1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
From 3d1550354c3c6a8491c39881752d51cb7515f2c2 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 8 Feb 2021 10:22:39 +0000
Subject: [PATCH 5/5] tls-interaction: Add test coverage for various ways to
set the password
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit df4501316ca3903072400504a5ea76498db19538)
Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz]
CVE: CVE-2021-27219
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
---
gio/tests/tls-interaction.c | 55 +++++++++++++++++++++++++++++++++++++
1 file changed, 55 insertions(+)
diff --git a/gio/tests/tls-interaction.c b/gio/tests/tls-interaction.c
index 4f0737d7e..5661e8e0d 100644
--- a/gio/tests/tls-interaction.c
+++ b/gio/tests/tls-interaction.c
@@ -174,6 +174,38 @@ test_interaction_ask_password_finish_failure (GTlsInteraction *interaction,
}
+/* Return a copy of @str that is allocated in a silly way, to exercise
+ * custom free-functions. The returned pointer points to a copy of @str
+ * in a buffer of the form "BEFORE \0 str \0 AFTER". */
+static guchar *
+special_dup (const char *str)
+{
+ GString *buf = g_string_new ("BEFORE");
+ guchar *ret;
+
+ g_string_append_c (buf, '\0');
+ g_string_append (buf, str);
+ g_string_append_c (buf, '\0');
+ g_string_append (buf, "AFTER");
+ ret = (guchar *) g_string_free (buf, FALSE);
+ return ret + strlen ("BEFORE") + 1;
+}
+
+
+/* Free a copy of @str that was made with special_dup(), after asserting
+ * that it has not been corrupted. */
+static void
+special_free (gpointer p)
+{
+ gchar *s = p;
+ gchar *buf = s - strlen ("BEFORE") - 1;
+
+ g_assert_cmpstr (buf, ==, "BEFORE");
+ g_assert_cmpstr (s + strlen (s) + 1, ==, "AFTER");
+ g_free (buf);
+}
+
+
static GTlsInteractionResult
test_interaction_ask_password_sync_success (GTlsInteraction *interaction,
GTlsPassword *password,
@@ -181,6 +213,8 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction,
GError **error)
{
TestInteraction *self;
+ const guchar *value;
+ gsize len;
g_assert (TEST_IS_INTERACTION (interaction));
self = TEST_INTERACTION (interaction);
@@ -192,6 +226,27 @@ test_interaction_ask_password_sync_success (GTlsInteraction *interaction,
g_assert (error != NULL);
g_assert (*error == NULL);
+ /* Exercise different ways to set the value */
+ g_tls_password_set_value (password, (const guchar *) "foo", 4);
+ len = 0;
+ value = g_tls_password_get_value (password, &len);
+ g_assert_cmpmem (value, len, "foo", 4);
+
+ g_tls_password_set_value (password, (const guchar *) "bar", -1);
+ len = 0;
+ value = g_tls_password_get_value (password, &len);
+ g_assert_cmpmem (value, len, "bar", 3);
+
+ g_tls_password_set_value_full (password, special_dup ("baa"), 4, special_free);
+ len = 0;
+ value = g_tls_password_get_value (password, &len);
+ g_assert_cmpmem (value, len, "baa", 4);
+
+ g_tls_password_set_value_full (password, special_dup ("baz"), -1, special_free);
+ len = 0;
+ value = g_tls_password_get_value (password, &len);
+ g_assert_cmpmem (value, len, "baz", 3);
+
/* Don't do this in real life. Include a null terminator for testing */
g_tls_password_set_value (password, (const guchar *)"the password", 13);
return G_TLS_INTERACTION_HANDLED;
--
GitLab
|
