diff options
| author | Simon McVittie <smcv@collabora.com> | 2022-09-12 13:28:29 +0100 |
|---|---|---|
| committer | Simon McVittie <smcv@collabora.com> | 2022-10-05 10:46:27 +0100 |
| commit | b9f914fa277d7e1152f5f7cc068b3eded69b78fc (patch) | |
| tree | f70fac5d3e9dc1ec053cf59c2c350d1309fb29cd | |
| parent | 3b8a7aff228770f4f7b478db606b10cceacea875 (diff) | |
| download | dbus-b9f914fa277d7e1152f5f7cc068b3eded69b78fc.tar.gz | |
test/data: Add messages that reproduce dbus/dbus#413, dbus/dbus#418
In debug builds with "embedded tests" enabled, these will automatically
be used as input for the message-internals test.
Some of the messages themselves are output from a fuzzer, others are
simplifications to include only one reason for lack of validity per
message.
I've included an annotated hex-dump for each message here, but the dbus
test suite doesn't currently know how to convert hex to binary, so I've
also committed the corresponding binary. See the comment at the top of
each hex-dump for how to create the binary version (which requires the
xxd tool shipped with vim).
It would be nice for the dbus test suite to be able to convert the
annotated hex-dump to binary, either at build-time with a Python script
or at runtime by loading the text file and decoding the hex, but I don't
want to block on that for dbus/dbus#413 and dbus/dbus#418.
Reproduces: https://gitlab.freedesktop.org/dbus/dbus/-/issues/413
Reproduces: https://gitlab.freedesktop.org/dbus/dbus/-/issues/418
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit d633016f7340f83142f19f4bcac08c57e1f2fd2f)
[backport to 1.14.x: discard Meson build system updates]
(cherry picked from commit c0bfcc097896fb57a96f55818fc5fe97db679cbf)
[backport to 1.12.x: resolve conflicts vs. Autotools before 09076dfe]
| -rw-r--r-- | test/Makefile.am | 10 | ||||
| -rw-r--r-- | test/data/invalid-messages/fixed-array-not-divisible.message-raw | bin | 0 -> 296 bytes | |||
| -rw-r--r-- | test/data/invalid-messages/fixed-array-not-divisible.message-raw.hex | 55 | ||||
| -rw-r--r-- | test/data/invalid-messages/issue418.message-raw | bin | 0 -> 68 bytes | |||
| -rw-r--r-- | test/data/invalid-messages/issue418.message-raw.hex | 47 | ||||
| -rw-r--r-- | test/data/invalid-messages/mis-nested-sig.message-raw | bin | 0 -> 40 bytes | |||
| -rw-r--r-- | test/data/invalid-messages/mis-nested-sig.message-raw.hex | 26 | ||||
| -rw-r--r-- | test/data/invalid-messages/truncated-variant-sig.message-raw | bin | 0 -> 24 bytes | |||
| -rw-r--r-- | test/data/invalid-messages/truncated-variant-sig.message-raw.hex | 23 | ||||
| -rw-r--r-- | test/data/invalid-messages/zero-length-variant-sig.message-raw | bin | 0 -> 24 bytes | |||
| -rw-r--r-- | test/data/invalid-messages/zero-length-variant-sig.message-raw.hex | 23 |
11 files changed, 184 insertions, 0 deletions
diff --git a/test/Makefile.am b/test/Makefile.am index af1e13b8..1b6835fe 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -507,7 +507,13 @@ static_data = \ data/invalid-messages/bad-endian.message \ data/invalid-messages/bad-header-field-alignment.message \ data/invalid-messages/boolean-has-no-value.message-raw \ + data/invalid-messages/fixed-array-not-divisible.message-raw \ + data/invalid-messages/fixed-array-not-divisible.message-raw.hex \ + data/invalid-messages/issue418.message-raw \ + data/invalid-messages/issue418.message-raw.hex \ data/invalid-messages/local-namespace.message \ + data/invalid-messages/mis-nested-sig.message-raw \ + data/invalid-messages/mis-nested-sig.message-raw.hex \ data/invalid-messages/no-dot-in-name.message \ data/invalid-messages/not-nul-header-padding.message \ data/invalid-messages/overlong-name.message \ @@ -515,6 +521,10 @@ static_data = \ data/invalid-messages/too-much-header-padding-by-far.message \ data/invalid-messages/too-much-header-padding.message \ data/invalid-messages/too-short-dict.message \ + data/invalid-messages/truncated-variant-sig.message-raw \ + data/invalid-messages/truncated-variant-sig.message-raw.hex \ + data/invalid-messages/zero-length-variant-sig.message-raw \ + data/invalid-messages/zero-length-variant-sig.message-raw.hex \ data/sha-1/Readme.txt \ data/sha-1/bit-hashes.sha1 \ data/sha-1/bit-messages.sha1 \ diff --git a/test/data/invalid-messages/fixed-array-not-divisible.message-raw b/test/data/invalid-messages/fixed-array-not-divisible.message-raw Binary files differnew file mode 100644 index 00000000..d7de929d --- /dev/null +++ b/test/data/invalid-messages/fixed-array-not-divisible.message-raw diff --git a/test/data/invalid-messages/fixed-array-not-divisible.message-raw.hex b/test/data/invalid-messages/fixed-array-not-divisible.message-raw.hex new file mode 100644 index 00000000..0527abd5 --- /dev/null +++ b/test/data/invalid-messages/fixed-array-not-divisible.message-raw.hex @@ -0,0 +1,55 @@ +# Copyright 2022 Evgeny Vereshchagin +# Copyright 2022 Collabora Ltd. +# SPDX-License-Identifier: MIT +# +# This is an annotated hex-dump of a message originally generated by a +# fuzzer. +# +# To output as binary: +# sed -e 's/#.*//' test/data/invalid-messages/fixed-array-not-divisible.message-raw.hex | +# xxd -p -r - test/data/invalid-messages/fixed-array-not-divisible.message-raw +# +# This message is invalid because the array of int64 has a length that is +# not a multiple of the length of an item. + +# Offset % 0x10: +# 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f + + 6c # little-endian + 40 # an undefined message type + ff # flags = all set + 01 # major protocol version = 1 + 0000 0000 # message body is 0 bytes + f600 59df # serial number 0xdf5900f6 + 1801 0000 # header is an array of 0x0118 bytes of struct (yv) + 52 # header field code 0x52 (an undefined header) + 11 # signature is 0x11 = 17 bytes, + \0 + 6128 6128 7979 7979 7979 7979 2979 # "a(a(yyyyyyyy)y"... + 6174 2900 # ..."at)" + trailing \0 + 0001 0000 # outer array is 0x0100 = 256 bytes in total + # enter first a(yyyyyyyy)yat + d800 0000 # inner array is 0xd8 = 216 bytes in total + 0000 0000 # padding to 8-byte boundary (not included in the 216) + # enter array of (yyyyyyyy), 8-byte structures + 016f 5d00 0000 0000 # first struct (yyyyyyyy), 8 arbitrary bytes + 0001 5602 4472 6565 # second struct (yyyyyyyy), etc. + 6465 736b 0000 17f6 0059 df20 dfff 09a9 # { + 1161 2061 2879 7179 00d8 42e9 2f6f 7267 # { + 6565 6420 2020 2020 2020 2000 2020 2020 # { + 2020 2020 2020 2020 2020 2020 2020 20b0 # { + 0024 0000 0000 0000 e6df dfdf 2020 2020 # { + 6500 0000 0000 0000 0000 0000 0000 0000 # { arbitrary, fuzzer-generated + 0000 0000 0000 0000 0000 0000 0000 0000 # { + 0000 0000 0000 0000 0000 0000 0000 0000 # { + 2875 7987 ff27 b5e9 d901 0000 5e30 4b79 # { + 0001 6f2d 5d67 446f 7244 4472 