aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CMakeLists.txt4
-rw-r--r--doc/authentication.dox3
-rw-r--r--examples/sshd_direct-tcpip.c1
-rw-r--r--include/libssh/bind_config.h10
-rw-r--r--src/bind_config.c107
-rw-r--r--src/channels.c16
-rw-r--r--src/config.c31
-rw-r--r--src/misc.c30
-rw-r--r--src/poll.c12
-rw-r--r--tests/client/torture_session.c145
-rw-r--r--tests/fuzz/CMakeLists.txt2
-rw-r--r--tests/fuzz/ssh_bind_config_fuzzer.cpp56
-rw-r--r--tests/fuzz/ssh_client_config_fuzzer.cpp55
-rw-r--r--tests/torture.c40
-rw-r--r--tests/torture.h11
-rw-r--r--tests/unittests/torture_bind_config.c1298
-rw-r--r--tests/unittests/torture_config.c24
17 files changed, 1417 insertions, 428 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 1f1925ef..32172d95 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -124,7 +124,7 @@ add_subdirectory(include)
add_subdirectory(src)
# pkg-config file
-if (UNIX)
+if (UNIX OR MINGW)
configure_file(libssh.pc.cmake ${CMAKE_CURRENT_BINARY_DIR}/libssh.pc)
install(
FILES
@@ -134,7 +134,7 @@ install(
COMPONENT
pkgconfig
)
-endif (UNIX)
+endif (UNIX OR MINGW)
# CMake config files
include(CMakePackageConfigHelpers)
diff --git a/doc/authentication.dox b/doc/authentication.dox
index 3196f645..7d0ab81d 100644
--- a/doc/authentication.dox
+++ b/doc/authentication.dox
@@ -33,6 +33,9 @@ The process of authenticating by public key to a server is the following:
used to authenticate the user).
- then, you retrieve the private key for this key and send a message
proving that you know that private key.
+ - when several identity files are specified, then the order of processing of
+ these files is from the last-mentioned to the first one
+ (if specified in the ~/.ssh/config, then starting from the bottom to the top).
The function ssh_userauth_autopubkey() does this using the available keys in
"~/.ssh/". The return values are the following:
diff --git a/examples/sshd_direct-tcpip.c b/examples/sshd_direct-tcpip.c
index 606f999f..4d437411 100644
--- a/examples/sshd_direct-tcpip.c
+++ b/examples/sshd_direct-tcpip.c
@@ -526,6 +526,7 @@ message_callback(UNUSED_PARAM(ssh_session session),
SAFE_FREE(pFd);
SAFE_FREE(cb_chan);
SAFE_FREE(event_fd_data);
+ close(socket_fd);
return 1;
}
diff --git a/include/libssh/bind_config.h b/include/libssh/bind_config.h
index cb68da89..7ee19b87 100644
--- a/include/libssh/bind_config.h
+++ b/include/libssh/bind_config.h
@@ -61,4 +61,14 @@ enum ssh_bind_config_opcode_e {
*/
int ssh_bind_config_parse_file(ssh_bind sshbind, const char *filename);
+/* @brief Parse configuration string and set the options to the given bind session
+ *
+ * @params[in] bind The ssh bind session
+ * @params[in] input Null terminated string containing the configuration
+ *
+ * @returns SSH_OK on successful parsing the configuration string,
+ * SSH_ERROR on error
+ */
+int ssh_bind_config_parse_string(ssh_bind bind, const char *input);
+
#endif /* BIND_CONFIG_H_ */
diff --git a/src/bind_config.c b/src/bind_config.c
index ace5a0ac..4c891c95 100644
--- a/src/bind_config.c
+++ b/src/bind_config.c
@@ -189,18 +189,29 @@ ssh_bind_config_parse_line(ssh_bind bind,
const char *line,
unsigned int count,
uint32_t *parser_flags,
- uint8_t *seen);
-
-static void local_parse_file(ssh_bind bind,
- const char *filename,
- uint32_t *parser_flags,
- uint8_t *seen)
+ uint8_t *seen,
