[MERGED] osmo-hlr[master]: auc_gen_vectors(): ensure sane arguments, test

Harald Welte gerrit-no-reply at lists.osmocom.org
Wed Feb 22 07:19:01 UTC 2017


Harald Welte has submitted this change and it was merged.

Change subject: auc_gen_vectors(): ensure sane arguments, test
......................................................................


auc_gen_vectors(): ensure sane arguments, test

In auc_gen_vectors(), add various checks that the auth data arguments passed
make sense, and add unit test to verify that they work. (Caught a segfault due
to NULL dereference with this.)

Change-Id: I775652b6a91d382707ce32176a3fe4ef547cbca7
---
M src/auc.c
M tests/auc/auc_3g_test.c
M tests/auc/auc_3g_test.err
3 files changed, 274 insertions(+), 3 deletions(-)

Approvals:
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/src/auc.c b/src/auc.c
index 3f3db34..a307931 100644
--- a/src/auc.c
+++ b/src/auc.c
@@ -36,13 +36,42 @@
 	uint8_t rand[16];
 	int rc;
 
-	if (aud2g->algo == OSMO_AUTH_ALG_NONE)
+	if (aud2g && (aud2g->algo == OSMO_AUTH_ALG_NONE
+		      || aud2g->type == OSMO_AUTH_TYPE_NONE))
 		aud2g = NULL;
-	if (aud3g->algo == OSMO_AUTH_ALG_NONE)
+	if (aud3g && (aud3g->algo == OSMO_AUTH_ALG_NONE
+		      || aud3g->type == OSMO_AUTH_TYPE_NONE))
 		aud3g = NULL;
 
-	if (!aud2g && !aud3g)
+	if (!aud2g && !aud3g) {
+		LOGP(DAUC, LOGL_ERROR, "auc_compute_vectors() called"
+		     " with neither 2G nor 3G auth data available\n");
 		return -1;
+	}
+
+	if (aud2g && aud2g->type != OSMO_AUTH_TYPE_GSM) {
+		LOGP(DAUC, LOGL_ERROR, "auc_compute_vectors() called"
+		     " with non-2G auth data passed for aud2g arg\n");
+		return -1;
+	}
+
+	if (aud3g && aud3g->type != OSMO_AUTH_TYPE_UMTS) {
+		LOGP(DAUC, LOGL_ERROR, "auc_compute_vectors() called"
+		     " with non-3G auth data passed for aud3g arg\n");
+		return -1;
+	}
+
+	if ((rand_auts != NULL) != (auts != NULL)) {
+		LOGP(DAUC, LOGL_ERROR, "auc_compute_vectors() with only one"
+		     " of AUTS and AUTS_RAND given, need both or neither\n");
+		return -1;
+	}
+
+	if (auts && !aud3g) {
+		LOGP(DAUC, LOGL_ERROR, "auc_compute_vectors() with AUTS called"
+		     " but no 3G auth data passed\n");
+		return -1;
+	}
 
 	/* compute quintuples */
 	for (i = 0; i < num_vec; i++) {
diff --git a/tests/auc/auc_3g_test.c b/tests/auc/auc_3g_test.c
index 88037a6..f1fa2c2 100644
--- a/tests/auc/auc_3g_test.c
+++ b/tests/auc/auc_3g_test.c
@@ -376,6 +376,103 @@
 	comment_end();
 }
 
