diff options
| author | Hans Nilsson <[email protected]> | 2015-11-04 10:40:21 +0100 |
|---|---|---|
| committer | Hans Nilsson <[email protected]> | 2015-11-04 10:40:21 +0100 |
| commit | 4f085471fc4e1886bd7549cf135e7038a87e6a8e (patch) | |
| tree | 749d5796248b5eb08cbb74d1a413ff79ca1843f4 /lib/ssh/test/ssh_protocol_SUITE.erl | |
| parent | 82393fda2f44841663b23c95879212f339a56474 (diff) | |
| parent | a541756c4ab173a63969f1789f82b56d22b00fa2 (diff) | |
| download | otp-4f085471fc4e1886bd7549cf135e7038a87e6a8e.tar.gz otp-4f085471fc4e1886bd7549cf135e7038a87e6a8e.tar.bz2 otp-4f085471fc4e1886bd7549cf135e7038a87e6a8e.zip | |
Merge branch 'hans/ssh/bad_lengths_tests/OTP-12792' into maint
Diffstat (limited to 'lib/ssh/test/ssh_protocol_SUITE.erl')
| -rw-r--r-- | lib/ssh/test/ssh_protocol_SUITE.erl | 68 |
1 files changed, 67 insertions, 1 deletions
diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 03c2ce53cb..b84ccac885 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -47,7 +47,9 @@ suite() -> all() -> [{group,tool_tests}, {group,kex}, - {group,service_requests} + {group,service_requests}, + {group,packet_size_error}, + {group,field_size_error} ]. groups() -> @@ -56,6 +58,12 @@ groups() -> lib_match, lib_no_match ]}, + {packet_size_error, [], [packet_length_too_large, + packet_length_too_short]}, + + {field_size_error, [], [service_name_length_too_large, + service_name_length_too_short]}, + {kex, [], [no_common_alg_server_disconnects, no_common_alg_client_disconnects, gex_client_init_default_noexact, @@ -409,6 +417,64 @@ bad_service_name(Config, Name) -> receive_msg} ], InitialState). +%%%-------------------------------------------------------------------- +packet_length_too_large(Config) -> bad_packet_length(Config, +4). + +packet_length_too_short(Config) -> bad_packet_length(Config, -4). + +bad_packet_length(Config, LengthExcess) -> + PacketFun = + fun(Msg, Ssh) -> + BinMsg = ssh_message:encode(Msg), + ssh_transport:pack(BinMsg, Ssh, LengthExcess) + end, + {ok,InitialState} = connect_and_kex(Config), + {ok,_} = + ssh_trpt_test_lib:exec( + [{set_options, [print_ops, print_seqnums, print_messages]}, + {send, {special, + #ssh_msg_service_request{name="ssh-userauth"}, + PacketFun}}, + %% Prohibit remote decoder starvation: + {send, #ssh_msg_service_request{name="ssh-userauth"}}, + {match, {'or',[#ssh_msg_disconnect{_='_'}, + tcp_closed + ]}, + receive_msg} + ], InitialState). + +%%%-------------------------------------------------------------------- +service_name_length_too_large(Config) -> bad_service_name_length(Config, +4). + +service_name_length_too_short(Config) -> bad_service_name_length(Config, -4). + + +bad_service_name_length(Config, LengthExcess) -> + PacketFun = + fun(#ssh_msg_service_request{name=Service}, Ssh) -> + BinName = list_to_binary(Service), + BinMsg = + <<?BYTE(?SSH_MSG_SERVICE_REQUEST), + %% A bad string encoding of Service: + ?UINT32(size(BinName)+LengthExcess), BinName/binary + >>, + ssh_transport:pack(BinMsg, Ssh) + end, + {ok,InitialState} = connect_and_kex(Config), + {ok,_} = + ssh_trpt_test_lib:exec( + [{set_options, [print_ops, print_seqnums, print_messages]}, + {send, {special, + #ssh_msg_service_request{name="ssh-userauth"}, + PacketFun} }, + %% Prohibit remote decoder starvation: + {send, #ssh_msg_service_request{name="ssh-userauth"}}, + {match, {'or',[#ssh_msg_disconnect{_='_'}, + tcp_closed + ]}, + receive_msg} + ], InitialState). + %%%================================================================ %%%==== Internal functions ======================================== %%%================================================================ |