1*6236dae4SAndroid Build Coastguard Worker /***************************************************************************
2*6236dae4SAndroid Build Coastguard Worker * _ _ ____ _
3*6236dae4SAndroid Build Coastguard Worker * Project ___| | | | _ \| |
4*6236dae4SAndroid Build Coastguard Worker * / __| | | | |_) | |
5*6236dae4SAndroid Build Coastguard Worker * | (__| |_| | _ <| |___
6*6236dae4SAndroid Build Coastguard Worker * \___|\___/|_| \_\_____|
7*6236dae4SAndroid Build Coastguard Worker *
8*6236dae4SAndroid Build Coastguard Worker * Copyright (C) Daniel Stenberg, <[email protected]>, et al.
9*6236dae4SAndroid Build Coastguard Worker *
10*6236dae4SAndroid Build Coastguard Worker * This software is licensed as described in the file COPYING, which
11*6236dae4SAndroid Build Coastguard Worker * you should have received as part of this distribution. The terms
12*6236dae4SAndroid Build Coastguard Worker * are also available at https://curl.se/docs/copyright.html.
13*6236dae4SAndroid Build Coastguard Worker *
14*6236dae4SAndroid Build Coastguard Worker * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15*6236dae4SAndroid Build Coastguard Worker * copies of the Software, and permit persons to whom the Software is
16*6236dae4SAndroid Build Coastguard Worker * furnished to do so, under the terms of the COPYING file.
17*6236dae4SAndroid Build Coastguard Worker *
18*6236dae4SAndroid Build Coastguard Worker * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19*6236dae4SAndroid Build Coastguard Worker * KIND, either express or implied.
20*6236dae4SAndroid Build Coastguard Worker *
21*6236dae4SAndroid Build Coastguard Worker * SPDX-License-Identifier: curl
22*6236dae4SAndroid Build Coastguard Worker *
23*6236dae4SAndroid Build Coastguard Worker ***************************************************************************/
24*6236dae4SAndroid Build Coastguard Worker #include "curlcheck.h"
25*6236dae4SAndroid Build Coastguard Worker
26*6236dae4SAndroid Build Coastguard Worker #include "doh.h" /* from the lib dir */
27*6236dae4SAndroid Build Coastguard Worker
unit_setup(void)28*6236dae4SAndroid Build Coastguard Worker static CURLcode unit_setup(void)
29*6236dae4SAndroid Build Coastguard Worker {
30*6236dae4SAndroid Build Coastguard Worker /* whatever you want done first */
31*6236dae4SAndroid Build Coastguard Worker return CURLE_OK;
32*6236dae4SAndroid Build Coastguard Worker }
33*6236dae4SAndroid Build Coastguard Worker
unit_stop(void)34*6236dae4SAndroid Build Coastguard Worker static void unit_stop(void)
35*6236dae4SAndroid Build Coastguard Worker {
36*6236dae4SAndroid Build Coastguard Worker /* done before shutting down and exiting */
37*6236dae4SAndroid Build Coastguard Worker }
38*6236dae4SAndroid Build Coastguard Worker
39*6236dae4SAndroid Build Coastguard Worker #ifndef CURL_DISABLE_DOH
40*6236dae4SAndroid Build Coastguard Worker
41*6236dae4SAndroid Build Coastguard Worker UNITTEST_START
42*6236dae4SAndroid Build Coastguard Worker
43*6236dae4SAndroid Build Coastguard Worker /*
44*6236dae4SAndroid Build Coastguard Worker * Prove detection of write overflow using a short buffer and a name
45*6236dae4SAndroid Build Coastguard Worker * of maximal valid length.
46*6236dae4SAndroid Build Coastguard Worker *
47*6236dae4SAndroid Build Coastguard Worker * Prove detection of other invalid input.
48*6236dae4SAndroid Build Coastguard Worker */
49*6236dae4SAndroid Build Coastguard Worker do {
50*6236dae4SAndroid Build Coastguard Worker static const char max[] =
51*6236dae4SAndroid Build Coastguard Worker /* ..|....1.........2.........3.........4.........5.........6... */
52*6236dae4SAndroid Build Coastguard Worker /* 3456789012345678901234567890123456789012345678901234567890123 */
53*6236dae4SAndroid Build Coastguard Worker "this.is.a.maximum-length.hostname." /* 34: 34 */
54*6236dae4SAndroid Build Coastguard Worker "with-no-label-of-greater-length-than-the-sixty-three-characters."