+ unsigned int depth);
+
+#define LIBSSH_BIND_CONF_MAX_DEPTH 16
+static void
+local_parse_file(ssh_bind bind,
+ const char *filename,
+ uint32_t *parser_flags,
+ uint8_t *seen,
+ unsigned int depth)
{
FILE *f;
char line[MAX_LINE_SIZE] = {0};
unsigned int count = 0;
int rv;
+ if (depth > LIBSSH_BIND_CONF_MAX_DEPTH) {
+ ssh_set_error(bind, SSH_FATAL,
+ "ERROR - Too many levels of configuration includes "
+ "when processing file '%s'", filename);
+ return;
+ }
+
f = fopen(filename, "r");
if (f == NULL) {
SSH_LOG(SSH_LOG_RARE, "Cannot find file %s to load",
@@ -213,7 +224,7 @@ static void local_parse_file(ssh_bind bind,
while (fgets(line, sizeof(line), f)) {
count++;
- rv = ssh_bind_config_parse_line(bind, line, count, parser_flags, seen);
+ rv = ssh_bind_config_parse_line(bind, line, count, parser_flags, seen, depth);
if (rv < 0) {
fclose(f);
return;
@@ -228,7 +239,8 @@ static void local_parse_file(ssh_bind bind,
static void local_parse_glob(ssh_bind bind,
const char *fileglob,
uint32_t *parser_flags,
- uint8_t *seen)
+ uint8_t *seen,
+ unsigned int depth)
{
glob_t globbuf = {
.gl_flags = 0,
@@ -248,7 +260,7 @@ static void local_parse_glob(ssh_bind bind,
}
for (i = 0; i < globbuf.gl_pathc; i++) {
- local_parse_file(bind, globbuf.gl_pathv[i], parser_flags, seen);
+ local_parse_file(bind, globbuf.gl_pathv[i], parser_flags, seen, depth);
}
globfree(&globbuf);
@@ -274,7 +286,8 @@ ssh_bind_config_parse_line(ssh_bind bind,
const char *line,
unsigned int count,
uint32_t *parser_flags,
- uint8_t *seen)
+ uint8_t *seen,
+ unsigned int depth)
{
enum ssh_bind_config_opcode_e opcode;
const char *p = NULL;
@@ -288,7 +301,12 @@ ssh_bind_config_parse_line(ssh_bind bind,
return -1;
}
- if ((line == NULL) || (parser_flags == NULL)) {
+ /* Ignore empty lines */
+ if (line == NULL || *line == '\0') {
+ return 0;
+ }
+
+ if (parser_flags == NULL) {
ssh_set_error_invalid(bind);
return -1;
}
@@ -333,9 +351,9 @@ ssh_bind_config_parse_line(ssh_bind bind,
p = ssh_config_get_str_tok(&s, NULL);
if (p && (*parser_flags & PARSING)) {
#if defined(HAVE_GLOB) && defined(HAVE_GLOB_GL_FLAGS_MEMBER)
- local_parse_glob(bind, p, parser_flags, seen);
+ local_parse_glob(bind, p, parser_flags, seen, depth + 1);
#else
- local_parse_file(bind, p, parser_flags, seen);
+ local_parse_file(bind, p, parser_flags, seen, depth + 1);
#endif /* HAVE_GLOB */
}
break;
@@ -628,7 +646,7 @@ int ssh_bind_config_parse_file(ssh_bind bind, const char *filename)
parser_flags = PARSING;
while (fgets(line, sizeof(line), f)) {
count++;
- rv = ssh_bind_config_parse_line(bind, line, count, &parser_flags, seen);
+ rv = ssh_bind_config_parse_line(bind, line, count, &parser_flags, seen, 0);
if (rv) {
fclose(f);
return -1;
@@ -638,3 +656,64 @@ int ssh_bind_config_parse_file(ssh_bind bind, const char *filename)
fclose(f);
return 0;
}
+
+/* @brief Parse configuration string and set the options to the given bind session
+ *
+ * @params[in] bind The ssh bind session
+ * @params[in] input Null terminated string containing the configuration
+ *
+ * @returns SSH_OK on successful parsing the configuration string,
+ * SSH_ERROR on error
+ */
+int ssh_bind_config_parse_string(ssh_bind bind, const char *input)
+{
+ char line[MAX_LINE_SIZE] = {0};
+ const char *c = input, *line_start = input;
+ unsigned int line_num = 0, line_len;
+ uint32_t parser_flags;
+ int rv;
+
