1 files changed, 178 insertions, 49 deletions

diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl
index d8e99799e2..3a7f47c2dd 100644
--- a/lib/ssh/test/ssh_protocol_SUITE.erl
+++ b/lib/ssh/test/ssh_protocol_SUITE.erl
@@ -46,7 +46,10 @@ suite() ->
 
 all() -> 
     [{group,tool_tests},
-     {group,kex}
+     {group,kex},
+     {group,service_requests},
+     {group,packet_size_error},
+     {group,field_size_error}
     ].
 
 groups() ->
@@ -55,13 +58,25 @@ groups() ->
 		       lib_match,
 		       lib_no_match
 		      ]},
+     {packet_size_error, [], [packet_length_too_large,
+			      packet_length_too_short]},
+      
+     {field_size_error, [], [service_name_length_too_large,
+			     service_name_length_too_short]},
+      
      {kex, [], [no_common_alg_server_disconnects,
 		no_common_alg_client_disconnects,
-		gex_client_init_default_noexact,
-		gex_client_init_default_exact,
 		gex_client_init_option_groups,
+		gex_server_gex_limit,
+		gex_client_init_option_groups_moduli_file,
 		gex_client_init_option_groups_file
-		]}
+		]},
+     {service_requests, [], [bad_service_name,
+			     bad_long_service_name,
+			     bad_very_long_service_name,
+			     empty_service_name,
+			     bad_service_name_then_correct
+			    ]}
     ].
 
 
@@ -76,10 +91,10 @@ end_per_suite(Config) ->
 init_per_testcase(no_common_alg_server_disconnects, Config) ->
     start_std_daemon(Config, [{preferred_algorithms,[{public_key,['ssh-rsa']}]}]);
 
-init_per_testcase(TC, Config) when TC == gex_client_init_default_noexact ;
-				   TC == gex_client_init_default_exact ;
-				   TC == gex_client_init_option_groups ;
-				   TC == gex_client_init_option_groups_file ->
+init_per_testcase(TC, Config) when TC == gex_client_init_option_groups ;
+				   TC == gex_client_init_option_groups_moduli_file ;
+				   TC == gex_client_init_option_groups_file ;
+				   TC == gex_server_gex_limit ->
     Opts = case TC of
 	       gex_client_init_option_groups ->
 		   [{dh_gex_groups, [{2345, 3, 41}]}];
@@ -87,21 +102,31 @@ init_per_testcase(TC, Config) when TC == gex_client_init_default_noexact ;
 		   DataDir = ?config(data_dir, Config),
 		   F = filename:join(DataDir, "dh_group_test"),
 		   [{dh_gex_groups, {file,F}}];
+	       gex_client_init_option_groups_moduli_file ->
+		   DataDir = ?config(data_dir, Config),
+		   F = filename:join(DataDir, "dh_group_test.moduli"),
+		   [{dh_gex_groups, {ssh_moduli_file,F}}];
+	       gex_server_gex_limit ->
+		    [{dh_gex_groups, [{ 500, 3, 18},
+				      {1000, 7, 91},
+				      {3000, 5, 61}]},
+		     {dh_gex_limits,{500,1500}}
+		    ];
 	       _ ->
 		   []
 	   end,
     start_std_daemon(Config,
-		     [{preferred_algorithms, ssh_transport:supported_algorithms()}
+		     [{preferred_algorithms, ssh:default_algorithms()}
 		      | Opts]);
 init_per_testcase(_TestCase, Config) ->
     check_std_daemon_works(Config, ?LINE).
 
