aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/ntp/tests
diff options
context:
space:
mode:
authorXin LI <delphij@FreeBSD.org>2016-01-27 07:42:11 +0000
committerXin LI <delphij@FreeBSD.org>2016-01-27 07:42:11 +0000
commitb904cda23e910b04c9a2e3851bf9af02e28e01e2 (patch)
treefe9c93f74c3c8f3f011cf6472b60dfb509321eb9 /contrib/ntp/tests
parent2c8d95a1098aec52a7382ed533ef1735417dec3e (diff)
downloadsrc-b904cda23e910b04c9a2e3851bf9af02e28e01e2.tar.gz
src-b904cda23e910b04c9a2e3851bf9af02e28e01e2.zip
Fix BIND remote denial of service vulnerability. [SA-16:08]
Fix multiple vulnerabilities of ntp. [SA-16:09] Fix Linux compatibility layer issetugid(2) system call vulnerability. [SA-16:10] Security: FreeBSD-SA-16:08.bind Security: FreeBSD-SA-16:09.ntp Security: FreeBSD-SA-16:10.linux Approved by: so
Notes
Notes: svn path=/releng/9.3/; revision=294905
Diffstat (limited to 'contrib/ntp/tests')
-rw-r--r--contrib/ntp/tests/libntp/authkeys.c40
-rw-r--r--contrib/ntp/tests/libntp/decodenetnum.c56
-rw-r--r--contrib/ntp/tests/libntp/run-authkeys.c15
-rw-r--r--contrib/ntp/tests/libntp/run-decodenetnum.c8
-rw-r--r--contrib/ntp/tests/libntp/run-socktoa.c10
-rw-r--r--contrib/ntp/tests/libntp/socktoa.c40
-rw-r--r--contrib/ntp/tests/ntpd/t-ntp_signd.c4
7 files changed, 117 insertions, 56 deletions
diff --git a/contrib/ntp/tests/libntp/authkeys.c b/contrib/ntp/tests/libntp/authkeys.c
index 2ddbce59703b..fd11ef623de2 100644
--- a/contrib/ntp/tests/libntp/authkeys.c
+++ b/contrib/ntp/tests/libntp/authkeys.c
@@ -13,6 +13,7 @@
# include "openssl/rand.h"
# include "openssl/evp.h"
#endif
+#include <limits.h>
u_long current_time = 4;
int counter = 0;
@@ -27,6 +28,7 @@ void test_HaveKeyCorrect(void);
void test_HaveKeyIncorrect(void);
void test_AddWithAuthUseKey(void);
void test_EmptyKey(void);
+void test_auth_log2(void);
void
@@ -70,7 +72,7 @@ AddTrustedKey(keyid_t keyno)
* We need to add a MD5-key in addition to setting the
* trust, because authhavekey() requires type != 0.
*/
- MD5auth_setkey(keyno, KEYTYPE, NULL, 0);
+ MD5auth_setkey(keyno, KEYTYPE, NULL, 0, NULL);
authtrust(keyno, TRUE);
@@ -158,3 +160,39 @@ test_EmptyKey(void)
return;
}
+
+/* test the implementation of 'auth_log2' -- use a local copy of the code */
+
+static u_short
+auth_log2(
+ size_t x)
+{
+ int s;
+ int r = 0;
+ size_t m = ~(size_t)0;
+
+ for (s = sizeof(size_t) / 2 * CHAR_BIT; s != 0; s >>= 1) {
+ m <<= s;
+ if (x & m)
+ r += s;
+ else
+ x <<= s;
+ }
+ return (u_short)r;
+}
+
+void
+test_auth_log2(void)
+{
+ int l2;
+ size_t tv;
+
+ TEST_ASSERT_EQUAL_INT(0, auth_log2(0));
+ TEST_ASSERT_EQUAL_INT(0, auth_log2(1));
+ for (l2 = 1; l2 < sizeof(size_t)*CHAR_BIT; ++l2) {
+ tv = (size_t)1 << l2;
+ TEST_ASSERT_EQUAL_INT(l2, auth_log2( tv ));
+ TEST_ASSERT_EQUAL_INT(l2, auth_log2( tv + 1 ));
+ TEST_ASSERT_EQUAL_INT(l2, auth_log2(2*tv - 1));
+ }
+}
diff --git a/contrib/ntp/tests/libntp/decodenetnum.c b/contrib/ntp/tests/libntp/decodenetnum.c
index 0d2b0b54e04b..64980fc3d586 100644
--- a/contrib/ntp/tests/libntp/decodenetnum.c
+++ b/contrib/ntp/tests/libntp/decodenetnum.c
@@ -7,25 +7,30 @@
void setUp(void);
extern void test_IPv4AddressOnly(void);
extern void test_IPv4AddressWithPort(void);
-//#ifdef ISC_PLATFORM_HAVEIPV6
extern void test_IPv6AddressOnly(void);
extern void test_IPv6AddressWithPort(void);
-//#endif /* ISC_PLATFORM_HAVEIPV6 */
extern void test_IllegalAddress(void);
extern void test_IllegalCharInPort(void);
-
+/*
+ * NOTE: The IPv6 specific tests are reduced to stubs when IPv6 is
+ * disabled.
