diff options
author | fanquake <fanquake@gmail.com> | 2023-10-30 14:26:25 +0100 |
---|---|---|
committer | fanquake <fanquake@gmail.com> | 2023-10-30 14:44:40 +0100 |
commit | ec5116ae14d9b3ae8efac58c93718d42361515a0 (patch) | |
tree | 2ec0d7456c6ddfc6bca3325e3b729a5db96e7e0b /src/test | |
parent | a3670b227333e8d1a50759a4dd496c2f54f98fa6 (diff) | |
parent | 5cf4d266d9b1e7bd9394e7581398de5bc540ae99 (diff) |
Merge bitcoin/bitcoin#28695: net: Sanity check private keys received from SAM proxy
5cf4d266d9b1e7bd9394e7581398de5bc540ae99 [test] Test i2p private key constraints (Vasil Dimov)
cf70a8d56510a5f07eff0fd773184cae14b2dcc9 [net] Check i2p private key constraints (dergoegge)
Pull request description:
Not sanity checking can lead to crashes or worse:
```
==1715589==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6140000055c2 at pc 0x5622ed66e7ad bp 0x7ffee547a2c0 sp 0x7ffee547a2b8
READ of size 2 at 0x6140000055c2 thread T0 (b-test)
#0 0x5622ed66e7ac in memcpy include/bits/string_fortified.h:29:10
#1 0x5622ed66e7ac in i2p::sam::Session::MyDestination() const src/i2p.cpp:362:5
#2 0x5622ed662e46 in i2p::sam::Session::CreateIfNotCreatedAlready() src/i2p.cpp:414:40
#3 0x5622ed6619f2 in i2p::sam::Session::Listen(i2p::Connection&) src/i2p.cpp:143:9
```
ACKs for top commit:
maflcko:
code lgtm ACK 5cf4d266d9b1e7bd9394e7581398de5bc540ae99
stickies-v:
re-ACK 5cf4d266d9b1e7bd9394e7581398de5bc540ae99
vasild:
ACK 5cf4d266d9b1e7bd9394e7581398de5bc540ae99
Tree-SHA512: 3de3bd396538fa619de67957b9c8a58011ab911f0f51097c387e730c13908278b7322aa3357051fb245a20b15bef34b0e9fadcb1eff8ad751139d2aa634c78ad
Diffstat (limited to 'src/test')
-rw-r--r-- | src/test/i2p_tests.cpp | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/src/test/i2p_tests.cpp b/src/test/i2p_tests.cpp index 5b8b0e9215..f80f07d190 100644 --- a/src/test/i2p_tests.cpp +++ b/src/test/i2p_tests.cpp @@ -9,6 +9,7 @@ #include <test/util/logging.h> #include <test/util/net.h> #include <test/util/setup_common.h> +#include <util/readwritefile.h> #include <util/threadinterrupt.h> #include <boost/test/unit_test.hpp> @@ -125,4 +126,47 @@ BOOST_AUTO_TEST_CASE(listen_ok_accept_fail) } } +BOOST_AUTO_TEST_CASE(damaged_private_key) +{ + const auto CreateSockOrig = CreateSock; + + CreateSock = [](const CService&) { + return std::make_unique<StaticContentsSock>("HELLO REPLY RESULT=OK VERSION=3.1\n" + "SESSION STATUS RESULT=OK DESTINATION=\n"); + }; + + const auto i2p_private_key_file = m_args.GetDataDirNet() / "test_i2p_private_key_damaged"; + + for (const auto& [file_contents, expected_error] : std::vector<std::tuple<std::string, std::string>>{ + {"", "The private key is too short (0 < 387)"}, + + {"abcd", "The private key is too short (4 < 387)"}, + + {std::string(386, '\0'), "The private key is too short (386 < 387)"}, + + {std::string(385, '\0') + '\0' + '\1', + "Certificate length (1) designates that the private key should be 388 bytes, but it is only " + "387 bytes"}, + + {std::string(385, '\0') + '\0' + '\5' + "abcd", + "Certificate length (5) designates that the private key should be 392 bytes, but it is only " + "391 bytes"}}) { + BOOST_REQUIRE(WriteBinaryFile(i2p_private_key_file, file_contents)); + + CThreadInterrupt interrupt; + i2p::sam::Session session(i2p_private_key_file, CService{}, &interrupt); + + { + ASSERT_DEBUG_LOG("Creating persistent SAM session"); + ASSERT_DEBUG_LOG(expected_error); + + i2p::Connection conn; + bool proxy_error; + BOOST_CHECK(!session.Connect(CService{}, conn, proxy_error)); + } + } + + CreateSock = CreateSockOrig; +} + BOOST_AUTO_TEST_SUITE_END() |