+ /* This local table is used during the parsing of the current file (and
+ * files included recursively in this file) to prevent an option to be
+ * redefined, i.e. the first value set is kept. But this DO NOT prevent the
+ * option to be redefined later by another file. */
+ uint8_t seen[BIND_CFG_MAX] = {0};
+
+ SSH_LOG(SSH_LOG_DEBUG, "Reading bind configuration data from string:");
+ SSH_LOG(SSH_LOG_DEBUG, "START\n%s\nEND", input);
+
+ parser_flags = PARSING;
+ while (1) {
+ line_num++;
+ line_start = c;
+ c = strchr(line_start, '\n');
+ if (c == NULL) {
+ /* if there is no newline in the end of the string */
+ c = strchr(line_start, '\0');
+ }
+ if (c == NULL) {
+ /* should not happen, would mean a string without trailing '\0' */
+ SSH_LOG(SSH_LOG_WARN, "No trailing '\\0' in config string");
+ return SSH_ERROR;
+ }
+ line_len = c - line_start;
+ if (line_len > MAX_LINE_SIZE - 1) {
+ SSH_LOG(SSH_LOG_WARN, "Line %u too long: %u characters",
+ line_num, line_len);
+ return SSH_ERROR;
+ }
+ memcpy(line, line_start, line_len);
+ line[line_len] = '\0';
+ SSH_LOG(SSH_LOG_DEBUG, "Line %u: %s", line_num, line);
+ rv = ssh_bind_config_parse_line(bind, line, line_num, &parser_flags, seen, 0);
+ if (rv < 0) {
+ return SSH_ERROR;
+ }
+ if (*c == '\0') {
+ break;
+ }
+ c++;
+ }
+
+ return SSH_OK;
+}
diff --git a/src/channels.c b/src/channels.c
index 8d812477..0dc4260d 100644
--- a/src/channels.c
+++ b/src/channels.c
@@ -245,6 +245,7 @@ SSH_PACKET_CALLBACK(ssh_packet_channel_open_fail){
"SSH2_MSG_CHANNEL_OPEN_FAILURE received in incorrect channel "
"state %d",
channel->state);
+ SAFE_FREE(error);
goto error;
}
@@ -878,7 +879,7 @@ SSH_PACKET_CALLBACK(channel_rcv_request) {
#else
SSH_LOG(SSH_LOG_WARNING, "Unhandled channel request %s", request);
#endif
-
+
SAFE_FREE(request);
return SSH_PACKET_USED;
@@ -3086,6 +3087,8 @@ int ssh_channel_read_nonblocking(ssh_channel channel,
*
* @return The number of bytes available for reading, 0 if nothing
* is available or SSH_ERROR on error.
+ * When a channel is freed the function returns
+ * SSH_ERROR immediately.
*
* @warning When the channel is in EOF state, the function returns SSH_EOF.
*
@@ -3094,7 +3097,7 @@ int ssh_channel_read_nonblocking(ssh_channel channel,
int ssh_channel_poll(ssh_channel channel, int is_stderr){
ssh_buffer stdbuf;
- if(channel == NULL) {
+ if ((channel == NULL) || (channel->flags & SSH_CHANNEL_FLAG_FREED_LOCAL)) {
return SSH_ERROR;
}
@@ -3140,6 +3143,7 @@ int ssh_channel_poll(ssh_channel channel, int is_stderr){
* SSH_ERROR on error.
*
* @warning When the channel is in EOF state, the function returns SSH_EOF.
+ * When a channel is freed the function returns SSH_ERROR immediately.
*
* @see ssh_channel_is_eof()
*/
@@ -3151,7 +3155,7 @@ int ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr)
size_t len;
int rc;
- if (channel == NULL) {
+ if ((channel == NULL) || (channel->flags & SSH_CHANNEL_FLAG_FREED_LOCAL)) {
return SSH_ERROR;
}
@@ -3233,6 +3237,8 @@ static int ssh_channel_exit_status_termination(void *c){
* (yet), or SSH_ERROR on error.
* @warning This function may block until a timeout (or never)
* if the other side is not willing to close the channel.
+ * When a channel is freed the function returns
+ * SSH_ERROR immediately.
*
* If you're looking for an async handling of this register a callback for the
* exit status.