+ *
+ * ISC_PLATFORM_HAVEIPV6 checks if system has IPV6 capabilies. WANTIPV6
+ * ISC_PLATFORM_WANTIPV6 can be changed with build --disable-ipv6.
+ *
+ * If we want IPv6 but don't have it, the tests should fail, I think.
+ */
void
setUp(void)
{
init_lib();
-
- return;
}
void
-test_IPv4AddressOnly(void) {
+test_IPv4AddressOnly(void)
+{
const char *str = "192.0.2.1";
sockaddr_u actual;
@@ -39,7 +44,8 @@ test_IPv4AddressOnly(void) {
}
void
-test_IPv4AddressWithPort(void) {
+test_IPv4AddressWithPort(void)
+{
const char *str = "192.0.2.2:2000";
sockaddr_u actual;
@@ -54,15 +60,15 @@ test_IPv4AddressWithPort(void) {
void
-test_IPv6AddressOnly(void) {
-
-//#ifdef ISC_PLATFORM_HAVEIPV6 //looks like HAVEIPV6 checks if system has IPV6 capabilies. WANTIPV6 can be changed with build --disable-ipv6
+test_IPv6AddressOnly(void)
+{
#ifdef ISC_PLATFORM_WANTIPV6
+
const struct in6_addr address = {
0x20, 0x01, 0x0d, 0xb8,
- 0x85, 0xa3, 0x08, 0xd3,
- 0x13, 0x19, 0x8a, 0x2e,
- 0x03, 0x70, 0x73, 0x34
+ 0x85, 0xa3, 0x08, 0xd3,
+ 0x13, 0x19, 0x8a, 0x2e,
+ 0x03, 0x70, 0x73, 0x34
};
const char *str = "2001:0db8:85a3:08d3:1319:8a2e:0370:7334";
@@ -77,24 +83,23 @@ test_IPv6AddressOnly(void) {
TEST_ASSERT_TRUE(IsEqual(expected, actual));
#else
+
TEST_IGNORE_MESSAGE("IPV6 disabled in build, skipping.");
+
#endif /* ISC_PLATFORM_HAVEIPV6 */
-
-
}
-
void
-test_IPv6AddressWithPort(void) {
-
+test_IPv6AddressWithPort(void)
+{
#ifdef ISC_PLATFORM_WANTIPV6
const struct in6_addr address = {
0x20, 0x01, 0x0d, 0xb8,
- 0x85, 0xa3, 0x08, 0xd3,
- 0x13, 0x19, 0x8a, 0x2e,
- 0x03, 0x70, 0x73, 0x34
+ 0x85, 0xa3, 0x08, 0xd3,
+ 0x13, 0x19, 0x8a, 0x2e,
+ 0x03, 0x70, 0x73, 0x34
};
const char *str = "[2001:0db8:85a3:08d3:1319:8a2e:0370:7334]:3000";
@@ -109,21 +114,26 @@ test_IPv6AddressWithPort(void) {
TEST_ASSERT_TRUE(IsEqual(expected, actual));
#else
+
TEST_IGNORE_MESSAGE("IPV6 disabled in build, skipping.");
+
#endif /* ISC_PLATFORM_HAVEIPV6 */
}
void
-test_IllegalAddress(void) {
+test_IllegalAddress(void)
+{
const char *str = "192.0.2.270:2000";
sockaddr_u actual;
TEST_ASSERT_FALSE(decodenetnum(str, &actual));
}
+
void
-test_IllegalCharInPort(void) {
+test_IllegalCharInPort(void)
+{
/* An illegal port does not make the decodenetnum fail, but instead
* makes it use the standard port.
