00
test_suite_pkcs5.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_pkparse.data Change test dependencies to RC4 from DES 2018-07-27 17:15:39 +01:00
test_suite_pkparse.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
test_suite_pkwrite.data
test_suite_pkwrite.function Add dependency of pkwrite test suite on pkparse module 2018-10-16 13:46:25 +01:00
test_suite_poly1305.data poly1305: add test for parameter validation 2018-05-24 13:37:31 +02:00
test_suite_poly1305.function Test that xxx_free() functions accept NULL parameter 2018-12-18 15:30:30 +00:00
test_suite_rsa.data Add conditional dependency to tests 2019-01-02 11:05:32 +02:00
test_suite_rsa.function Add missing cases to RSA parameter validation test 2018-12-18 14:05:20 +00:00
test_suite_shax.data Merge remote-tracking branch 'public/pr/2271' into development 2018-12-20 12:15:08 +00:00
test_suite_shax.function Merge remote-tracking branch 'public/pr/2271' into development 2018-12-20 12:15:08 +00:00
test_suite_ssl.data Add test for session_load() from small buffers 2019-06-03 09:51:08 +02:00
test_suite_ssl.function Add test for session_load() from small buffers 2019-06-03 09:51:08 +02:00
test_suite_timing.data Reduce the timing tests complexity 2019-01-29 13:02:19 +01:00
test_suite_timing.function Correct code formatting in the timing test suites 2019-02-05 10:05:01 +01:00
test_suite_version.data Update library version to 2.16.1 2019-03-19 16:20:02 +00:00
test_suite_version.function Intermediate hexify out change 2018-08-06 11:40:57 +01:00
test_suite_x509parse.data Merge remote-tracking branch 'origin/pr/2040' into mbedtls-2.16 2019-01-30 16:17:22 +00:00
test_suite_x509parse.function Merge branch 'development-restricted' into iotssl-1260-non-blocking-ecc-restricted 2018-09-11 12:39:14 +02:00
test_suite_x509write.data Add tests for (named) bitstring to suite_asn1write 2019-02-11 21:23:49 +00:00
test_suite_x509write.function Add tests for (named) bitstring to suite_asn1write 2019-02-11 21:23:49 +00:00
test_suite_xtea.data
test_suite_xtea.function Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00