diff options
author | Ingela Anderton Andin <ingela@erlang.org> | 2011-06-09 12:18:34 +0200 |
---|---|---|
committer | Ingela Anderton Andin <ingela@erlang.org> | 2011-06-09 12:18:34 +0200 |
commit | 751ec4f918bed2f5455538e6296c6b925bcca002 (patch) | |
tree | d983ce771c1a96a89a96abbf7fca46fb00fc5708 /lib/ssl/test | |
parent | 3b818d5ec09cd2bb4c650776b898af9206f13c68 (diff) | |
parent | 8f74c4a943269ab5eb1e6177282e5fb8c765d3b7 (diff) | |
download | otp-751ec4f918bed2f5455538e6296c6b925bcca002.tar.gz otp-751ec4f918bed2f5455538e6296c6b925bcca002.tar.bz2 otp-751ec4f918bed2f5455538e6296c6b925bcca002.zip |
Merge branch 'ia/ssl/denial-of-service/OTP-9364' into dev
* ia/ssl/denial-of-service/OTP-9364:
Prevention of denial of service attack
Diffstat (limited to 'lib/ssl/test')
-rw-r--r-- | lib/ssl/test/Makefile | 4 | ||||
-rw-r--r-- | lib/ssl/test/ssl_basic_SUITE.erl | 39 |
2 files changed, 41 insertions, 2 deletions
diff --git a/lib/ssl/test/Makefile b/lib/ssl/test/Makefile index 53b2223035..5be07cad2c 100644 --- a/lib/ssl/test/Makefile +++ b/lib/ssl/test/Makefile @@ -61,8 +61,10 @@ HRL_FILES = ssl_test_MACHINE.hrl HRL_FILES_SRC = \ ssl_int.hrl \ + ssl_internal.hrl\ ssl_alert.hrl \ - ssl_handshake.hrl + ssl_handshake.hrl \ + ssl_record.hrl HRL_FILES_INC = diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl index ec287ed803..ecb5228a8b 100644 --- a/lib/ssl/test/ssl_basic_SUITE.erl +++ b/lib/ssl/test/ssl_basic_SUITE.erl @@ -30,6 +30,8 @@ -include("ssl_alert.hrl"). -include("ssl_int.hrl"). +-include("ssl_internal.hrl"). +-include("ssl_record.hrl"). -define('24H_in_sec', 86400). -define(TIMEOUT, 60000). @@ -209,7 +211,7 @@ all() -> controller_dies, client_closes_socket, peercert, connect_dist, peername, sockname, socket_options, misc_ssl_options, versions, cipher_suites, upgrade, - upgrade_with_timeout, tcp_connect, ipv6, ekeyfile, + upgrade_with_timeout, tcp_connect, tcp_connect_big, ipv6, ekeyfile, ecertfile, ecacertfile, eoptions, shutdown, shutdown_write, shutdown_both, shutdown_error, ciphers_rsa_signed_certs, ciphers_rsa_signed_certs_ssl3, @@ -1097,6 +1099,41 @@ tcp_connect(Config) when is_list(Config) -> end end. +tcp_connect_big(doc) -> + ["Test what happens when a tcp tries to connect, i,e. a bad big (ssl) packet is sent first"]; + +tcp_connect_big(suite) -> + []; + +tcp_connect_big(Config) when is_list(Config) -> + ServerOpts = ?config(server_opts, Config), + {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + TcpOpts = [binary, {reuseaddr, true}], + + Server = ssl_test_lib:start_upgrade_server([{node, ServerNode}, {port, 0}, + {from, self()}, + {timeout, 5000}, + {mfa, {?MODULE, dummy, []}}, + {tcp_options, TcpOpts}, + {ssl_options, ServerOpts}]), + Port = ssl_test_lib:inet_port(Server), + + {ok, Socket} = gen_tcp:connect(Hostname, Port, [binary, {packet, 0}]), + test_server:format("Testcase ~p connected to Server ~p ~n", [self(), Server]), + + Rand = crypto:rand_bytes(?MAX_CIPHER_TEXT_LENGTH+1), + gen_tcp:send(Socket, <<?BYTE(0), + ?BYTE(3), ?BYTE(1), ?UINT16(?MAX_CIPHER_TEXT_LENGTH), Rand/binary>>), + + receive + {tcp_closed, Socket} -> + receive + {Server, {error, timeout}} -> + test_server:fail("hangs"); + {Server, {error, Error}} -> + test_server:format("Error ~p", [Error]) + end + end. dummy(_Socket) -> %% Should not happen as the ssl connection will not be established |