 end_per_testcase(no_common_alg_server_disconnects, Config) ->
     stop_std_daemon(Config);
-end_per_testcase(TC, Config) when TC == gex_client_init_default_noexact ;
-				  TC == gex_client_init_default_exact ;
-				  TC == gex_client_init_option_groups ;
-				  TC == gex_client_init_option_groups_file ->
+end_per_testcase(TC, Config) when TC == gex_client_init_option_groups ;
+				  TC == gex_client_init_option_groups_moduli_file ;
+				  TC == gex_client_init_option_groups_file ;
+				  TC == gex_server_gex_limit ->
     stop_std_daemon(Config);
 end_per_testcase(_TestCase, Config) ->
     check_std_daemon_works(Config, ?LINE).
@@ -114,25 +139,10 @@ end_per_testcase(_TestCase, Config) ->
 %%% Connect to an erlang server and check that the testlib acts as a client.
 lib_works_as_client(Config) ->
     %% Connect and negotiate keys
-    {ok,InitialState} =
-	ssh_trpt_test_lib:exec(
-	  [{set_options, [print_ops, print_seqnums, print_messages]},
-	   {connect,
-	    server_host(Config),server_port(Config),
-	    [{preferred_algorithms,[{kex,['diffie-hellman-group1-sha1']}]},
-	     {silently_accept_hosts, true},
-	     {user_dir, user_dir(Config)},
-	     {user_interaction, false}]},
-	   receive_hello,
-	   {send, hello},
-	   {send, ssh_msg_kexinit},
-	   {match, #ssh_msg_kexinit{_='_'}, receive_msg},
-	   {send, ssh_msg_kexdh_init},
-	   {match,# ssh_msg_kexdh_reply{_='_'}, receive_msg},
-	   {send, #ssh_msg_newkeys{}},
-	   {match, #ssh_msg_newkeys{_='_'}, receive_msg}
-	  ]
-	 ),
+    {ok,InitialState} = ssh_trpt_test_lib:exec(
+			  [{set_options, [print_ops, print_seqnums, print_messages]}]
+			 ),
+    {ok,AfterKexState} = connect_and_kex(Config, InitialState),
 
     %% Do the authentcation
     {User,Pwd} = server_user_password(Config),
@@ -147,7 +157,7 @@ lib_works_as_client(Config) ->
 						     ?STRING(unicode:characters_to_binary(Pwd))>>
 					   }},
 	   {match, #ssh_msg_userauth_success{_='_'}, receive_msg}
-	  ], InitialState),
+	  ], AfterKexState),
 
     %% Disconnect
     {ok,_} =
@@ -327,31 +337,29 @@ no_common_alg_client_disconnects(Config) ->
 	X -> 
 	    ct:log("¤¤¤¤¤"),
 	    ct:fail(X)
+    after 
+	30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE])
     end.
 
 %%%--------------------------------------------------------------------
-gex_client_init_default_noexact(Config) ->
-    do_gex_client_init(Config, {2000, 3000, 4000},
-		       %% Warning, app knowledege:
-		       ?dh_group15).
-
-
-gex_client_init_default_exact(Config) ->
-    do_gex_client_init(Config, {2000, 2048, 4000},
-		       %% Warning, app knowledege:
-		       ?dh_group14).
-
-
 gex_client_init_option_groups(Config) ->
     do_gex_client_init(Config, {2000, 2048, 4000}, 
-		       {'n/a',{3,41}}).
-
+		       {3,41}).
 
 gex_client_init_option_groups_file(Config) ->
     do_gex_client_init(Config, {2000, 2048, 4000},
-		       {'n/a',{5,61}}).
+		       {5,61}).
+
+gex_client_init_option_groups_moduli_file(Config) ->
+    do_gex_client_init(Config, {2000, 2048, 4000},
+		       {5,16#B7}).
 
-do_gex_client_init(Config, {Min,N,Max}, {_,{G,P}}) ->
+gex_server_gex_limit(Config) ->
+    do_gex_client_init(Config, {1000, 3000, 4000},
+		       {7,91}).
+
+
+do_gex_client_init(Config, {Min,N,Max}, {G,P}) ->
     {ok,_} =
 	ssh_trpt_test_lib:exec(
 	  [{set_options, [print_ops, print_seqnums, print_messages]},
@@ -373,6 +381,106 @@ do_gex_client_init(Config, {Min,N,Max}, {_,{G,P}}) ->
 	  ]
 	 ).
 
