aboutsummaryrefslogtreecommitdiff
path: root/src/test
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus@mullvad.net>2022-10-12 20:29:11 +0200
committerDavid Goulet <dgoulet@torproject.org>2022-11-09 15:30:43 -0500
commit21eac1e8d8a116f2dd8dd0a7d150916646ee9120 (patch)
tree783574117b03f82fa0238fcdac4fc0637c02c269 /src/test
parent0fe2096144104e63d403896844af121c9622a7a8 (diff)
downloadtor-21eac1e8d8a116f2dd8dd0a7d150916646ee9120.tar.gz
tor-21eac1e8d8a116f2dd8dd0a7d150916646ee9120.zip
dns: Make TTLs fuzzy at exit relays
This change mitigates DNS-based website oracles by making the time that a domain name is cached uncertain (+- 4 minutes of what's measurable). Resolves TROVE-2021-009. Fixes #40674
Diffstat (limited to 'src/test')
-rw-r--r--src/test/test_dns.c31
1 files changed, 31 insertions, 0 deletions
diff --git a/src/test/test_dns.c b/src/test/test_dns.c
index dc38b53e0f..6612391127 100644
--- a/src/test/test_dns.c
+++ b/src/test/test_dns.c
@@ -90,6 +90,36 @@ test_dns_clip_ttl(void *arg)
return;
}
+static void
+test_dns_clip_fuzzy_ttl(void *arg)
+{
+ (void)arg;
+
+ /* Case 0: check that the fuzzy TTL constant is valid
+ */
+ tt_int_op(FUZZY_DNS_TTL, OP_LE, MIN_DNS_TTL);
+ tt_int_op(FUZZY_DNS_TTL, OP_LE, MAX_DNS_TTL);
+
+ /* Case 1: low clips
+ */
+ for (int i = 0; i < 1024; i++) {
+ int fuzzy_ttl = clip_dns_fuzzy_ttl(MIN_DNS_TTL - 1);
+ tt_int_op(fuzzy_ttl, OP_GE, MIN_DNS_TTL-FUZZY_DNS_TTL);
+ tt_int_op(fuzzy_ttl, OP_LE, MIN_DNS_TTL+FUZZY_DNS_TTL);
+ }
+
+ /* Case 2: high clips
+ */
+ for (int i = 0; i < 1024; i++) {
+ int fuzzy_ttl = clip_dns_fuzzy_ttl(MIN_DNS_TTL);
+ tt_int_op(fuzzy_ttl, OP_GE, MAX_DNS_TTL-FUZZY_DNS_TTL);
+ tt_int_op(fuzzy_ttl, OP_LE, MAX_DNS_TTL+FUZZY_DNS_TTL);
+ }
+
+ done:
+ return;
+}
+
static int resolve_retval = 0;
static int resolve_made_conn_pending = 0;
static char *resolved_name = NULL;
@@ -779,6 +809,7 @@ struct testcase_t dns_tests[] = {
TT_FORK, NULL, NULL },
#endif
{ "clip_ttl", test_dns_clip_ttl, TT_FORK, NULL, NULL },
+ { "clip_fuzzy_ttl", test_dns_clip_fuzzy_ttl, TT_FORK, NULL, NULL },
{ "resolve", test_dns_resolve, TT_FORK, NULL, NULL },
{ "impl_addr_is_ip", test_dns_impl_addr_is_ip, TT_FORK, NULL, NULL },
{ "impl_non_exit", test_dns_impl_non_exit, TT_FORK, NULL, NULL },