aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2017-01-03 10:11:23 -0500
committerNick Mathewson <nickm@torproject.org>2017-01-03 10:17:00 -0500
commitc4a6b56cc19878de4c76e83ce8e38ad709839d92 (patch)
tree8dcacd5e9b1bf64e412410fe22321ae0b2753756 /src
parentf23ec14d62f82ee424b7aef9ff1c2253c3dd2b10 (diff)
downloadtor-c4a6b56cc19878de4c76e83ce8e38ad709839d92.tar.gz
tor-c4a6b56cc19878de4c76e83ce8e38ad709839d92.zip
Fix unit test failures in response to DNS hijacking.
Some DNS NXDOMAIN hijackers hijack truly ridiculous domains, like "invalid-stuff!!" or "1.2.3.4.5". This would provoke unit test failures where we used addresses like that to force tor_addr_lookup() to fail. The fix, for testing, is to mock tor_addr_lookup() with a variant that always fails when it gets a name with a !. Fixes bugs 20862 and 20863.
Diffstat (limited to 'src')
-rw-r--r--src/test/test_config.c4
-rw-r--r--src/test/test_controller.c5
-rw-r--r--src/test/test_helpers.c15
-rw-r--r--src/test/test_helpers.h3
-rw-r--r--src/test/test_options.c11
5 files changed, 35 insertions, 3 deletions
diff --git a/src/test/test_config.c b/src/test/test_config.c
index a540bcc138..eeda34e089 100644
--- a/src/test/test_config.c
+++ b/src/test/test_config.c
@@ -46,6 +46,8 @@
#include "transports.h"
#include "util.h"
+#include "test_helpers.h"
+
static void
test_config_addressmap(void *arg)
{
@@ -4701,8 +4703,10 @@ test_config_parse_port_config__ports__ports_given(void *data)
// Test failure when asked to parse an invalid address followed by auto
config_free_lines(config_port_invalid); config_port_invalid = NULL;
config_port_invalid = mock_config_line("DNSPort", "invalidstuff!!:auto");
+ MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs);
ret = parse_port_config(NULL, config_port_invalid, NULL, "DNS", 0,
"127.0.0.46", 0, 0);
+ UNMOCK(tor_addr_lookup);
tt_int_op(ret, OP_EQ, -1);
// Test success with parsing both an address and a real port
diff --git a/src/test/test_controller.c b/src/test/test_controller.c
index 4e65d76662..d9c0a1eaac 100644
--- a/src/test/test_controller.c
+++ b/src/test/test_controller.c
@@ -10,6 +10,7 @@
#include "rendservice.h"
#include "routerlist.h"
#include "test.h"
+#include "test_helpers.h"
static void
test_add_onion_helper_keyarg(void *arg)
@@ -186,8 +187,10 @@ test_rend_service_parse_port_config(void *arg)
tor_free(err_msg);
/* bogus IP address */
- cfg = rend_service_parse_port_config("100 1.2.3.4.5:9000",
+ MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs);
+ cfg = rend_service_parse_port_config("100 foo!!.example.com:9000",
" ", &err_msg);
+ UNMOCK(tor_addr_lookup);
tt_assert(!cfg);
tt_str_op(err_msg, OP_EQ, "Unparseable address in hidden service port "
"configuration.");
diff --git a/src/test/test_helpers.c b/src/test/test_helpers.c
index 132af39776..5b84366e6d 100644
--- a/src/test/test_helpers.c
+++ b/src/test/test_helpers.c
@@ -128,3 +128,18 @@ dummy_origin_circuit_new(int n_cells)
return TO_CIRCUIT(circ);
}
+/** Mock-replacement. As tor_addr_lookup, but always fails on any
+ * address containing a !. This is necessary for running the unit tests
+ * on networks where DNS hijackers think it's helpful to give answers
+ * for things like 1.2.3.4.5 or "invalidstuff!!"
+ */
+int
+mock_tor_addr_lookup__fail_on_bad_addrs(const char *name,
+ uint16_t family, tor_addr_t *out)
+{
+ if (name && strchr(name, '!')) {
+ return -1;
+ }
+ return tor_addr_lookup__real(name, family, out);
+}
+
diff --git a/src/test/test_helpers.h b/src/test/test_helpers.h
index ba93b100d5..c6d4d9c41f 100644
--- a/src/test/test_helpers.h
+++ b/src/test/test_helpers.h
@@ -17,6 +17,9 @@ void helper_setup_fake_routerlist(void);
void connection_write_to_buf_mock(const char *string, size_t len,
connection_t *conn, int zlib);
+int mock_tor_addr_lookup__fail_on_bad_addrs(const char *name,
+ uint16_t family, tor_addr_t *out);
+
extern const char TEST_DESCRIPTORS[];
#endif
diff --git a/src/test/test_options.c b/src/test/test_options.c
index e85e11805b..3fe0dc33b0 100644
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@ -18,6 +18,7 @@
#include "sandbox.h"
#include "memarea.h"
#include "policies.h"
+#include "test_helpers.h"
#define NS_MODULE test_options
@@ -648,18 +649,21 @@ test_options_validate__authdir(void *ignored)
int ret;
char *msg;
setup_capture_of_logs(LOG_INFO);
+ // XXXX But it _can_ exist, if you're DNS-hijacked.
options_test_data_t *tdata = get_options_test_data(
"AuthoritativeDirectory 1\n"
- "Address this.should.not_exist.example.org");
+ "Address this.should.not!exist!.example.org");
sandbox_disable_getaddrinfo_cache();
+ MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs);
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+ UNMOCK(tor_addr_lookup);
tt_int_op(ret, OP_EQ, -1);
tt_str_op(msg, OP_EQ, "Failed to resolve/guess local address. See logs for"
" details.");
expect_log_msg("Could not resolve local Address "
- "'this.should.not_exist.example.org'. Failing.\n");
+ "'this.should.not!exist!.example.org'. Failing.\n");
tor_free(msg);
free_options_test_data(tdata);
@@ -3037,6 +3041,7 @@ test_options_validate__proxy(void *ignored)
options_test_data_t *tdata = NULL;
sandbox_disable_getaddrinfo_cache();
setup_capture_of_logs(LOG_WARN);
+ MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs);
free_options_test_data(tdata);
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
@@ -3057,6 +3062,7 @@ test_options_validate__proxy(void *ignored)
tor_free(msg);
free_options_test_data(tdata);
+
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
"HttpProxy not_so_valid!\n"
);
@@ -3357,6 +3363,7 @@ test_options_validate__proxy(void *ignored)
policies_free_all();
// sandbox_free_getaddrinfo_cache();
tor_free(msg);
+ UNMOCK(tor_addr_lookup);
}
static void