*/
diff --git a/contrib/ntp/tests/libntp/run-authkeys.c b/contrib/ntp/tests/libntp/run-authkeys.c
index 6a2b67081f9e..cc91876a8735 100644
--- a/contrib/ntp/tests/libntp/run-authkeys.c
+++ b/contrib/ntp/tests/libntp/run-authkeys.c
@@ -26,6 +26,7 @@
#include "ntp.h"
#include "ntp_stdlib.h"
#include "ntp_calendar.h"
+#include <limits.h>
//=======External Functions This Runner Calls=====
extern void setUp(void);
@@ -36,6 +37,7 @@ extern void test_HaveKeyCorrect(void);
extern void test_HaveKeyIncorrect(void);
extern void test_AddWithAuthUseKey(void);
extern void test_EmptyKey(void);
+extern void test_auth_log2(void);
//=======Test Reset Option=====
@@ -54,12 +56,13 @@ int main(int argc, char *argv[])
{
progname = argv[0];
UnityBegin("authkeys.c");
- RUN_TEST(test_AddTrustedKeys, 24);
- RUN_TEST(test_AddUntrustedKey, 25);
- RUN_TEST(test_HaveKeyCorrect, 26);
- RUN_TEST(test_HaveKeyIncorrect, 27);
- RUN_TEST(test_AddWithAuthUseKey, 28);
- RUN_TEST(test_EmptyKey, 29);
+ RUN_TEST(test_AddTrustedKeys, 25);
+ RUN_TEST(test_AddUntrustedKey, 26);
+ RUN_TEST(test_HaveKeyCorrect, 27);
+ RUN_TEST(test_HaveKeyIncorrect, 28);
+ RUN_TEST(test_AddWithAuthUseKey, 29);
+ RUN_TEST(test_EmptyKey, 30);
+ RUN_TEST(test_auth_log2, 31);
return (UnityEnd());
}
diff --git a/contrib/ntp/tests/libntp/run-decodenetnum.c b/contrib/ntp/tests/libntp/run-decodenetnum.c
index 57b955c2a046..d41f93eb4f3d 100644
--- a/contrib/ntp/tests/libntp/run-decodenetnum.c
+++ b/contrib/ntp/tests/libntp/run-decodenetnum.c
@@ -55,10 +55,10 @@ int main(int argc, char *argv[])
UnityBegin("decodenetnum.c");
RUN_TEST(test_IPv4AddressOnly, 8);
RUN_TEST(test_IPv4AddressWithPort, 9);
- RUN_TEST(test_IPv6AddressOnly, 11);
- RUN_TEST(test_IPv6AddressWithPort, 12);
- RUN_TEST(test_IllegalAddress, 14);
- RUN_TEST(test_IllegalCharInPort, 15);
+ RUN_TEST(test_IPv6AddressOnly, 10);
+ RUN_TEST(test_IPv6AddressWithPort, 11);
+ RUN_TEST(test_IllegalAddress, 12);
+ RUN_TEST(test_IllegalCharInPort, 13);
return (UnityEnd());
}
diff --git a/contrib/ntp/tests/libntp/run-socktoa.c b/contrib/ntp/tests/libntp/run-socktoa.c
index df6ec9c06bfa..bde07ed60a6a 100644
--- a/contrib/ntp/tests/libntp/run-socktoa.c
+++ b/contrib/ntp/tests/libntp/run-socktoa.c
@@ -55,11 +55,11 @@ int main(int argc, char *argv[])
progname = argv[0];
UnityBegin("socktoa.c");
RUN_TEST(test_IPv4AddressWithPort, 11);
- RUN_TEST(test_IPv6AddressWithPort, 13);
- RUN_TEST(test_IgnoreIPv6Fields, 14);
- RUN_TEST(test_ScopedIPv6AddressWithPort, 16);
- RUN_TEST(test_HashEqual, 17);
- RUN_TEST(test_HashNotEqual, 18);
+ RUN_TEST(test_IPv6AddressWithPort, 12);
+ RUN_TEST(test_IgnoreIPv6Fields, 13);
+ RUN_TEST(test_ScopedIPv6AddressWithPort, 14);
+ RUN_TEST(test_HashEqual, 15);
+ RUN_TEST(test_HashNotEqual, 16);
return (UnityEnd());
}
diff --git a/contrib/ntp/tests/libntp/socktoa.c b/contrib/ntp/tests/libntp/socktoa.c
index 84231060f743..e9be1829fc6c 100644
--- a/contrib/ntp/tests/libntp/socktoa.c
+++ b/contrib/ntp/tests/libntp/socktoa.c
@@ -9,10 +9,8 @@
void setUp(void);
void test_IPv4AddressWithPort(void);
-//#ifdef ISC_PLATFORM_HAVEIPV6
