From a5b8a0cee842e12aa090449e042788b9eabc35da Mon Sep 17 00:00:00 2001 From: delphij Date: Thu, 22 Dec 2016 16:19:05 +0000 Subject: Fix multiple vulnerabilities of ntp. Approved by: so --- contrib/ntp/tests/libntp/a_md5encrypt.c | 4 +- contrib/ntp/tests/libntp/calendar.c | 127 ++++++++++++++++++++++++++++++++ contrib/ntp/tests/libntp/run-calendar.c | 35 +++++---- contrib/ntp/tests/libntp/sfptostr.c | 6 +- 4 files changed, 151 insertions(+), 21 deletions(-) (limited to 'contrib/ntp/tests/libntp') diff --git a/contrib/ntp/tests/libntp/a_md5encrypt.c b/contrib/ntp/tests/libntp/a_md5encrypt.c index d8e7ab9..a87aa79 100644 --- a/contrib/ntp/tests/libntp/a_md5encrypt.c +++ b/contrib/ntp/tests/libntp/a_md5encrypt.c @@ -49,9 +49,7 @@ test_Encrypt(void) { u_int32 *packetPtr; int length; - packetPtr = emalloc(totalLength * sizeof(*packetPtr)); - - memset(packetPtr + packetLength, 0, keyIdLength); + packetPtr = emalloc_zero(totalLength * sizeof(*packetPtr)); memcpy(packetPtr, packet, packetLength); cache_secretsize = keyLength; diff --git a/contrib/ntp/tests/libntp/calendar.c b/contrib/ntp/tests/libntp/calendar.c index 9d25c41..b631565 100644 --- a/contrib/ntp/tests/libntp/calendar.c +++ b/contrib/ntp/tests/libntp/calendar.c @@ -2,6 +2,7 @@ #include "ntp_stdlib.h" /* test fail without this include, for some reason */ #include "ntp_calendar.h" +#include "ntp_unixtime.h" #include "unity.h" #include @@ -19,6 +20,7 @@ char * DateFromCalToString(const struct calendar *cal); char * DateFromIsoToString(const struct isodate *iso); int IsEqualDateCal(const struct calendar *expected, const struct calendar *actual); int IsEqualDateIso(const struct isodate *expected, const struct isodate *actual); + void test_DaySplitMerge(void); void test_SplitYearDays1(void); void test_SplitYearDays2(void); @@ -35,6 +37,8 @@ void test_IsoCalWeeksToYearStart(void); void test_IsoCalWeeksToYearEnd(void); void test_DaySecToDate(void); +void test_NtpToNtp(void); +void test_NtpToTime(void); void setUp(void) @@ -608,3 +612,126 @@ test_DaySecToDate(void) return; } + +/* -------------------------------------------------------------------- + * unfolding of (truncated) NTP time stamps to full 64bit values. + * + * Note: These tests need a 64bit time_t to be useful. + */ + +void +test_NtpToNtp(void) +{ +# if SIZEOF_TIME_T <= 4 + + TEST_IGNORE_MESSAGE("test only useful for sizeof(time_t) > 4, skipped"); + +# else + + static const uint32_t ntp_vals[6] = { + UINT32_C(0x00000000), + UINT32_C(0x00000001), + UINT32_C(0x7FFFFFFF), + UINT32_C(0x80000000), + UINT32_C(0x80000001), + UINT32_C(0xFFFFFFFF) + }; + + static char lbuf[128]; + vint64 hold; + time_t pivot, texp, diff; + int loops, iloop; + + pivot = 0; + for (loops = 0; loops < 16; ++loops) { + for (iloop = 0; iloop < 6; ++iloop) { + hold = ntpcal_ntp_to_ntp( + ntp_vals[iloop], &pivot); + texp = vint64_to_time(&hold); + + /* constraint 1: texp must be in the + * (right-open) intervall [p-(2^31), p+(2^31)[, + * but the pivot 'p' must be taken in full NTP + * time scale! + */ + diff = texp - (pivot + JAN_1970); + snprintf(lbuf, sizeof(lbuf), + "bounds check: piv=%lld exp=%lld dif=%lld", + (long long)pivot, + (long long)texp, + (long long)diff); + TEST_ASSERT_MESSAGE((diff >= INT32_MIN) && (diff <= INT32_MAX), + lbuf); + + /* constraint 2: low word must be equal to + * input + */ + snprintf(lbuf, sizeof(lbuf), + "low check: ntp(in)=$%08lu ntp(out[0:31])=$%08lu", + (unsigned long)ntp_vals[iloop], + (unsigned long)hold.D_s.lo); + TEST_ASSERT_EQUAL_MESSAGE(ntp_vals[iloop], hold.D_s.lo, lbuf); + } + pivot += 0x20000000; + } +# endif +} + +void +test_NtpToTime(void) +{ +# if SIZEOF_TIME_T <= 4 + + TEST_IGNORE_MESSAGE("test only useful for sizeof(time_t) > 4, skipped"); + +# else + + static const uint32_t ntp_vals[6] = { + UINT32_C(0x00000000), + UINT32_C(0x00000001), + UINT32_C(0x7FFFFFFF), + UINT32_C(0x80000000), + UINT32_C(0x80000001), + UINT32_C(0xFFFFFFFF) + }; + + static char lbuf[128]; + vint64 hold; + time_t pivot, texp, diff; + uint32_t back; + int loops, iloop; + + pivot = 0; + for (loops = 0; loops < 16; ++loops) { + for (iloop = 0; iloop < 