55*6236dae4SAndroid Build Coastguard Worker /* 64: 98 */
56*6236dae4SAndroid Build Coastguard Worker "specified.in.the.RFCs." /* 22: 120 */
57*6236dae4SAndroid Build Coastguard Worker "and.with.a.QNAME.encoding.whose.length.is.exactly." /* 50: 170 */
58*6236dae4SAndroid Build Coastguard Worker "the.maximum.length.allowed." /* 27: 197 */
59*6236dae4SAndroid Build Coastguard Worker "that.is.two-hundred.and.fifty-six." /* 34: 231 */
60*6236dae4SAndroid Build Coastguard Worker "including.the.last.null." /* 24: 255 */
61*6236dae4SAndroid Build Coastguard Worker "";
62*6236dae4SAndroid Build Coastguard Worker static const char toolong[] =
63*6236dae4SAndroid Build Coastguard Worker /* ..|....1.........2.........3.........4.........5.........6... */
64*6236dae4SAndroid Build Coastguard Worker /* 3456789012345678901234567890123456789012345678901234567890123 */
65*6236dae4SAndroid Build Coastguard Worker "here.is.a.hostname.which.is.just.barely.too.long." /* 49: 49 */
66*6236dae4SAndroid Build Coastguard Worker "to.be.encoded.as.a.QNAME.of.the.maximum.allowed.length."
67*6236dae4SAndroid Build Coastguard Worker /* 55: 104 */
68*6236dae4SAndroid Build Coastguard Worker "which.is.256.including.a.final.zero-length.label." /* 49: 153 */
69*6236dae4SAndroid Build Coastguard Worker "representing.the.root.node.so.that.a.name.with." /* 47: 200 */
70*6236dae4SAndroid Build Coastguard Worker "a.trailing.dot.may.have.up.to." /* 30: 230 */
71*6236dae4SAndroid Build Coastguard Worker "255.characters.never.more." /* 26: 256 */
72*6236dae4SAndroid Build Coastguard Worker "";
73*6236dae4SAndroid Build Coastguard Worker static const char emptylabel[] =
74*6236dae4SAndroid Build Coastguard Worker "this.is.an.otherwise-valid.hostname."
75*6236dae4SAndroid Build Coastguard Worker ".with.an.empty.label.";
76*6236dae4SAndroid Build Coastguard Worker static const char outsizelabel[] =
77*6236dae4SAndroid Build Coastguard Worker "this.is.an.otherwise-valid.hostname."
78*6236dae4SAndroid Build Coastguard Worker "with-a-label-of-greater-length-than-the-sixty-three-characters-"
79*6236dae4SAndroid Build Coastguard Worker "specified.in.the.RFCs.";
80*6236dae4SAndroid Build Coastguard Worker int i;
81*6236dae4SAndroid Build Coastguard Worker
82*6236dae4SAndroid Build Coastguard Worker struct test {
83*6236dae4SAndroid Build Coastguard Worker const char *name;
84*6236dae4SAndroid Build Coastguard Worker const DOHcode expected_result;
85*6236dae4SAndroid Build Coastguard Worker };
86*6236dae4SAndroid Build Coastguard Worker
87*6236dae4SAndroid Build Coastguard Worker /* plays the role of struct dnsprobe in urldata.h */
88*6236dae4SAndroid Build Coastguard Worker struct demo {
89*6236dae4SAndroid Build Coastguard Worker unsigned char dohbuffer[255 + 16]; /* deliberately short buffer */
90*6236dae4SAndroid Build Coastguard Worker unsigned char canary1;
91*6236dae4SAndroid Build Coastguard Worker unsigned char canary2;
92*6236dae4SAndroid Build Coastguard Worker unsigned char canary3;
93*6236dae4SAndroid Build Coastguard Worker };
94*6236dae4SAndroid Build Coastguard Worker
95*6236dae4SAndroid Build Coastguard Worker const struct test playlist[4] = {
96*6236dae4SAndroid Build Coastguard Worker { toolong, DOH_DNS_NAME_TOO_LONG }, /* expect early failure */
97*6236dae4SAndroid Build Coastguard Worker { emptylabel, DOH_DNS_BAD_LABEL }, /* also */
98*6236dae4SAndroid Build Coastguard Worker { outsizelabel, DOH_DNS_BAD_LABEL }, /* also */
99*6236dae4SAndroid Build Coastguard Worker { max, DOH_OK } /* expect buffer overwrite */