@@ -3241,7 +3247,7 @@ static int ssh_channel_exit_status_termination(void *c){
*/
int ssh_channel_get_exit_status(ssh_channel channel) {
int rc;
- if(channel == NULL) {
+ if ((channel == NULL) || (channel->flags & SSH_CHANNEL_FLAG_FREED_LOCAL)) {
return SSH_ERROR;
}
rc = ssh_handle_packets_termination(channel->session,
@@ -3590,7 +3596,7 @@ error:
* forward the content of a socket to the channel. You still have to
* use channel_read and channel_write for this.
*/
-int ssh_channel_open_x11(ssh_channel channel,
+int ssh_channel_open_x11(ssh_channel channel,
const char *orig_addr, int orig_port) {
ssh_session session;
ssh_buffer payload = NULL;
diff --git a/src/config.c b/src/config.c
index a082e994..7ff270ff 100644
--- a/src/config.c
+++ b/src/config.c
@@ -191,7 +191,7 @@ static struct ssh_config_match_keyword_table_s ssh_config_match_keyword_table[]
};
static int ssh_config_parse_line(ssh_session session, const char *line,
- unsigned int count, int *parsing);
+ unsigned int count, int *parsing, unsigned int depth);
static enum ssh_config_opcode_e ssh_config_get_opcode(char *keyword) {
int i;
@@ -205,16 +205,25 @@ static enum ssh_config_opcode_e ssh_config_get_opcode(char *keyword) {
return SOC_UNKNOWN;
}
+#define LIBSSH_CONF_MAX_DEPTH 16
static void
local_parse_file(ssh_session session,
const char *filename,
- int *parsing)
+ int *parsing,
+ unsigned int depth)
{
FILE *f;
char line[MAX_LINE_SIZE] = {0};
unsigned int count = 0;
int rv;
+ if (depth > LIBSSH_CONF_MAX_DEPTH) {
+ ssh_set_error(session, SSH_FATAL,
+ "ERROR - Too many levels of configuration includes "
+ "when processing file '%s'", filename);
+ return;
+ }
+
f = fopen(filename, "r");
if (f == NULL) {
SSH_LOG(SSH_LOG_RARE, "Cannot find file %s to load",
@@ -225,7 +234,7 @@ local_parse_file(ssh_session session,
SSH_LOG(SSH_LOG_PACKET, "Reading additional configuration data from %s", filename);
while (fgets(line, sizeof(line), f)) {
count++;
- rv = ssh_config_parse_line(session, line, count, parsing);
+ rv = ssh_config_parse_line(session, line, count, parsing, depth);
if (rv < 0) {
fclose(f);
return;
@@ -239,7 +248,8 @@ local_parse_file(ssh_session session,
#if defined(HAVE_GLOB) && defined(HAVE_GLOB_GL_FLAGS_MEMBER)
static void local_parse_glob(ssh_session session,
const char *fileglob,
- int *parsing)
+ int *parsing,
+ unsigned int depth)
{
glob_t globbuf = {
.gl_flags = 0,
@@ -259,7 +269,7 @@ static void local_parse_glob(ssh_session session,
}
for (i = 0; i < globbuf.gl_pathc; i++) {
- local_parse_file(session, globbuf.gl_pathv[i], parsing);
+ local_parse_file(session, globbuf.gl_pathv[i], parsing, depth);
}
globfree(&globbuf);
@@ -513,7 +523,8 @@ static int
ssh_config_parse_line(ssh_session session,
const char *line,
unsigned int count,
- int *parsing)
+ int *parsing,
+ unsigned int depth)
{
enum ssh_config_opcode_e opcode;
const char *p = NULL, *p2 = NULL;
@@ -573,9 +584,9 @@ ssh_config_parse_line(ssh_session session,
p = ssh_config_get_str_tok(&s, NULL);
if (p && *parsing) {
#if defined(HAVE_GLOB) && defined(HAVE_GLOB_GL_FLAGS_MEMBER)
- local_parse_glob(session, p, parsing);
+ local_parse_glob(session, p, parsing, depth + 1);
#else
- local_parse_file(session, p, parsing);
+ local_parse_file(session, p, parsing, depth + 1);
#endif /* HAVE_GLOB */
}
break;
@@ -1163,7 +1174,7 @@ int ssh_config_parse_file(ssh_session session, const char *filename)
parsing = 1;
while (fgets(line, sizeof(line), f)) {
count++;
- rv = ssh_config_parse_line(session, line, count, &parsing);
+ rv = ssh_config_parse_line(session, line, count, &parsing, 0);