6; ++iloop) { + hold = ntpcal_ntp_to_time( + ntp_vals[iloop], &pivot); + texp = vint64_to_time(&hold); + + /* constraint 1: texp must be in the + * (right-open) intervall [p-(2^31), p+(2^31)[ + */ + diff = texp - pivot; + snprintf(lbuf, sizeof(lbuf), + "bounds check: piv=%lld exp=%lld dif=%lld", + (long long)pivot, + (long long)texp, + (long long)diff); + TEST_ASSERT_MESSAGE((diff >= INT32_MIN) && (diff <= INT32_MAX), + lbuf); + + /* constraint 2: conversion from full time back + * to truncated NTP time must yield same result + * as input. + */ + back = (uint32_t)texp + JAN_1970; + snprintf(lbuf, sizeof(lbuf), + "modulo check: ntp(in)=$%08lu ntp(out)=$%08lu", + (unsigned long)ntp_vals[iloop], + (unsigned long)back); + TEST_ASSERT_EQUAL_MESSAGE(ntp_vals[iloop], back, lbuf); + } + pivot += 0x20000000; + } +# endif +} diff --git a/contrib/ntp/tests/libntp/run-calendar.c b/contrib/ntp/tests/libntp/run-calendar.c index 555f3ba..82309bd 100644 --- a/contrib/ntp/tests/libntp/run-calendar.c +++ b/contrib/ntp/tests/libntp/run-calendar.c @@ -25,6 +25,7 @@ #include "config.h" #include "ntp_stdlib.h" #include "ntp_calendar.h" +#include "ntp_unixtime.h" #include //=======External Functions This Runner Calls===== @@ -45,6 +46,8 @@ extern void test_IsoCalYearsToWeeks(void); extern void test_IsoCalWeeksToYearStart(void); extern void test_IsoCalWeeksToYearEnd(void); extern void test_DaySecToDate(void); +extern void test_NtpToNtp(void); +extern void test_NtpToTime(void); //=======Test Reset Option===== @@ -63,21 +66,23 @@ int main(int argc, char *argv[]) { progname = argv[0]; UnityBegin("calendar.c"); - RUN_TEST(test_DaySplitMerge, 22); - RUN_TEST(test_SplitYearDays1, 23); - RUN_TEST(test_SplitYearDays2, 24); - RUN_TEST(test_RataDie1, 25); - RUN_TEST(test_LeapYears1, 26); - RUN_TEST(test_LeapYears2, 27); - RUN_TEST(test_RoundTripDate, 28); - RUN_TEST(test_RoundTripYearStart, 29); - RUN_TEST(test_RoundTripMonthStart, 30); - RUN_TEST(test_RoundTripWeekStart, 31); - RUN_TEST(test_RoundTripDayStart, 32); - RUN_TEST(test_IsoCalYearsToWeeks, 33); - RUN_TEST(test_IsoCalWeeksToYearStart, 34); - RUN_TEST(test_IsoCalWeeksToYearEnd, 35); - RUN_TEST(test_DaySecToDate, 36); + RUN_TEST(test_DaySplitMerge, 24); + RUN_TEST(test_SplitYearDays1, 25); + RUN_TEST(test_SplitYearDays2, 26); + RUN_TEST(test_RataDie1, 27); + RUN_TEST(test_LeapYears1, 28); + RUN_TEST(test_LeapYears2, 29); + RUN_TEST(test_RoundTripDate, 30); + RUN_TEST(test_RoundTripYearStart, 31); + RUN_TEST(test_RoundTripMonthStart, 32); + RUN_TEST(test_RoundTripWeekStart, 33); + RUN_TEST(test_RoundTripDayStart, 34); + RUN_TEST(test_IsoCalYearsToWeeks, 35); + RUN_TEST(test_IsoCalWeeksToYearStart, 36); + RUN_TEST(test_IsoCalWeeksToYearEnd, 37); + RUN_TEST(test_DaySecToDate, 38); + RUN_TEST(test_NtpToNtp, 40); + RUN_TEST(test_NtpToTime, 41); return (UnityEnd()); } diff --git a/contrib/ntp/tests/libntp/sfptostr.c b/contrib/ntp/tests/libntp/sfptostr.c index c7616c7..c781c03 100644 --- a/contrib/ntp/tests/libntp/sfptostr.c +++ b/contrib/ntp/tests/libntp/sfptostr.c @@ -39,7 +39,7 @@ void test_PositiveInteger(void) void test_NegativeInteger(void) { - s_fp test = -200 << 16; // exact -200.000000 + s_fp test = -(200 << 16); // exact -200.000000 TEST_ASSERT_EQUAL_STRING("-200.000000", fptoa(test, SFP_MAX_PRECISION)); TEST_ASSERT_EQUAL_STRING("-200000.000", fptoms(test, SFP_MAX_PRECISION)); @@ -55,7 +55,7 @@ void test_PositiveIntegerPositiveFraction(void) void test_NegativeIntegerNegativeFraction(void) { - s_fp test = (-200 << 16) - (1 << 15); // -200 - 0.5 + s_fp test = -(200 << 16) - (1 << 15); // -200 - 0.5 TEST_ASSERT_EQUAL_STRING("-200.500000", fptoa(test, SFP_MAX_PRECISION)); TEST_ASSERT_EQUAL_STRING("-200500.000", fptoms(test, SFP_MAX_PRECISION)); @@ -71,7 +71,7 @@ void test_PositiveIntegerNegativeFraction(void) void test_NegativeIntegerPositiveFraction(void) { - s_fp test = (-200 << 16) + (1 << 14)*3; // -200 + 0.75 + s_fp test = -(200 << 16) + (1 << 14)*3; // -200 + 0.75 TEST_ASSERT_EQUAL_STRING("-199.250000", fptoa(test, SFP_MAX_PRECISION)); TEST_ASSERT_EQUAL_STRING("-199250.000", fptoms(test, SFP_MAX_PRECISION)); -- cgit v1.1