6565 6400 # { + 1765 6b73 00f6 0059 ffa9 1161 2061 2879 # { + 71fd 7eee ff01 0000 0000 0000 1067 c8c8 # { + c8c8 c8c8 c801 0000 # 27th struct (yyyyyyyy) + 00 # byte (y) = 0 + 00 0000 # padding to 4-byte boundary + 0500 0000 # array of int64 (at) is 5 bytes long, which makes no sense + 0000 faff 0000 0000 0000 0000 0000 0000 + 1200 0000 0000 0000 + +#sha1 30fafa4da12cdedc1361ad2e8ecf2ced5ae7d6eb diff --git a/test/data/invalid-messages/issue418.message-raw b/test/data/invalid-messages/issue418.message-raw Binary files differnew file mode 100644 index 00000000..c0aec6fe --- /dev/null +++ b/test/data/invalid-messages/issue418.message-raw diff --git a/test/data/invalid-messages/issue418.message-raw.hex b/test/data/invalid-messages/issue418.message-raw.hex new file mode 100644 index 00000000..05a42e6a --- /dev/null +++ b/test/data/invalid-messages/issue418.message-raw.hex @@ -0,0 +1,47 @@ +# Copyright 2022 Evgeny Vereshchagin +# Copyright 2022 Collabora Ltd. +# SPDX-License-Identifier: MIT +# +# This is an annotated hex-dump of a message originally generated by a +# fuzzer. +# +# To output as binary: +# sed -e 's/#.*//' test/data/invalid-messages/issue418.message-raw.hex | +# xxd -p -r - test/data/invalid-messages/issue418.message-raw +# +# The rather non-specific name is because this message is invalid in at +# least three separate ways: +# +# - parentheses and curly brackets in the signature are not nested correctly +# - the signature of one header field is of zero length +# - the signature of another header field is longer than the message +# +# mis-nested-sig.message-raw.hex, +# truncated-variant-sig.message-raw.hex, +# zero-length-variant-sig.message-raw.hex are simplified versions of this +# message with only one of those reasons to be invalid. + +# Offset % 0x10: +# 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f + + 6c # little-endian + 8f # an undefined message type + 28 # flags + 01 # major protocol version 1 + 0000 0000 # message body is 0 bytes + 7b22 0008 # serial number 0x0800227b + 1800 0000 # header is an array of 0x18 bytes of struct (yv) + fd # header field code 0xfd (an undefined header) + 15 # signature is 0x15 = 21 bytes + 2874 617b 7961 7b64 617b 7961 7b79 # "(ta{ya{da{ya{y"... + 6171 7d7d 7d29 7d00 # "aq}}})}" \0 + 0000 0000 0000 0000 # padding to 8-byte boundary + 0c # header field code 0x0c + 00 # signature is zero-length (invalid!) + 00 # "" \0 + 00 0000 0000 0000 0000 0000 0000 # padding + fe # header field code 0xfe + ff # signature is 0xff = 255 bytes + 0000 # truncated (invalid!) + +#sha1 e5d2bc02229d93ffdd7f589b7123adb3902ee981 diff --git a/test/data/invalid-messages/mis-nested-sig.message-raw b/test/data/invalid-messages/mis-nested-sig.message-raw Binary files differnew file mode 100644 index 00000000..54ab7a2f --- /dev/null +++ b/test/data/invalid-messages/mis-nested-sig.message-raw diff --git a/test/data/invalid-messages/mis-nested-sig.message-raw.hex b/test/data/invalid-messages/mis-nested-sig.message-raw.hex new file mode 100644 index 00000000..fdc39b6f --- /dev/null +++ b/test/data/invalid-messages/mis-nested-sig.message-raw.hex @@ -0,0 +1,26 @@ +# Copyright 2022 Evgeny Vereshchagin +# Copyright 2022 Collabora Ltd. +# SPDX-License-Identifier: MIT +# +# Simplified from fuzzer output (see issue418.message-raw.hex). +# +# To output as binary: +# sed -e 's/#.