diff options
author | Nick Mathewson <nickm@torproject.org> | 2017-01-03 10:11:23 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2017-01-03 10:17:00 -0500 |
commit | c4a6b56cc19878de4c76e83ce8e38ad709839d92 (patch) | |
tree | 8dcacd5e9b1bf64e412410fe22321ae0b2753756 /src/test | |
parent | f23ec14d62f82ee424b7aef9ff1c2253c3dd2b10 (diff) | |
download | tor-c4a6b56cc19878de4c76e83ce8e38ad709839d92.tar.gz tor-c4a6b56cc19878de4c76e83ce8e38ad709839d92.zip |
Fix unit test failures in response to DNS hijacking.
Some DNS NXDOMAIN hijackers hijack truly ridiculous domains, like
"invalid-stuff!!" or "1.2.3.4.5". This would provoke unit test
failures where we used addresses like that to force
tor_addr_lookup() to fail. The fix, for testing, is to mock
tor_addr_lookup() with a variant that always fails when it gets
a name with a !.
Fixes bugs 20862 and 20863.
Diffstat (limited to 'src/test')
-rw-r--r-- | src/test/test_config.c | 4 | ||||
-rw-r--r-- | src/test/test_controller.c | 5 | ||||
-rw-r--r-- | src/test/test_helpers.c | 15 | ||||
-rw-r--r-- | src/test/test_helpers.h | 3 | ||||
-rw-r--r-- | src/test/test_options.c | 11 |
5 files changed, 35 insertions, 3 deletions
diff --git a/src/test/test_config.c b/src/test/test_config.c index a540bcc138..eeda34e089 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -46,6 +46,8 @@ #include "transports.h" #include "util.h" +#include "test_helpers.h" + static void test_config_addressmap(void *arg) { @@ -4701,8 +4703,10 @@ test_config_parse_port_config__ports__ports_given(void *data) // Test failure when asked to parse an invalid address followed by auto config_free_lines(config_port_invalid); config_port_invalid = NULL; config_port_invalid = mock_config_line("DNSPort", "invalidstuff!!:auto"); + MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs); ret = parse_port_config(NULL, config_port_invalid, NULL, "DNS", 0, "127.0.0.46", 0, 0); + UNMOCK(tor_addr_lookup); tt_int_op(ret, OP_EQ, -1); // Test success with parsing both an address and a real port diff --git a/src/test/test_controller.c b/src/test/test_controller.c index 4e65d76662..d9c0a1eaac 100644 --- a/src/test/test_controller.c +++ b/src/test/test_controller.c @@ -10,6 +10,7 @@ #include "rendservice.h" #include "routerlist.h" #include "test.h" +#include "test_helpers.h" static void test_add_onion_helper_keyarg(void *arg) @@ -186,8 +187,10 @@ test_rend_service_parse_port_config(void *arg) tor_free(err_msg); /* bogus IP address */ - cfg = rend_service_parse_port_config("100 1.2.3.4.5:9000", + MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs); + cfg = rend_service_parse_port_config("100 foo!!.example.com:9000", " ", &err_msg); + UNMOCK(tor_addr_lookup); tt_assert(!cfg); tt_str_op(err_msg, OP_EQ, "Unparseable address in hidden service port " "configuration."); diff --git a/src/test/test_helpers.c b/src/test/test_helpers.c index 132af39776..5b84366e6d 100644 --- a/src/test/test_helpers.c +++ b/src/test/test_helpers.c @@ -128,3 +128,18 @@ dummy_origin_circuit_new(int n_cells) return TO_CIRCUIT(circ); } +/** Mock-replacement. As tor_addr_lookup, but always fails on any + * address containing a !. This is necessary for running the unit tests + * on networks where DNS hijackers think it's helpful to give answers + * for things like 1.2.3.4.5 or "invalidstuff!!" + */ +int +mock_tor_addr_lookup__fail_on_bad_addrs(const char *name, + uint16_t family, tor_addr_t *out) +{ + if (name && strchr(name, '!')) { + return -1; + } + return tor_addr_lookup__real(name, family, out); +} + diff --git a/src/test/test_helpers.h b/src/test/test_helpers.h index ba93b100d5..c6d4d9c41f 100644 --- a/src/test/test_helpers.h +++ b/src/test/test_helpers.h @@ -17,6 +17,9 @@ void helper_setup_fake_routerlist(void); void connection_write_to_buf_mock(const char *string, size_t len, connection_t *conn, int zlib); +int mock_tor_addr_lookup__fail_on_bad_addrs(const char *name, + uint16_t family, tor_addr_t *out); + extern const char TEST_DESCRIPTORS[]; #endif diff --git a/src/test/test_options.c b/src/test/test_options.c index e85e11805b..3fe0dc33b0 100644 --- a/src/test/test_options.c +++ b/src/test/test_options.c @@ -18,6 +18,7 @@ #include "sandbox.h" #include "memarea.h" #include "policies.h" +#include "test_helpers.h" #define NS_MODULE test_options @@ -648,18 +649,21 @@ test_options_validate__authdir(void *ignored) int ret; char *msg; setup_capture_of_logs(LOG_INFO); + // XXXX But it _can_ exist, if you're DNS-hijacked. options_test_data_t *tdata = get_options_test_data( "AuthoritativeDirectory 1\n" - "Address this.should.not_exist.example.org"); + "Address this.should.not!exist!.example.org"); sandbox_disable_getaddrinfo_cache(); + MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs); ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg); + UNMOCK(tor_addr_lookup); tt_int_op(ret, OP_EQ, -1); tt_str_op(msg, OP_EQ, "Failed to resolve/guess local address. See logs for" " details."); expect_log_msg("Could not resolve local Address " - "'this.should.not_exist.example.org'. Failing.\n"); + "'this.should.not!exist!.example.org'. Failing.\n"); tor_free(msg); free_options_test_data(tdata); @@ -3037,6 +3041,7 @@ test_options_validate__proxy(void *ignored) options_test_data_t *tdata = NULL; sandbox_disable_getaddrinfo_cache(); setup_capture_of_logs(LOG_WARN); + MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs); free_options_test_data(tdata); tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES @@ -3057,6 +3062,7 @@ test_options_validate__proxy(void *ignored) tor_free(msg); free_options_test_data(tdata); + tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES "HttpProxy not_so_valid!\n" ); @@ -3357,6 +3363,7 @@ test_options_validate__proxy(void *ignored) policies_free_all(); // sandbox_free_getaddrinfo_cache(); tor_free(msg); + UNMOCK(tor_addr_lookup); } static void |