if (rv < 0) {
fclose(f);
return -1;
@@ -1215,7 +1226,7 @@ int ssh_config_parse_string(ssh_session session, const char *input)
memcpy(line, line_start, line_len);
line[line_len] = '\0';
SSH_LOG(SSH_LOG_DEBUG, "Line %u: %s", line_num, line);
- rv = ssh_config_parse_line(session, line, line_num, &parsing);
+ rv = ssh_config_parse_line(session, line, line_num, &parsing, 0);
if (rv < 0) {
return SSH_ERROR;
}
diff --git a/src/misc.c b/src/misc.c
index 6472d583..97c3a0ef 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -1156,7 +1156,15 @@ char *ssh_path_expand_escape(ssh_session session, const char *s) {
case '%':
goto escape;
case 'd':
- x = strdup(session->opts.sshdir);
+ if (session->opts.sshdir) {
+ x = strdup(session->opts.sshdir);
+ } else {
+ ssh_set_error(session, SSH_FATAL,
+ "Cannot expand sshdir");
+ free(buf);
+ free(r);
+ return NULL;
+ }
break;
case 'u':
x = ssh_get_local_username();
@@ -1167,10 +1175,26 @@ char *ssh_path_expand_escape(ssh_session session, const char *s) {
}
break;
case 'h':
- x = strdup(session->opts.host);
+ if (session->opts.host) {
+ x = strdup(session->opts.host);
+ } else {
+ ssh_set_error(session, SSH_FATAL,
+ "Cannot expand host");
+ free(buf);
+ free(r);
+ return NULL;
+ }
break;
case 'r':
- x = strdup(session->opts.username);
+ if (session->opts.username) {
+ x = strdup(session->opts.username);
+ } else {
+ ssh_set_error(session, SSH_FATAL,
+ "Cannot expand username");
+ free(buf);
+ free(r);
+ return NULL;
+ }
break;
case 'p':
if (session->opts.port < 65536) {
diff --git a/src/poll.c b/src/poll.c
index 46206949..82c9b18b 100644
--- a/src/poll.c
+++ b/src/poll.c
@@ -246,19 +246,17 @@ static int bsd_poll(ssh_pollfd_t *fds, nfds_t nfds, int timeout)
}
#endif
- if (fds[i].events & (POLLIN | POLLRDNORM)) {
- FD_SET (fds[i].fd, &readfds);
- }
+ // we use the readfds to get POLLHUP and POLLERR, which are provided even when not requested
+ FD_SET (fds[i].fd, &readfds);
+
if (fds[i].events & (POLLOUT | POLLWRNORM | POLLWRBAND)) {
FD_SET (fds[i].fd, &writefds);
}
if (fds[i].events & (POLLPRI | POLLRDBAND)) {
FD_SET (fds[i].fd, &exceptfds);
}
- if (fds[i].fd > max_fd &&
- (fds[i].events & (POLLIN | POLLOUT | POLLPRI |
- POLLRDNORM | POLLRDBAND |
- POLLWRNORM | POLLWRBAND))) {
+
+ if (fds[i].fd > max_fd) {
max_fd = fds[i].fd;
rc = 0;
}
diff --git a/tests/client/torture_session.c b/tests/client/torture_session.c
index 2fa2ae33..27e8fc86 100644
--- a/tests/client/torture_session.c
+++ b/tests/client/torture_session.c
@@ -258,6 +258,139 @@ static void torture_channel_delayed_close(void **state)
}
+/* Ensure that calling 'ssh_channel_poll' on a freed channel does not lead to
+ * segmentation faults. */
+static void torture_freed_channel_poll(void **state)
+{
+ struct torture_state *s = *state;
+ ssh_session session = s->ssh.session;
+ ssh_channel channel;
+
+ char request[256];
+ int rc;
+
+ snprintf(request, 256,
+ "dd if=/dev/urandom of=/tmp/file bs=64000 count=2; hexdump -C /tmp/file");
+
+ channel = ssh_channel_new(session);
+ assert_non_null(channel);
+
+ rc = ssh_channel_open_session(channel);
+ assert_ssh_return_code(session, rc);
+
+ /* Make the request, read parts with close */
+ rc = ssh_channel_request_exec(channel, request);
+ assert_ssh_return_code(session, rc);
+
+ ssh_channel_free(channel);
+
+ rc = ssh_channel_poll(channel, 0);
+ assert_int_equal(rc, SSH_ERROR);
+}
+
+/* Ensure that calling 'ssh_channel_poll_timeout' on a freed channel does not
+ * lead to segmentation faults. */
+static void torture_freed_channel_poll_timeout(void **state)
+{
