Merge branch 'ia/R14B04_ssl_send_user_badarg_patch' into maint-r14

author: Gustav Simonsson <[email protected]> 2012-04-11 11:50:15 +0200
committer: Gustav Simonsson <[email protected]> 2012-04-11 11:50:15 +0200
commit: aff21f5dffc035dd97215ec1a2c281b84412f29f (patch)
tree: 97774bd8ac82bbe6bfe8c5300e83b39db09acfa5 /lib/ssl/test
parent: 8929e4d94620c109d31387e6fadfa83b71121a6a (diff)
parent: b438fd313917b2e16e5717f12472d5345ca1a976 (diff)
download: otp-aff21f5dffc035dd97215ec1a2c281b84412f29f.tar.gz
otp-aff21f5dffc035dd97215ec1a2c281b84412f29f.tar.bz2
otp-aff21f5dffc035dd97215ec1a2c281b84412f29f.zip
3 files changed, 107 insertions, 9 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 8da1d947d3..d3f98d0bff 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -37,6 +37,7 @@
 -define(LONG_TIMEOUT, 600000).
 -define(EXPIRE, 10).
 -define(SLEEP, 500).
+-define(RENEGOTIATION_DISABLE_TIME, 12000).
 
 %% Test server callback functions
 %%--------------------------------------------------------------------
@@ -257,7 +258,8 @@ all() ->
      %%different_ca_peer_sign,
      no_reuses_session_server_restart_new_cert,
      no_reuses_session_server_restart_new_cert_file, reuseaddr,
-     hibernate, connect_twice
+     hibernate, connect_twice, renegotiate_dos_mitigate,
+     tcp_error_propagation_in_active_mode
     ].
 
 groups() -> 
@@ -3655,7 +3657,68 @@ connect_twice(Config) when is_list(Config) ->
     ssl_test_lib:close(Client),
     ssl_test_lib:close(Client1).
 
+%%--------------------------------------------------------------------
+renegotiate_dos_mitigate(doc) -> 
+    ["Mitigate DOS computational attack by not allowing client to renegotiate many times in a row",
+    "immediately after each other"];
+
+renegotiate_dos_mitigate(suite) -> 
+    [];
+
+renegotiate_dos_mitigate(Config) when is_list(Config) -> 
+    ServerOpts = ?config(server_opts, Config),  
+    ClientOpts = ?config(client_opts, Config),  
+
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+    
+    Server = 
+	ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
+				   {from, self()},
+				   {mfa, {?MODULE, send_recv_result_active, []}},
+				   {options, [ServerOpts]}]),
+    Port = ssl_test_lib:inet_port(Server),
+ 
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+					{host, Hostname},
+					{from, self()}, 
+					{mfa, {?MODULE, 
+					       renegotiate_immediately, []}},
+					{options, ClientOpts}]),
+    
+    ssl_test_lib:check_result(Client, ok, Server, ok), 
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client).
+
+tcp_error_propagation_in_active_mode(doc) ->
+    ["Test that process recives {ssl_error, Socket, closed} when tcp error ocurres"];
+tcp_error_propagation_in_active_mode(Config) when is_list(Config) ->
+    ClientOpts = ?config(client_opts, Config),
+    ServerOpts = ?config(server_opts, Config),
+
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+    Server  = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+					  {from, self()},
+					  {mfa, {ssl_test_lib, no_result, []}},
+					  {options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+    {Client, #sslsocket{pid=Pid} = SslSocket} = ssl_test_lib:start_client([return_socket,
+							       {node, ClientNode}, {port, Port},
+							       {host, Hostname},
+							       {from, self()},
+							       {mfa, {?MODULE, receive_msg, []}},
+							       {options, ClientOpts}]),
+
+    {status, _, _, StatusInfo} = sys:get_status(Pid),
+    [_, _,_, _, Prop] = StatusInfo,
+    State = ssl_test_lib:state(Prop),
+    Socket = element(10, State),
+
+    %% Fake tcp error
+    Pid ! {tcp_error, Socket, etimedout},
 
+    ssl_test_lib:check_result(Client, {ssl_closed, SslSocket}).
+    
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
@@ -3698,6 +3761,19 @@ renegotiate_reuse_session(Socket, Data) ->
     test_server:sleep(?SLEEP),
     renegotiate(Socket, Data).
 
