From 57f04a482e8e6ffe2f209cd1e5c732050f534ac4 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 27 Sep 2017 19:37:36 -0400 Subject: Test more error cases of our socks code. Coverage is now respectable. :) --- src/test/test_socks.c | 127 ++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 123 insertions(+), 4 deletions(-) (limited to 'src/test/test_socks.c') diff --git a/src/test/test_socks.c b/src/test/test_socks.c index 331e378452..1568453685 100644 --- a/src/test/test_socks.c +++ b/src/test/test_socks.c @@ -8,6 +8,7 @@ #include "config.h" #include "proto_socks.h" #include "test.h" +#include "log_test_helpers.h" typedef struct socks_test_data_t { socks_request_t *req; @@ -98,8 +99,7 @@ test_socks_4_supported_commands(void *ptr) /* SOCKS 4 Send CONNECT [01] to IP address 2.2.2.2:4369 with userid*/ ADD_DATA(buf, "\x04\x01\x11\x12\x02\x02\x02\x04me\x00"); - tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, - get_options()->SafeSocks), + tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, 1); tt_int_op(4,OP_EQ, socks->socks_version); tt_int_op(0,OP_EQ, socks->replylen); /* XXX: shouldn't tor reply? */ @@ -116,7 +116,7 @@ test_socks_4_supported_commands(void *ptr) /* SOCKS 4a Send RESOLVE [F0] request for torproject.org */ ADD_DATA(buf, "\x04\xF0\x01\x01\x00\x00\x00\x02me\x00torproject.org\x00"); - tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, + tt_int_op(fetch_from_buf_socks(buf, socks, 1, get_options()->SafeSocks), OP_EQ, 1); tt_int_op(4,OP_EQ, socks->socks_version); @@ -129,6 +129,83 @@ test_socks_4_supported_commands(void *ptr) ; } +static void +test_socks_4_bad_arguments(void *ptr) +{ + SOCKS_TEST_INIT(); + setup_capture_of_logs(LOG_DEBUG); + + /* Try with 0 IPv4 address */ + ADD_DATA(buf, "\x04\x01\x00\x50\x00\x00\x00\x00\x00"); + tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, + get_options()->SafeSocks), + OP_EQ, -1); + buf_clear(buf); + expect_log_msg_containing("Port or DestIP is zero."); + mock_clean_saved_logs(); + + /* Try with 0 port */ + ADD_DATA(buf, "\x04\x01\x00\x00\x01\x02\x03\x04\x00"); + tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, + get_options()->SafeSocks), + OP_EQ, -1); + buf_clear(buf); + expect_log_msg_containing("Port or DestIP is zero."); + mock_clean_saved_logs(); + + /* Try with 2000-byte username (!) */ + ADD_DATA(buf, "\x04\x01\x00\x50\x01\x02\x03\x04"); + int i; + for (i = 0; i < 200; ++i) { + ADD_DATA(buf, "1234567890"); + } + ADD_DATA(buf, "\x00"); + tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), + OP_EQ, -1); + buf_clear(buf); + expect_log_msg_containing("user name too long; rejecting."); + mock_clean_saved_logs(); + + /* Try with 2000-byte hostname */ + ADD_DATA(buf, "\x04\x01\x00\x50\x00\x00\x00\x01\x00"); + for (i = 0; i < 200; ++i) { + ADD_DATA(buf, "1234567890"); + } + ADD_DATA(buf, "\x00"); + { + const char *p; + size_t s; + buf_pullup(buf, 9999, &p, &s); + } + tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), + OP_EQ, -1); + buf_clear(buf); + expect_log_msg_containing("Destaddr too long. Rejecting."); + mock_clean_saved_logs(); + + /* Try with 2000-byte hostname, not terminated. */ + ADD_DATA(buf, "\x04\x01\x00\x50\x00\x00\x00\x01\x00"); + for (i = 0; i < 200; ++i) { + ADD_DATA(buf, "1234567890"); + } + tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), + OP_EQ, -1); + buf_clear(buf); + expect_log_msg_containing("Destaddr too long."); + mock_clean_saved_logs(); + + /* Socks4, bogus hostname */ + ADD_DATA(buf, "\x04\x01\x00\x50\x00\x00\x00\x01\x00" "---\x00" ); + tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, -1); + buf_clear(buf); + expect_log_msg_containing("Your application (using socks4 to port 80) " + "gave Tor a malformed hostname: "); + mock_clean_saved_logs(); + + done: + teardown_capture_of_logs(); +} + /** Perform unsupported SOCKS 5 commands */ static void test_socks_5_unsupported_commands(void *ptr) @@ -225,7 +302,7 @@ test_socks_5_supported_commands(void *ptr) /* SOCKS 5 Send CONNECT [01] to FQDN torproject.org:4369 */ ADD_DATA(buf, "\x05\x01\x00"); ADD_DATA(buf, "\x05\x01\x00\x03\x0Etorproject.org\x11\x11"); - tt_int_op(fetch_from_buf_socks(buf, socks, get_options()->TestSocks, + tt_int_op(fetch_from_buf_socks(buf, socks, 1, get_options()->SafeSocks),OP_EQ, 1); tt_int_op(5,OP_EQ, socks->socks_version); @@ -557,6 +634,25 @@ test_socks_5_malformed_commands(void *ptr) ; } +static void +test_socks_5_bad_arguments(void *ptr) +{ + SOCKS_TEST_INIT(); + setup_capture_of_logs(LOG_DEBUG); + + /* Socks5, bogus hostname */ + ADD_DATA(buf, "\x05\x01\x00" "\x05\x01\x00\x03\x03" "---" "\x00\x50" ); + tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, -1); + buf_clear(buf); + expect_log_msg_containing("Your application (using socks5 to port 80) " + "gave Tor a malformed hostname: "); + mock_clean_saved_logs(); + socks_request_clear(socks); + + done: + teardown_capture_of_logs(); +} + /** check for correct behavior when the socks command has not arrived. */ static void test_socks_truncated(void *ptr) @@ -656,6 +752,25 @@ test_socks_truncated(void *ptr) ; } +static void +test_socks_wrong_protocol(void *ptr) +{ + SOCKS_TEST_INIT(); + setup_capture_of_logs(LOG_DEBUG); + + /* HTTP request. */ + ADD_DATA(buf, "GET /index.html HTTP/1.0" ); + tt_int_op(fetch_from_buf_socks(buf, socks, 1, 0), OP_EQ, -1); + buf_clear(buf); + expect_log_msg_containing("Socks version 71 not recognized. " + "(Tor is not an http proxy.)"); + mock_clean_saved_logs(); + socks_request_clear(socks); + + done: + teardown_capture_of_logs(); +} + /* Check our client-side socks4 parsing (that is to say, our parsing of * server responses). */ @@ -889,6 +1004,7 @@ test_socks_client_truncated(void *arg) struct testcase_t socks_tests[] = { SOCKSENT(4_unsupported_commands), SOCKSENT(4_supported_commands), + SOCKSENT(4_bad_arguments), SOCKSENT(5_unsupported_commands), SOCKSENT(5_supported_commands), @@ -899,9 +1015,12 @@ struct testcase_t socks_tests[] = { SOCKSENT(5_authenticate), SOCKSENT(5_authenticate_with_data), SOCKSENT(5_malformed_commands), + SOCKSENT(5_bad_arguments), SOCKSENT(truncated), + SOCKSENT(wrong_protocol), + { "client/v4", test_socks_client_v4, TT_FORK, NULL, NULL }, { "client/v5_auth", test_socks_client_v5_auth, TT_FORK, NULL, NULL }, { "client/v5_connect", test_socks_client_v5_connect, TT_FORK, NULL, NULL }, -- cgit v1.2.3-54-g00ecf