+ struct torture_state *s = *state;
+ ssh_session session = s->ssh.session;
+ ssh_channel channel;
+
+ char request[256];
+ char buff[256] = {0};
+ int rc;
+
+ snprintf(request, 256,
+ "dd if=/dev/urandom of=/tmp/file bs=64000 count=2; hexdump -C /tmp/file");
+
+ channel = ssh_channel_new(session);
+ assert_non_null(channel);
+
+ rc = ssh_channel_open_session(channel);
+ assert_ssh_return_code(session, rc);
+
+ /* Make the request, read parts with close */
+ rc = ssh_channel_request_exec(channel, request);
+ assert_ssh_return_code(session, rc);
+
+ do {
+ rc = ssh_channel_read(channel, buff, 256, 0);
+ } while(rc > 0);
+ assert_ssh_return_code(session, rc);
+
+ ssh_channel_free(channel);
+
+ rc = ssh_channel_poll_timeout(channel, 500, 0);
+ assert_int_equal(rc, SSH_ERROR);
+}
+
+/* Ensure that calling 'ssh_channel_read_nonblocking' on a freed channel does
+ * not lead to segmentation faults. */
+static void torture_freed_channel_read_nonblocking(void **state)
+{
+ struct torture_state *s = *state;
+ ssh_session session = s->ssh.session;
+ ssh_channel channel;
+
+ char request[256];
+ char buff[256] = {0};
+ int rc;
+
+ snprintf(request, 256,
+ "dd if=/dev/urandom of=/tmp/file bs=64000 count=2; hexdump -C /tmp/file");
+
+ channel = ssh_channel_new(session);
+ assert_non_null(channel);
+
+ rc = ssh_channel_open_session(channel);
+ assert_ssh_return_code(session, rc);
+
+ /* Make the request, read parts with close */
+ rc = ssh_channel_request_exec(channel, request);
+ assert_ssh_return_code(session, rc);
+
+ ssh_channel_free(channel);
+
+ rc = ssh_channel_read_nonblocking(channel, buff, 256, 0);
+ assert_ssh_return_code_equal(session, rc, SSH_ERROR);
+}
+
+/* Ensure that calling 'ssh_channel_get_exit_status' on a freed channel does not
+ * lead to segmentation faults. */
+static void torture_freed_channel_get_exit_status(void **state)
+{
+ struct torture_state *s = *state;
+ ssh_session session = s->ssh.session;
+ ssh_channel channel;
+
+ char request[256];
+ char buff[256] = {0};
+ int rc;
+
+ snprintf(request, 256,
+ "dd if=/dev/urandom of=/tmp/file bs=64000 count=2; hexdump -C /tmp/file");
+
+ channel = ssh_channel_new(session);
+ assert_non_null(channel);
+
+ rc = ssh_channel_open_session(channel);
+ assert_ssh_return_code(session, rc);
+
+ /* Make the request, read parts with close */
+ rc = ssh_channel_request_exec(channel, request);
+ assert_ssh_return_code(session, rc);
+
+ do {
+ rc = ssh_channel_read(channel, buff, 256, 0);
+ } while(rc > 0);
+ assert_ssh_return_code(session, rc);
+
+ ssh_channel_free(channel);
+
+ rc = ssh_channel_get_exit_status(channel);
+ assert_ssh_return_code_equal(session, rc, SSH_ERROR);
+}
+
int torture_run_tests(void) {
int rc;
struct CMUnitTest tests[] = {
@@ -276,6 +409,18 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_channel_delayed_close,
session_setup,
session_teardown),
+ cmocka_unit_test_setup_teardown(torture_freed_channel_poll,
+ session_setup,
+ session_teardown),
+ cmocka_unit_test_setup_teardown(torture_freed_channel_poll_timeout,
+ session_setup,
+ session_teardown),
+ cmocka_unit_test_setup_teardown(torture_freed_channel_read_nonblocking,
+ session_setup,
+ session_teardown),
+ cmocka_unit_test_setup_teardown(torture_freed_channel_get_exit_status,
+ session_setup,
+ session_teardown),
};
ssh_init();
diff --git a/tests/fuzz/CMakeLists.txt b/tests/fuzz/CMakeLists.txt
index 5982e81c..2d0e8fa0 100644
--- a/tests/fuzz/CMakeLists.txt
+++ b/tests/fuzz/CMakeLists.txt
@@ -21,3 +21,5 @@ endmacro()
fuzzer(ssh_client_fuzzer)
fuzzer(ssh_server_fuzzer)