100*6236dae4SAndroid Build Coastguard Worker };
101*6236dae4SAndroid Build Coastguard Worker
102*6236dae4SAndroid Build Coastguard Worker for(i = 0; i < (int)(sizeof(playlist)/sizeof(*playlist)); i++) {
103*6236dae4SAndroid Build Coastguard Worker const char *name = playlist[i].name;
104*6236dae4SAndroid Build Coastguard Worker size_t olen = 100000;
105*6236dae4SAndroid Build Coastguard Worker struct demo victim;
106*6236dae4SAndroid Build Coastguard Worker DOHcode d;
107*6236dae4SAndroid Build Coastguard Worker
108*6236dae4SAndroid Build Coastguard Worker victim.canary1 = 87; /* magic numbers, arbitrarily picked */
109*6236dae4SAndroid Build Coastguard Worker victim.canary2 = 35;
110*6236dae4SAndroid Build Coastguard Worker victim.canary3 = 41;
111*6236dae4SAndroid Build Coastguard Worker d = doh_req_encode(name, DNS_TYPE_A, victim.dohbuffer,
112*6236dae4SAndroid Build Coastguard Worker sizeof(struct demo), /* allow room for overflow */
113*6236dae4SAndroid Build Coastguard Worker &olen);
114*6236dae4SAndroid Build Coastguard Worker
115*6236dae4SAndroid Build Coastguard Worker fail_unless(d == playlist[i].expected_result,
116*6236dae4SAndroid Build Coastguard Worker "result returned was not as expected");
117*6236dae4SAndroid Build Coastguard Worker if(d == playlist[i].expected_result) {
118*6236dae4SAndroid Build Coastguard Worker if(name == max) {
119*6236dae4SAndroid Build Coastguard Worker fail_if(victim.canary1 == 87,
120*6236dae4SAndroid Build Coastguard Worker "demo one-byte buffer overwrite did not happen");
121*6236dae4SAndroid Build Coastguard Worker }
122*6236dae4SAndroid Build Coastguard Worker else {
123*6236dae4SAndroid Build Coastguard Worker fail_unless(victim.canary1 == 87,
124*6236dae4SAndroid Build Coastguard Worker "one-byte buffer overwrite has happened");
125*6236dae4SAndroid Build Coastguard Worker }
126*6236dae4SAndroid Build Coastguard Worker fail_unless(victim.canary2 == 35,
127*6236dae4SAndroid Build Coastguard Worker "two-byte buffer overwrite has happened");
128*6236dae4SAndroid Build Coastguard Worker fail_unless(victim.canary3 == 41,
129*6236dae4SAndroid Build Coastguard Worker "three-byte buffer overwrite has happened");
130*6236dae4SAndroid Build Coastguard Worker }
131*6236dae4SAndroid Build Coastguard Worker else {
132*6236dae4SAndroid Build Coastguard Worker if(d == DOH_OK) {
133*6236dae4SAndroid Build Coastguard Worker fail_unless(olen <= sizeof(victim.dohbuffer), "wrote outside bounds");
134*6236dae4SAndroid Build Coastguard Worker fail_unless(olen > strlen(name), "unrealistic low size");
135*6236dae4SAndroid Build Coastguard Worker }
136*6236dae4SAndroid Build Coastguard Worker }
137*6236dae4SAndroid Build Coastguard Worker }
138*6236dae4SAndroid Build Coastguard Worker } while(0);
139*6236dae4SAndroid Build Coastguard Worker
140*6236dae4SAndroid Build Coastguard Worker /* run normal cases and try to trigger buffer length related errors */
141*6236dae4SAndroid Build Coastguard Worker do {
142*6236dae4SAndroid Build Coastguard Worker DNStype dnstype = DNS_TYPE_A;
143*6236dae4SAndroid Build Coastguard Worker unsigned char buffer[128];
144*6236dae4SAndroid Build Coastguard Worker const size_t buflen = sizeof(buffer);
145*6236dae4SAndroid Build Coastguard Worker const size_t magic1 = 9765;
146*6236dae4SAndroid Build Coastguard Worker size_t olen1 = magic1;
147*6236dae4SAndroid Build Coastguard Worker const char *sunshine1 = "a.com";
