Add unit test for integer overflow in mbedtls_mps_reader_reclaim()

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit is contained in:
Hanno Becker 2021-03-08 16:57:08 +00:00
parent d4d33a1b6b
commit 1b1e7eb611
2 changed files with 35 additions and 0 deletions

View file

@ -120,3 +120,6 @@ mbedtls_reader_inconsistent_usage:8
MPS Reader: Feed with invalid buffer (NULL)
mbedtls_mps_reader_feed_empty:
MPS Reader: Excess request leading to integer overflow
mbedtls_mps_reader_reclaim_overflow:

View file

@ -289,6 +289,38 @@ void mbedtls_mps_reader_pausing_needed_buffer_too_small()
}
/* END_CASE */
/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */
void mbedtls_mps_reader_reclaim_overflow()
{
/* This test exercises the behaviour of the MPS reader with accumulator
* in the situation where upon calling mbedtls_mps_reader_reclaim(), the
* uncommitted data together with the excess data missing in the last
* call to medtls_mps_reader_get() exceeds the bounds of the the type
* holding the buffer length.
*/
unsigned char buf[100];
unsigned char acc[50];
unsigned char *tmp;
mbedtls_mps_reader rd;
/* Preparation (lower layer) */
mbedtls_mps_reader_init( &rd, acc, sizeof( acc ) );
TEST_ASSERT( mbedtls_mps_reader_feed( &rd, buf, sizeof( buf ) ) == 0 );
/* Consumption (upper layer) */
TEST_ASSERT( mbedtls_mps_reader_get( &rd, 50, &tmp, NULL ) == 0 );
ASSERT_COMPARE( tmp, 50, buf, 50 );
/* Excess request */
TEST_ASSERT( mbedtls_mps_reader_get( &rd, (mbedtls_mps_size_t) -1, &tmp, NULL ) ==
MBEDTLS_ERR_MPS_READER_OUT_OF_DATA );
/* Wrapup (lower layer) */
TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) ==
MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL );
mbedtls_mps_reader_free( &rd );
}
/* END_CASE */
/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */
void mbedtls_mps_reader_pausing( int option )
{