+
+%%%--------------------------------------------------------------------
+bad_service_name(Config) -> 
+    bad_service_name(Config, "kfglkjf").
+    
+bad_long_service_name(Config) -> 
+    bad_service_name(Config, 
+		     lists:duplicate(?SSH_MAX_PACKET_SIZE div 2, $a)).
+
+bad_very_long_service_name(Config) -> 
+    bad_service_name(Config,
+		     lists:duplicate(4*?SSH_MAX_PACKET_SIZE, $a)).
+
+empty_service_name(Config) ->
+    bad_service_name(Config, "").
+    
+bad_service_name_then_correct(Config) ->
+    {ok,InitialState} = connect_and_kex(Config),
+    {ok,_} =
+	ssh_trpt_test_lib:exec(
+	  [{set_options, [print_ops, print_seqnums, print_messages]},
+	   {send, #ssh_msg_service_request{name = "kdjglkfdjgkldfjglkdfjglkfdjglkj"}},
+	   {send, #ssh_msg_service_request{name = "ssh-connection"}},
+	   {match, {'or',[#ssh_msg_disconnect{_='_'},
+			  tcp_closed
+			 ]},
+		    receive_msg}
+	   ], InitialState).
+
+
+bad_service_name(Config, Name) ->
+    {ok,InitialState} = connect_and_kex(Config),
+    {ok,_} =
+	ssh_trpt_test_lib:exec(
+	  [{set_options, [print_ops, print_seqnums, print_messages]},
+	   {send, #ssh_msg_service_request{name = Name}},
+	   {match, {'or',[#ssh_msg_disconnect{_='_'},
+			  tcp_closed
+			 ]},
+		    receive_msg}
+	  ], InitialState).
+
+%%%--------------------------------------------------------------------
+packet_length_too_large(Config) -> bad_packet_length(Config, +4).
+
+packet_length_too_short(Config) -> bad_packet_length(Config, -4).
+    
+bad_packet_length(Config, LengthExcess) ->
+    PacketFun = 
+	fun(Msg, Ssh) ->
+		BinMsg = ssh_message:encode(Msg),
+		ssh_transport:pack(BinMsg, Ssh, LengthExcess)
+	end,
+    {ok,InitialState} = connect_and_kex(Config),
+    {ok,_} =
+	ssh_trpt_test_lib:exec(
+	  [{set_options, [print_ops, print_seqnums, print_messages]},
+	   {send, {special,
+		   #ssh_msg_service_request{name="ssh-userauth"},
+		   PacketFun}},
+	   %% Prohibit remote decoder starvation:	   
+	   {send, #ssh_msg_service_request{name="ssh-userauth"}},
+	   {match, {'or',[#ssh_msg_disconnect{_='_'},
+			  tcp_closed
+			 ]},
+		    receive_msg}
+	  ], InitialState).
+
+%%%--------------------------------------------------------------------
+service_name_length_too_large(Config) -> bad_service_name_length(Config, +4).
+
+service_name_length_too_short(Config) -> bad_service_name_length(Config, -4).
+
+
+bad_service_name_length(Config, LengthExcess) ->
+    PacketFun = 
+	fun(#ssh_msg_service_request{name=Service}, Ssh) ->
+		BinName = list_to_binary(Service),
+		BinMsg = 
+		    <<?BYTE(?SSH_MSG_SERVICE_REQUEST),
+		      %% A bad string encoding of Service:
+		      ?UINT32(size(BinName)+LengthExcess), BinName/binary
+		    >>,
+		ssh_transport:pack(BinMsg, Ssh)
+	end,
+    {ok,InitialState} = connect_and_kex(Config),
+    {ok,_} =
+	ssh_trpt_test_lib:exec(
+	  [{set_options, [print_ops, print_seqnums, print_messages]},
+	   {send, {special,
+		   #ssh_msg_service_request{name="ssh-userauth"}, 
+		   PacketFun} },
+	   %% Prohibit remote decoder starvation:	   
+	   {send, #ssh_msg_service_request{name="ssh-userauth"}},
+	   {match, {'or',[#ssh_msg_disconnect{_='_'},
+			  tcp_closed
+			 ]},
+	    receive_msg}
+	  ], InitialState).
+    
 %%%================================================================
 %%%==== Internal functions ========================================
 %%%================================================================
@@ -480,3 +588,24 @@ std_connect(Host, Port, Config, Opts) ->
 		30000).
     
 %%%----------------------------------------------------------------	
+connect_and_kex(Config) ->
+    connect_and_kex(Config, ssh_trpt_test_lib:exec([]) ).
+
+connect_and_kex(Config, InitialState) ->
+    ssh_trpt_test_lib:exec(
+      [{connect,
+	server_host(Config),server_port(Config),
+	[{preferred_algorithms,[{kex,['diffie-hellman-group1-sha1']}]},
+	 {silently_accept_hosts, true},
+	 {user_dir, user_dir(Config)},
+	 {user_interaction, false}]},
+       receive_hello,
+       {send, hello},
+       {send, ssh_msg_kexinit},
+       {match, #ssh_msg_kexinit{_='_'}, receive_msg},
+       {send, ssh_msg_kexdh_init},
+       {match,# ssh_msg_kexdh_reply{_='_'}, receive_msg},
+       {send, #ssh_msg_newkeys{}},
+       {match, #ssh_msg_newkeys{_='_'}, receive_msg}
+      ],
+      InitialState).