commit 95c893d17f64f6549b2acfdead419d1711189282
author Gilles Peskine <Gilles.Peskine@arm.com> Tue Jan 21 21:26:36 2020 +0100
committer Gilles Peskine <Gilles.Peskine@arm.com> Tue Jan 21 21:29:37 2020 +0100
tree 21bae38b865df52437187712a64c060de4a57f60
parent ef4183858ac8b86a46c12248aa7e705ecddd215b

More systematic handling of trailing garbage in parse_prefixes

Before, the string to parse may contain trailing garbage (there was
never more than one byte), and there was a separate argument
indicating the length of the content. Now, the string to parse is the
exact content, and the test code runs an extra test step with a
trailing byte added.

tests/suites/test_suite_asn1parse.function

diff --git a/tests/suites/test_suite_asn1parse.function b/tests/suites/test_suite_asn1parse.function
index 63e3a31..94e34fb 100644
--- a/tests/suites/test_suite_asn1parse.function
+++ b/tests/suites/test_suite_asn1parse.function
@@ -9,8 +9,13 @@
 #include "mbedtls/asn1write.h"
 #endif
 
+/* Used internally to report an error that indicates a bug in a parsing function. */
 #define ERR_PARSE_INCONSISTENCY INT_MAX
 
+/* Use this magic value in some tests to indicate that the expected result
+ * should not be checked. */
+#define UNPREDICTABLE_RESULT 0x5552
+
 static int nested_parse( unsigned char **const p,
                          const unsigned char *const end )
 {
@@ -176,10 +181,15 @@
 
 /* BEGIN_CASE */
 void parse_prefixes( const data_t *input,
-                     int actual_length_arg,
-                     int last_result )
+                     int full_result,
+                     int overfull_result )
 {
-    size_t actual_length = actual_length_arg;
+    /* full_result: expected result from parsing the given string. */
+    /* overfull_result: expected_result from parsing the given string plus
+     * some trailing garbage. This may be UNPREDICTABLE_RESULT to accept
+     * any result: use this for invalid inputs that may or may not become
+     * valid depending on what the trailing garbage is. */
+
     unsigned char *buf = NULL;
     unsigned char *p = NULL;
     size_t buffer_size;
@@ -188,8 +198,9 @@
     /* Test every prefix of the input, except the empty string.
      * The first byte of the string is the tag. Without a tag byte,
      * we wouldn't know what to parse the input as.
+     * Also test the input followed by an extra byte.
      */
-    for( buffer_size = 1; buffer_size <= input->len; buffer_size++ )
+    for( buffer_size = 1; buffer_size <= input->len + 1; buffer_size++ )
     {
         test_set_step( buffer_size );
         /* Allocate a new buffer of exactly the length to parse each time.
@@ -198,18 +209,25 @@
         memcpy( buf, input->x, buffer_size );
         p = buf;
         ret = nested_parse( &p, buf + buffer_size );
+
         if( ret == ERR_PARSE_INCONSISTENCY )
             goto exit;
-        if( actual_length > 0 && buffer_size >= actual_length )
-        {
-            TEST_EQUAL( ret, last_result );
-            if( ret == 0 )
-                TEST_ASSERT( p == buf + actual_length );
-        }
-        else
+        if( buffer_size < input->len )
         {
             TEST_EQUAL( ret, MBEDTLS_ERR_ASN1_OUT_OF_DATA );
         }
+        else if( buffer_size == input->len )
+        {
+            TEST_EQUAL( ret, full_result );
+        }
+        else /* ( buffer_size > input->len ) */
+        {
+            if( overfull_result != UNPREDICTABLE_RESULT )
+                TEST_EQUAL( ret, overfull_result );
+        }
+        if( ret == 0 )
+            TEST_ASSERT( p == buf + input->len );
+
         mbedtls_free( buf );
         buf = NULL;
     }