+void test_gen_vectors_bad_args()
+{
+	struct osmo_auth_vector vec;
+	uint8_t auts[14];
+	uint8_t rand_auts[16];
+	int rc;
+	int i;
+
+	struct osmo_sub_auth_data aud2g = {
+		.type = OSMO_AUTH_TYPE_GSM,
+		.algo = OSMO_AUTH_ALG_COMP128v1,
+	};
+
+	struct osmo_sub_auth_data aud3g = {
+		.type = OSMO_AUTH_TYPE_UMTS,
+		.algo = OSMO_AUTH_ALG_MILENAGE,
+	};
+
+	struct osmo_sub_auth_data aud2g_noalg = {
+		.type = OSMO_AUTH_TYPE_GSM,
+		.algo = OSMO_AUTH_ALG_NONE,
+	};
+
+	struct osmo_sub_auth_data aud3g_noalg = {
+		.type = OSMO_AUTH_TYPE_UMTS,
+		.algo = OSMO_AUTH_ALG_NONE,
+	};
+
+	struct osmo_sub_auth_data aud_notype = {
+		.type = OSMO_AUTH_TYPE_NONE,
+		.algo = OSMO_AUTH_ALG_MILENAGE,
+	};
+
+	struct osmo_sub_auth_data no_aud = {
+		.type = OSMO_AUTH_TYPE_NONE,
+		.algo = OSMO_AUTH_ALG_NONE,
+	};
+
+	struct {
+		struct osmo_sub_auth_data *aud2g;
+		struct osmo_sub_auth_data *aud3g;
+		uint8_t *rand_auts;
+		uint8_t *auts;
+		const char *label;
+	} tests[] = {
+		{         NULL,         NULL,       NULL,  NULL, "no auth data (a)"},
+		{         NULL, &aud3g_noalg,       NULL,  NULL, "no auth data (b)"},
+		{         NULL,  &aud_notype,       NULL,  NULL, "no auth data (c)"},
+		{         NULL,      &no_aud,       NULL,  NULL, "no auth data (d)"},
+		{ &aud2g_noalg,         NULL,       NULL,  NULL, "no auth data (e)"},
+		{ &aud2g_noalg, &aud3g_noalg,       NULL,  NULL, "no auth data (f)"},
+		{ &aud2g_noalg,  &aud_notype,       NULL,  NULL, "no auth data (g)"},
+		{ &aud2g_noalg,      &no_aud,       NULL,  NULL, "no auth data (h)"},
+		{  &aud_notype,         NULL,       NULL,  NULL, "no auth data (i)"},
+		{  &aud_notype, &aud3g_noalg,       NULL,  NULL, "no auth data (j)"},
+		{  &aud_notype,  &aud_notype,       NULL,  NULL, "no auth data (k)"},
+		{  &aud_notype,      &no_aud,       NULL,  NULL, "no auth data (l)"},
+		{      &no_aud,         NULL,       NULL,  NULL, "no auth data (m)"},
+		{      &no_aud, &aud3g_noalg,       NULL,  NULL, "no auth data (n)"},
+		{      &no_aud,  &aud_notype,       NULL,  NULL, "no auth data (o)"},
+		{      &no_aud,      &no_aud,       NULL,  NULL, "no auth data (p)"},
+		{       &aud3g,         NULL,       NULL,  NULL, "wrong auth data type (a)"},
+		{       &aud3g, &aud3g_noalg,       NULL,  NULL, "wrong auth data type (b)"},
+		{       &aud3g,  &aud_notype,       NULL,  NULL, "wrong auth data type (c)"},
+		{       &aud3g,      &no_aud,       NULL,  NULL, "wrong auth data type (d)"},
+		{         NULL,       &aud2g,       NULL,  NULL, "wrong auth data type (e)"},
+		{ &aud3g_noalg,       &aud2g,       NULL,  NULL, "wrong auth data type (f)"},
+		{  &aud_notype,       &aud2g,       NULL,  NULL, "wrong auth data type (g)"},
+		{      &no_aud,       &aud2g,       NULL,  NULL, "wrong auth data type (h)"},
+		{       &aud3g,       &aud2g,       NULL,  NULL, "wrong auth data type (i)"},
+		{       &aud3g,       &aud3g,       NULL,  NULL, "wrong auth data type (j)"},
+		{       &aud2g,       &aud2g,       NULL,  NULL, "wrong auth data type (k)"},
+		{       &aud2g,         NULL,  rand_auts,  auts, "AUTS for 2G-only (a)"},
+		{       &aud2g, &aud3g_noalg,  rand_auts,  auts, "AUTS for 2G-only (b)"},
+		{       &aud2g,  &aud_notype,  rand_auts,  auts, "AUTS for 2G-only (c)"},
+		{       &aud2g,      &no_aud,  rand_auts,  auts, "AUTS for 2G-only (d)"},
+		{         NULL,       &aud3g,       NULL,  auts, "incomplete AUTS (a)"},
+		{         NULL,       &aud3g,  rand_auts,  NULL, "incomplete AUTS (b)"},
+		{       &aud2g,       &aud3g,       NULL,  auts, "incomplete AUTS (c)"},
+		{       &aud2g,       &aud3g,  rand_auts,  NULL, "incomplete AUTS (d)"},
+	};
+
+	comment_start();
+
+	for (i = 0; i < ARRAY_SIZE(tests); i++) {
+		fprintf(stderr, "\n- %s\n", tests[i].label);
+		rc = auc_compute_vectors(&vec, 1,
+					 tests[i].aud2g,
+					 tests[i].aud3g,
+					 tests[i].rand_auts,
+					 tests[i].auts);
+		VERBOSE_ASSERT(rc, < 0, "%d");
+	}
+
+	comment_end();
+}
+
 int main()
 {
 	printf("auc_3g_test.c\n");
@@ -388,6 +485,7 @@
 	test_gen_vectors_2g_only();
 	test_gen_vectors_2g_plus_3g();
 	test_gen_vectors_3g_only();
+	test_gen_vectors_bad_args();
 
 	printf("Done\n");
 	return 0;
diff --git a/tests/auc/auc_3g_test.err b/tests/auc/auc_3g_test.err
index a444f8b..5c3dd14 100644
--- a/tests/auc/auc_3g_test.err
+++ b/tests/auc/auc_3g_test.err
@@ -121,3 +121,147 @@
 