void test_IPv6AddressWithPort(void);
void test_IgnoreIPv6Fields(void);
-//#endif /* ISC_PLATFORM_HAVEIPV6 */
void test_ScopedIPv6AddressWithPort(void);
void test_HashEqual(void);
void test_HashNotEqual(void);
@@ -22,13 +20,12 @@ void
setUp(void)
{
init_lib();
-
- return;
}
void
-test_IPv4AddressWithPort(void) {
+test_IPv4AddressWithPort(void)
+{
sockaddr_u input = CreateSockaddr4("192.0.2.10", 123);
TEST_ASSERT_EQUAL_STRING("192.0.2.10", socktoa(&input));
@@ -37,8 +34,8 @@ test_IPv4AddressWithPort(void) {
void
-test_IPv6AddressWithPort(void) {
-
+test_IPv6AddressWithPort(void)
+{
#ifdef ISC_PLATFORM_WANTIPV6
const struct in6_addr address = {
@@ -63,16 +60,18 @@ test_IPv6AddressWithPort(void) {
TEST_ASSERT_EQUAL_STRING(expected_port, sockporttoa(&input));
#else
+
TEST_IGNORE_MESSAGE("IPV6 disabled in build, skipping.");
#endif /* ISC_PLATFORM_HAVEIPV6 */
-
}
void
-test_ScopedIPv6AddressWithPort(void) {
+test_ScopedIPv6AddressWithPort(void)
+{
#ifdef ISC_PLATFORM_HAVESCOPEID
+
const struct in6_addr address = { { {
0xfe, 0x80, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
@@ -95,12 +94,16 @@ test_ScopedIPv6AddressWithPort(void) {
TEST_ASSERT_EQUAL_STRING(expected, socktoa(&input));
TEST_ASSERT_EQUAL_STRING(expected_port, sockporttoa(&input));
#else
+
TEST_IGNORE_MESSAGE("Skipping because ISC_PLATFORM does not have Scope ID");
+
#endif
}
+
void
-test_HashEqual(void) {
+test_HashEqual(void)
+{
sockaddr_u input1 = CreateSockaddr4("192.00.2.2", 123);
sockaddr_u input2 = CreateSockaddr4("192.0.2.2", 123);
@@ -108,8 +111,10 @@ test_HashEqual(void) {
TEST_ASSERT_EQUAL(sock_hash(&input1), sock_hash(&input2));
}
+
void
-test_HashNotEqual(void) {
+test_HashNotEqual(void)
+{
/* These two addresses should not generate the same hash. */
sockaddr_u input1 = CreateSockaddr4("192.0.2.1", 123);
sockaddr_u input2 = CreateSockaddr4("192.0.2.2", 123);
@@ -120,15 +125,15 @@ test_HashNotEqual(void) {
void
-test_IgnoreIPv6Fields(void) {
-
+test_IgnoreIPv6Fields(void)
+{
#ifdef ISC_PLATFORM_WANTIPV6
const struct in6_addr address = {
0x20, 0x01, 0x0d, 0xb8,
- 0x85, 0xa3, 0x08, 0xd3,
- 0x13, 0x19, 0x8a, 0x2e,
- 0x03, 0x70, 0x73, 0x34
+ 0x85, 0xa3, 0x08, 0xd3,
+ 0x13, 0x19, 0x8a, 0x2e,
+ 0x03, 0x70, 0x73, 0x34
};
sockaddr_u input1, input2;
@@ -146,7 +151,8 @@ test_IgnoreIPv6Fields(void) {
TEST_ASSERT_EQUAL(sock_hash(&input1), sock_hash(&input2));
#else
+
TEST_IGNORE_MESSAGE("IPV6 disabled in build, skipping.");
+
#endif /* ISC_PLATFORM_HAVEIPV6 */
}
-
diff --git a/contrib/ntp/tests/ntpd/t-ntp_signd.c b/contrib/ntp/tests/ntpd/t-ntp_signd.c
index 534c940d22c1..40e7ac07a612 100644
--- a/contrib/ntp/tests/ntpd/t-ntp_signd.c
+++ b/contrib/ntp/tests/ntpd/t-ntp_signd.c
@@ -139,6 +139,7 @@ test_send_packet(void)
void
test_recv_packet(void)
{
+#if 0
int fd = ux_socket_connect("/socket");
TEST_ASSERT_TRUE(isGE(fd, 0));
@@ -152,6 +153,9 @@ test_recv_packet(void)
TEST_ASSERT_EQUAL(0,temp); //0 because nobody sent us anything (yet!)
(void)close(fd);
+#else
+ TEST_IGNORE_MESSAGE("test_recv_packet() needs work");
+#endif
return;
}