+renegotiate_immediately(Socket) ->
+    receive 
+	{ssl, Socket, "Hello world"} ->
+	    ok
+    end,
+    ok = ssl:renegotiate(Socket),  
+    {error, renegotiation_rejected} = ssl:renegotiate(Socket),
+    test_server:sleep(?RENEGOTIATION_DISABLE_TIME +1),
+    ok = ssl:renegotiate(Socket),
+    test_server:format("Renegotiated again"),
+    ssl:send(Socket, "Hello world"),
+    ok.
+    
 new_config(PrivDir, ServerOpts0) ->
     CaCertFile = proplists:get_value(cacertfile, ServerOpts0),
     CertFile = proplists:get_value(certfile, ServerOpts0),
@@ -3876,3 +3952,9 @@ erlang_ssl_receive(Socket, Data) ->
     after ?SLEEP * 3 ->
 	    test_server:fail({did_not_get, Data})
     end.
+
+receive_msg(_) ->
+    receive
+	Msg ->
+	   Msg
+    end.
diff --git a/lib/ssl/test/ssl_session_cache_SUITE.erl b/lib/ssl/test/ssl_session_cache_SUITE.erl
index 5ea45018e6..46cebf439b 100644
--- a/lib/ssl/test/ssl_session_cache_SUITE.erl
+++ b/lib/ssl/test/ssl_session_cache_SUITE.erl
@@ -210,7 +210,7 @@ session_cleanup(Config)when is_list(Config) ->
 
     {status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)),
     [_, _,_, _, Prop] = StatusInfo,
-    State = state(Prop),
+    State = ssl_test_lib:state(Prop),
     Cache = element(2, State),
     SessionTimer = element(6, State),
 
@@ -238,11 +238,6 @@ session_cleanup(Config)when is_list(Config) ->
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
 
-state([{data,[{"State", State}]} | _]) ->
-    State;
-state([_ | Rest]) ->
-    state(Rest).
-
 check_timer(Timer) ->
     case erlang:read_timer(Timer) of
 	false ->
@@ -256,7 +251,7 @@ check_timer(Timer) ->
 get_delay_timer() ->
     {status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)),
     [_, _,_, _, Prop] = StatusInfo,
-    State = state(Prop),
+    State = ssl_test_lib:state(Prop),
     case element(7, State) of
 	undefined ->
 	    test_server:sleep(?SLEEP),
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index b7916b96eb..2d46453285 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -673,3 +673,24 @@ cipher_result(Socket, Result) ->
 
 session_info_result(Socket) ->
     ssl:session_info(Socket).
+
+
+receive_rizzo_duong_beast() ->
+    receive 
+	{ssl, _, "ello\n"} ->
+	    receive 
+		{ssl, _, " "} ->
+		    receive
+			{ssl, _, "world\n"} ->
+			    ok
+		    end
+	    end
+    end.
+
+state([{data,[{"State", State}]} | _]) ->
+    State;
+state([{data,[{"StateData", State}]} | _]) ->
+    State;
+state([_ | Rest]) ->
+    state(Rest).
+
author	Gustav Simonsson <[email protected]>	2012-04-11 11:50:15 +0200
committer	Gustav Simonsson <[email protected]>	2012-04-11 11:50:15 +0200
commit	aff21f5dffc035dd97215ec1a2c281b84412f29f (patch)
tree	97774bd8ac82bbe6bfe8c5300e83b39db09acfa5 /lib/ssl/test
parent	8929e4d94620c109d31387e6fadfa83b71121a6a (diff)
parent	b438fd313917b2e16e5717f12472d5345ca1a976 (diff)
download	otp-aff21f5dffc035dd97215ec1a2c281b84412f29f.tar.gz otp-aff21f5dffc035dd97215ec1a2c281b84412f29f.tar.bz2 otp-aff21f5dffc035dd97215ec1a2c281b84412f29f.zip