+fuzzer(ssh_client_config_fuzzer)
+fuzzer(ssh_bind_config_fuzzer)
diff --git a/tests/fuzz/ssh_bind_config_fuzzer.cpp b/tests/fuzz/ssh_bind_config_fuzzer.cpp
new file mode 100644
index 00000000..3fbecbd0
--- /dev/null
+++ b/tests/fuzz/ssh_bind_config_fuzzer.cpp
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2021 Jakub Jelen <jjelen@redhat.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+extern "C" {
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define LIBSSH_STATIC 1
+#include "libssh/libssh.h"
+#include "libssh/server.h"
+#include "libssh/bind_config.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ ssh_bind bind = NULL;
+ char *input = NULL;
+
+ input = (char *)malloc(size + 1);
+ if (!input) {
+ return 1;
+ }
+ strncpy(input, (const char *)data, size);
+ input[size] = '\0';
+
+ ssh_init();
+
+ bind = ssh_bind_new();
+ assert(bind != NULL);
+
+ ssh_bind_config_parse_string(bind, input);
+
+ ssh_bind_free(bind);
+ ssh_finalize();
+
+ free(input);
+
+ return 0;
+}
+
+}
diff --git a/tests/fuzz/ssh_client_config_fuzzer.cpp b/tests/fuzz/ssh_client_config_fuzzer.cpp
new file mode 100644
index 00000000..47fd4222
--- /dev/null
+++ b/tests/fuzz/ssh_client_config_fuzzer.cpp
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2021 Stanislav Zidek <szidek@redhat.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+extern "C" {
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define LIBSSH_STATIC 1
+#include "libssh/libssh.h"
+#include "libssh/options.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ ssh_session session = NULL;
+ char *input = NULL;
+
+ input = (char *)malloc(size+1);
+ if (!input) {
+ return 1;
+ }
+ strncpy(input, (const char *)data, size);
+ input[size] = '\0';
+
+ ssh_init();
+
+ session = ssh_new();
+ assert(session != NULL);
+
+ ssh_config_parse_string(session, input);
+
+ ssh_free(session);
+ ssh_finalize();
+
+ free(input);
+
+ return 0;
+}
+
+}
diff --git a/tests/torture.c b/tests/torture.c
index 2d21b3b9..5a694150 100644
--- a/tests/torture.c
+++ b/tests/torture.c
@@ -722,6 +722,7 @@ void torture_setup_create_libssh_config(void **state)
torture_write_file(s->srv_config, sshd_config);
}
+#ifdef SSHD_EXECUTABLE
static void torture_setup_create_sshd_config(void **state, bool pam)
{
struct torture_state *s = *state;
@@ -1145,25 +1146,6 @@ void torture_setup_sshd_server(void **state, bool pam)
assert_int_equal(rc, 0);
}
-void torture_setup_tokens(const char *temp_dir,
- const char *filename,
- const char object_name[],
- const char *load_public)
-{
- char token_setup_start_cmd[1024] = {0};
- int rc;
-
- snprintf(token_setup_start_cmd, sizeof(token_setup_start_cmd),
- "%s/tests/pkcs11/setup-softhsm-tokens.sh %s %s %s %s",
- BINARYDIR,
- temp_dir,
- filename,
- object_name, load_public);
-
- rc = system(token_setup_start_cmd);
- assert_return_code(rc, errno);
-}
-
void torture_teardown_socket_dir(void **state)
{
struct torture_state *s = *state;
@@ -1245,6 +1227,26 @@ void torture_teardown_sshd_server(void **state)
torture_teardown_socket_dir(state);
}
+#endif /* SSHD_EXECUTABLE */
+
+void torture_setup_tokens(const char *temp_dir,
+ const char *filename,
+ const char object_name[],
+ const char *load_public)
+{
+ char token_setup_start_cmd[1024] = {0};
+ int rc;
+
+ snprintf(token_setup_start_cmd, sizeof(token_setup_start_cmd),
+ "%s/tests/pkcs11/setup-softhsm-tokens.sh %s %s %s %s",
+ BINARYDIR,
+ temp_dir,
+ filename,
+ object_name, load_public);
+
+ rc = system(token_setup_start_cmd);
+ assert_return_code(rc, errno);
+}