*//' test/data/invalid-messages/mis-nested-sig.message-raw.hex | +# xxd -p -r - test/data/invalid-messages/mis-nested-sig.message-raw + +# Offset % 0x10: +# 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f + + 6c # little-endian + ff # an undefined message type + 00 # flags + 01 # major protocol version 1 + 0000 0000 # message body is 0 bytes + 0100 0000 # serial number 1 + 1800 0000 # header is an array of 0x18 bytes of struct (yv) + ff # header field code 0xff (an undefined header) + 15 # signature is 0x15 = 21 bytes + 2874 617b 7961 7b64 617b 7961 7b79 # "(ta{ya{da{ya{y"... + 6171 7d7d 7d29 7d00 # "aq}}})}" \0 + +#sha1 90533a4ddb9aa5e82c67789a5624762367620b24 diff --git a/test/data/invalid-messages/truncated-variant-sig.message-raw b/test/data/invalid-messages/truncated-variant-sig.message-raw Binary files differnew file mode 100644 index 00000000..c2342268 --- /dev/null +++ b/test/data/invalid-messages/truncated-variant-sig.message-raw diff --git a/test/data/invalid-messages/truncated-variant-sig.message-raw.hex b/test/data/invalid-messages/truncated-variant-sig.message-raw.hex new file mode 100644 index 00000000..28d66b8b --- /dev/null +++ b/test/data/invalid-messages/truncated-variant-sig.message-raw.hex @@ -0,0 +1,23 @@ +# Copyright 2022 Collabora Ltd. +# SPDX-License-Identifier: MIT +# +# To output as binary: +# sed -e 's/#.*//' test/data/invalid-messages/truncated-variant-sig.message-raw.hex | +# xxd -p -r - test/data/invalid-messages/truncated-variant-sig.message-raw + +# Offset % 0x10: +# 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f + + 6c # little-endian + ff # an undefined message type + 00 # flags + 01 # major protocol version 1 + 0000 0000 # message body is 0 bytes + 0100 0000 # serial number 1 + 0400 0000 # header is an array of 4 bytes of struct (yv) + ff # header field code 0xff + ff # signature is 0xff = 255 bytes + 0000 # truncated (invalid!) + 0000 0000 # padding to 8-byte boundary + +#sha1 be4640e0bc1534ddf1667ced6a5e2a59c447dbdd diff --git a/test/data/invalid-messages/zero-length-variant-sig.message-raw b/test/data/invalid-messages/zero-length-variant-sig.message-raw Binary files differnew file mode 100644 index 00000000..85167a7d --- /dev/null +++ b/test/data/invalid-messages/zero-length-variant-sig.message-raw diff --git a/test/data/invalid-messages/zero-length-variant-sig.message-raw.hex b/test/data/invalid-messages/zero-length-variant-sig.message-raw.hex new file mode 100644 index 00000000..6acdc2ca --- /dev/null +++ b/test/data/invalid-messages/zero-length-variant-sig.message-raw.hex @@ -0,0 +1,23 @@ +# Copyright 2022 Collabora Ltd. +# SPDX-License-Identifier: MIT +# +# To output as binary: +# sed -e 's/#.*//' test/data/invalid-messages/zero-length-variant-sig.message-raw.hex | +# xxd -p -r - test/data/invalid-messages/zero-length-variant-sig.message-raw + +# Offset % 0x10: +# 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f + + 6c # little-endian + ff # an undefined message type + 00 # flags + 01 # major protocol version 1 + 0000 0000 # message body is 0 bytes + 0100 0000 # serial number 1 + 0300 0000 # header is an array of 0x03 bytes of struct (yv) + ff # header field code 0xff (undefined) + 00 # signature is zero-length (invalid!) + 00 # "" \0 + 00 0000 0000 # padding to 8-byte boundary + +#sha1 5b85e1e6586b9737bde18c3e99a201ed6314ecb6 |