148*6236dae4SAndroid Build Coastguard Worker const char *dotshine1 = "a.com.";
149*6236dae4SAndroid Build Coastguard Worker const char *sunshine2 = "aa.com";
150*6236dae4SAndroid Build Coastguard Worker size_t olen2;
151*6236dae4SAndroid Build Coastguard Worker DOHcode ret2;
152*6236dae4SAndroid Build Coastguard Worker size_t olen;
153*6236dae4SAndroid Build Coastguard Worker
154*6236dae4SAndroid Build Coastguard Worker DOHcode ret = doh_req_encode(sunshine1, dnstype, buffer, buflen, &olen1);
155*6236dae4SAndroid Build Coastguard Worker fail_unless(ret == DOH_OK, "sunshine case 1 should pass fine");
156*6236dae4SAndroid Build Coastguard Worker fail_if(olen1 == magic1, "olen has not been assigned properly");
157*6236dae4SAndroid Build Coastguard Worker fail_unless(olen1 > strlen(sunshine1), "bad out length");
158*6236dae4SAndroid Build Coastguard Worker
159*6236dae4SAndroid Build Coastguard Worker /* with a trailing dot, the response should have the same length */
160*6236dae4SAndroid Build Coastguard Worker olen2 = magic1;
161*6236dae4SAndroid Build Coastguard Worker ret2 = doh_req_encode(dotshine1, dnstype, buffer, buflen, &olen2);
162*6236dae4SAndroid Build Coastguard Worker fail_unless(ret2 == DOH_OK, "dotshine case should pass fine");
163*6236dae4SAndroid Build Coastguard Worker fail_if(olen2 == magic1, "olen has not been assigned properly");
164*6236dae4SAndroid Build Coastguard Worker fail_unless(olen1 == olen2, "olen should not grow for a trailing dot");
165*6236dae4SAndroid Build Coastguard Worker
166*6236dae4SAndroid Build Coastguard Worker /* add one letter, the response should be one longer */
167*6236dae4SAndroid Build Coastguard Worker olen2 = magic1;
168*6236dae4SAndroid Build Coastguard Worker ret2 = doh_req_encode(sunshine2, dnstype, buffer, buflen, &olen2);
169*6236dae4SAndroid Build Coastguard Worker fail_unless(ret2 == DOH_OK, "sunshine case 2 should pass fine");
170*6236dae4SAndroid Build Coastguard Worker fail_if(olen2 == magic1, "olen has not been assigned properly");
171*6236dae4SAndroid Build Coastguard Worker fail_unless(olen1 + 1 == olen2, "olen should grow with the hostname");
172*6236dae4SAndroid Build Coastguard Worker
173*6236dae4SAndroid Build Coastguard Worker /* pass a short buffer, should fail */
174*6236dae4SAndroid Build Coastguard Worker ret = doh_req_encode(sunshine1, dnstype, buffer, olen1 - 1, &olen);
175*6236dae4SAndroid Build Coastguard Worker fail_if(ret == DOH_OK, "short buffer should have been noticed");
176*6236dae4SAndroid Build Coastguard Worker
177*6236dae4SAndroid Build Coastguard Worker /* pass a minimum buffer, should succeed */
178*6236dae4SAndroid Build Coastguard Worker ret = doh_req_encode(sunshine1, dnstype, buffer, olen1, &olen);
179*6236dae4SAndroid Build Coastguard Worker fail_unless(ret == DOH_OK, "minimal length buffer should be long enough");
180*6236dae4SAndroid Build Coastguard Worker fail_unless(olen == olen1, "bad buffer length");
181*6236dae4SAndroid Build Coastguard Worker } while(0);
182*6236dae4SAndroid Build Coastguard Worker UNITTEST_STOP
183*6236dae4SAndroid Build Coastguard Worker
184*6236dae4SAndroid Build Coastguard Worker #else /* CURL_DISABLE_DOH */
185*6236dae4SAndroid Build Coastguard Worker
186*6236dae4SAndroid Build Coastguard Worker UNITTEST_START
187*6236dae4SAndroid Build Coastguard Worker /* nothing to do, just succeed */
188*6236dae4SAndroid Build Coastguard Worker UNITTEST_STOP
189*6236dae4SAndroid Build Coastguard Worker
190*6236dae4SAndroid Build Coastguard Worker #endif
191