108 lines
4.5 KiB
Diff
108 lines
4.5 KiB
Diff
From 9bbb817c0c5434f03613d0783b2ef5f52235b901 Mon Sep 17 00:00:00 2001
|
|
From: Norbert Pocs <norbertpocs0@gmail.com>
|
|
Date: Tue, 10 Oct 2023 12:45:28 +0200
|
|
Subject: [PATCH 05/20] CVE-2023-6004: torture_misc: Add test for
|
|
ssh_check_hostname_syntax
|
|
|
|
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
|
|
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
|
|
---
|
|
tests/unittests/torture_misc.c | 73 ++++++++++++++++++++++++++++++++++
|
|
1 file changed, 73 insertions(+)
|
|
|
|
diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c
|
|
index 9e346ff8..e682b6d4 100644
|
|
--- a/tests/unittests/torture_misc.c
|
|
+++ b/tests/unittests/torture_misc.c
|
|
@@ -760,6 +760,78 @@ static void torture_ssh_strerror(void **state)
|
|
assert_non_null(out);
|
|
}
|
|
|
|
+static void torture_ssh_check_hostname_syntax(void **state)
|
|
+{
|
|
+ int rc;
|
|
+ (void)state;
|
|
+
|
|
+ rc = ssh_check_hostname_syntax("duckduckgo.com");
|
|
+ assert_int_equal(rc, SSH_OK);
|
|
+ rc = ssh_check_hostname_syntax("www.libssh.org");
|
|
+ assert_int_equal(rc, SSH_OK);
|
|
+ rc = ssh_check_hostname_syntax("Some-Thing.com");
|
|
+ assert_int_equal(rc, SSH_OK);
|
|
+ rc = ssh_check_hostname_syntax("amazon.a23456789012345678901234567890123456789012345678901234567890123");
|
|
+ assert_int_equal(rc, SSH_OK);
|
|
+ rc = ssh_check_hostname_syntax("amazon.a23456789012345678901234567890123456789012345678901234567890123.a23456789012345678901234567890123456789012345678901234567890123.ok");
|
|
+ assert_int_equal(rc, SSH_OK);
|
|
+ rc = ssh_check_hostname_syntax("amazon.a23456789012345678901234567890123456789012345678901234567890123.a23456789012345678901234567890123456789012345678901234567890123.a23456789012345678901234567890123456789012345678901234567890123");
|
|
+ assert_int_equal(rc, SSH_OK);
|
|
+ rc = ssh_check_hostname_syntax("lavabo-inter.innocentes-manus-meas");
|
|
+ assert_int_equal(rc, SSH_OK);
|
|
+ rc = ssh_check_hostname_syntax("localhost");
|
|
+ assert_int_equal(rc, SSH_OK);
|
|
+ rc = ssh_check_hostname_syntax("a");
|
|
+ assert_int_equal(rc, SSH_OK);
|
|
+ rc = ssh_check_hostname_syntax("a-0.b-b");
|
|
+ assert_int_equal(rc, SSH_OK);
|
|
+ rc = ssh_check_hostname_syntax("libssh.");
|
|
+ assert_int_equal(rc, SSH_OK);
|
|
+
|
|
+ rc = ssh_check_hostname_syntax(NULL);
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("/");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("@");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("[");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("`");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("{");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("&");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("|");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("\"");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("`");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax(" ");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("*the+giant&\"rooks\".c0m");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("!www.libssh.org");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("--.--");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("libssh.a234567890123456789012345678901234567890123456789012345678901234");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("libssh.a234567890123456789012345678901234567890123456789012345678901234.a234567890123456789012345678901234567890123456789012345678901234");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("libssh-");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("fe80::9656:d028:8652:66b6");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax(".");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+ rc = ssh_check_hostname_syntax("..");
|
|
+ assert_int_equal(rc, SSH_ERROR);
|
|
+}
|
|
+
|
|
int torture_run_tests(void) {
|
|
int rc;
|
|
struct CMUnitTest tests[] = {
|
|
@@ -784,6 +856,7 @@ int torture_run_tests(void) {
|
|
cmocka_unit_test(torture_ssh_quote_file_name),
|
|
cmocka_unit_test(torture_ssh_strreplace),
|
|
cmocka_unit_test(torture_ssh_strerror),
|
|
+ cmocka_unit_test(torture_ssh_check_hostname_syntax),
|
|
};
|
|
|
|
ssh_init();
|
|
--
|
|
2.33.0
|
|
|