TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1b1e7eb611c23c7b20e8c9371638fbe36f6c87f4^! / .
commit1b1e7eb611c23c7b20e8c9371638fbe36f6c87f4[log] [tgz]
authorHanno Becker <hanno.becker@arm.com>Mon Mar 08 16:57:08 2021 +0000
committerHanno Becker <hanno.becker@arm.com>Mon Mar 29 14:20:18 2021 +0100
tree0c993f30db9ef33aec5de8d5e761d826bd0a3484
parentd4d33a1b6b5f9f83aff7cd4bd5eeca0a035a7505 [diff]
Add unit test for integer overflow in mbedtls_mps_reader_reclaim()

Signed-off-by: Hanno Becker <hanno.becker@arm.com>

diff --git a/tests/suites/test_suite_mps.data b/tests/suites/test_suite_mps.data
index f25d703..442f321 100644
--- a/tests/suites/test_suite_mps.data
+++ b/tests/suites/test_suite_mps.data

@@ -120,3 +120,6 @@
 
 MPS Reader: Feed with invalid buffer (NULL)
 mbedtls_mps_reader_feed_empty:
+
+MPS Reader: Excess request leading to integer overflow
+mbedtls_mps_reader_reclaim_overflow:

diff --git a/tests/suites/test_suite_mps.function b/tests/suites/test_suite_mps.function
index d4cb69b..870e201 100644
--- a/tests/suites/test_suite_mps.function
+++ b/tests/suites/test_suite_mps.function

@@ -290,6 +290,38 @@
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */
+void mbedtls_mps_reader_reclaim_overflow()
+{
+    /* This test exercises the behaviour of the MPS reader with accumulator
+     * in the situation where upon calling mbedtls_mps_reader_reclaim(), the
+     * uncommitted data together with the excess data missing in the last
+     * call to medtls_mps_reader_get() exceeds the bounds of the the type
+     * holding the buffer length.
+     */
+
+    unsigned char buf[100];
+    unsigned char acc[50];
+    unsigned char *tmp;
+    mbedtls_mps_reader rd;
+
+    /* Preparation (lower layer) */
+    mbedtls_mps_reader_init( &rd, acc, sizeof( acc ) );
+    TEST_ASSERT( mbedtls_mps_reader_feed( &rd, buf, sizeof( buf ) ) == 0 );
+    /* Consumption (upper layer) */
+    TEST_ASSERT( mbedtls_mps_reader_get( &rd, 50, &tmp, NULL ) == 0 );
+    ASSERT_COMPARE( tmp, 50, buf, 50 );
+    /* Excess request */
+    TEST_ASSERT( mbedtls_mps_reader_get( &rd, (mbedtls_mps_size_t) -1, &tmp, NULL ) ==
+                 MBEDTLS_ERR_MPS_READER_OUT_OF_DATA );
+    /* Wrapup (lower layer) */
+    TEST_ASSERT( mbedtls_mps_reader_reclaim( &rd, NULL ) ==
+                 MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL );
+
+    mbedtls_mps_reader_free( &rd );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:TEST_SUITE_MPS_READER */
 void mbedtls_mps_reader_pausing( int option )
 {
     /* This test exercises the behaviour of the reader when the