 ===== test_gen_vectors_3g_only: SUCCESS
 
+
+===== test_gen_vectors_bad_args
+
+- no auth data (a)
+DAUC auc_compute_vectors() called with neither 2G nor 3G auth data available
+rc == -1
+
+- no auth data (b)
+DAUC auc_compute_vectors() called with neither 2G nor 3G auth data available
+rc == -1
+
+- no auth data (c)
+DAUC auc_compute_vectors() called with neither 2G nor 3G auth data available
+rc == -1
+
+- no auth data (d)
+DAUC auc_compute_vectors() called with neither 2G nor 3G auth data available
+rc == -1
+
+- no auth data (e)
+DAUC auc_compute_vectors() called with neither 2G nor 3G auth data available
+rc == -1
+
+- no auth data (f)
+DAUC auc_compute_vectors() called with neither 2G nor 3G auth data available
+rc == -1
+
+- no auth data (g)
+DAUC auc_compute_vectors() called with neither 2G nor 3G auth data available
+rc == -1
+
+- no auth data (h)
+DAUC auc_compute_vectors() called with neither 2G nor 3G auth data available
+rc == -1
+
+- no auth data (i)
+DAUC auc_compute_vectors() called with neither 2G nor 3G auth data available
+rc == -1
+
+- no auth data (j)
+DAUC auc_compute_vectors() called with neither 2G nor 3G auth data available
+rc == -1
+
+- no auth data (k)
+DAUC auc_compute_vectors() called with neither 2G nor 3G auth data available
+rc == -1
+
+- no auth data (l)
+DAUC auc_compute_vectors() called with neither 2G nor 3G auth data available
+rc == -1
+
+- no auth data (m)
+DAUC auc_compute_vectors() called with neither 2G nor 3G auth data available
+rc == -1
+
+- no auth data (n)
+DAUC auc_compute_vectors() called with neither 2G nor 3G auth data available
+rc == -1
+
+- no auth data (o)
+DAUC auc_compute_vectors() called with neither 2G nor 3G auth data available
+rc == -1
+
+- no auth data (p)
+DAUC auc_compute_vectors() called with neither 2G nor 3G auth data available
+rc == -1
+
+- wrong auth data type (a)
+DAUC auc_compute_vectors() called with non-2G auth data passed for aud2g arg
+rc == -1
+
+- wrong auth data type (b)
+DAUC auc_compute_vectors() called with non-2G auth data passed for aud2g arg
+rc == -1
+
+- wrong auth data type (c)
+DAUC auc_compute_vectors() called with non-2G auth data passed for aud2g arg
+rc == -1
+
+- wrong auth data type (d)
+DAUC auc_compute_vectors() called with non-2G auth data passed for aud2g arg
+rc == -1
+
+- wrong auth data type (e)
+DAUC auc_compute_vectors() called with non-3G auth data passed for aud3g arg
+rc == -1
+
+- wrong auth data type (f)
+DAUC auc_compute_vectors() called with non-3G auth data passed for aud3g arg
+rc == -1
+
+- wrong auth data type (g)
+DAUC auc_compute_vectors() called with non-3G auth data passed for aud3g arg
+rc == -1
+
+- wrong auth data type (h)
+DAUC auc_compute_vectors() called with non-3G auth data passed for aud3g arg
+rc == -1
+
+- wrong auth data type (i)
+DAUC auc_compute_vectors() called with non-2G auth data passed for aud2g arg
+rc == -1
+
+- wrong auth data type (j)
+DAUC auc_compute_vectors() called with non-2G auth data passed for aud2g arg
+rc == -1
+
+- wrong auth data type (k)
+DAUC auc_compute_vectors() called with non-3G auth data passed for aud3g arg
+rc == -1
+
+- AUTS for 2G-only (a)
+DAUC auc_compute_vectors() with AUTS called but no 3G auth data passed
+rc == -1
+
+- AUTS for 2G-only (b)
+DAUC auc_compute_vectors() with AUTS called but no 3G auth data passed
+rc == -1
+
+- AUTS for 2G-only (c)
+DAUC auc_compute_vectors() with AUTS called but no 3G auth data passed
+rc == -1
+
+- AUTS for 2G-only (d)
+DAUC auc_compute_vectors() with AUTS called but no 3G auth data passed
+rc == -1
+
+- incomplete AUTS (a)
+DAUC auc_compute_vectors() with only one of AUTS and AUTS_RAND given, need both or neither
+rc == -1
+
+- incomplete AUTS (b)
+DAUC auc_compute_vectors() with only one of AUTS and AUTS_RAND given, need both or neither
+rc == -1
+
+- incomplete AUTS (c)
+DAUC auc_compute_vectors() with only one of AUTS and AUTS_RAND given, need both or neither
+rc == -1
+
+- incomplete AUTS (d)
+DAUC auc_compute_vectors() with only one of AUTS and AUTS_RAND given, need both or neither
+rc == -1
+===== test_gen_vectors_bad_args: SUCCESS
+

-- 
To view, visit https://gerrit.osmocom.org/1866
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I775652b6a91d382707ce32176a3fe4ef547cbca7
Gerrit-PatchSet: 1
Gerrit-Project: osmo-hlr
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder


More information about the gerrit-log mailing list