char *torture_make_temp_dir(const char *template)
{
diff --git a/tests/torture.h b/tests/torture.h
index 599b53ea..fa215713 100644
--- a/tests/torture.h
+++ b/tests/torture.h
@@ -124,17 +124,20 @@ void _torture_filter_tests(struct CMUnitTest *tests, size_t ntests);
const char *torture_server_address(int domain);
int torture_server_port(void);
+#ifdef SSHD_EXECUTABLE
void torture_setup_socket_dir(void **state);
void torture_setup_sshd_server(void **state, bool pam);
-void torture_setup_tokens(const char *temp_dir,
- const char *filename,
- const char object_name[],
- const char *load_public);
void torture_teardown_socket_dir(void **state);
void torture_teardown_sshd_server(void **state);
int torture_update_sshd_config(void **state, const char *config);
+#endif /* SSHD_EXECUTABLE */
+
+void torture_setup_tokens(const char *temp_dir,
+ const char *filename,
+ const char object_name[],
+ const char *load_public);
void torture_reset_config(ssh_session session);
diff --git a/tests/unittests/torture_bind_config.c b/tests/unittests/torture_bind_config.c
index 11d8672e..f8e3d6ba 100644
--- a/tests/unittests/torture_bind_config.c
+++ b/tests/unittests/torture_bind_config.c
@@ -64,37 +64,94 @@ extern LIBSSH_THREAD int ssh_log_level;
#endif
#define LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS "libssh_test_bind_config_listenaddress"
+#define LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_STRING "ListenAddress "LISTEN_ADDRESS"\n"
#define LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS2 "libssh_test_bind_config_listenaddress2"
+#define LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS2_STRING "ListenAddress "LISTEN_ADDRESS2"\n"
#define LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE "libssh_test_bind_config_listenaddress_twice"
+#define LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE_STRING \
+ "ListenAddress "LISTEN_ADDRESS"\n" \
+ "ListenAddress "LISTEN_ADDRESS2"\n"
#define LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE_REC "libssh_test_bind_config_listenaddress_twice_rec"
+#define LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE_REC_STRING \
+ "ListenAddress "LISTEN_ADDRESS"\n" \
+ "Include "LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS2"\n"
#define LIBSSH_TEST_BIND_CONFIG_PORT "libssh_test_bind_config_port"
+#define LIBSSH_TEST_BIND_CONFIG_PORT_STRING "Port 123\n"
#define LIBSSH_TEST_BIND_CONFIG_PORT2 "libssh_test_bind_config_port2"
+#define LIBSSH_TEST_BIND_CONFIG_PORT2_STRING "Port 456\n"
#define LIBSSH_TEST_BIND_CONFIG_PORT_TWICE "libssh_test_bind_config_port_twice"
+#define LIBSSH_TEST_BIND_CONFIG_PORT_TWICE_STRING \
+ "Port 123\n" \
+ "Port 456\n"
#define LIBSSH_TEST_BIND_CONFIG_PORT_TWICE_REC "libssh_test_bind_config_port_twice_rec"
+#define LIBSSH_TEST_BIND_CONFIG_PORT_TWICE_REC_STRING \
+ "Port 123\n" \
+ "Include "LIBSSH_TEST_BIND_CONFIG_PORT2"\n"
#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY "libssh_test_bind_config_hostkey"
+#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_STRING "HostKey "LIBSSH_ECDSA_521_TESTKEY"\n"
#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY2 "libssh_test_bind_config_hostkey2"
+#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY2_STRING "HostKey "LIBSSH_RSA_TESTKEY"\n"
#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE "libssh_test_bind_config_hostkey_twice"
+#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE_STRING \
+ "HostKey "LIBSSH_ECDSA_521_TESTKEY"\n" \
+ "HostKey "LIBSSH_RSA_TESTKEY"\n"
#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE_REC "libssh_test_bind_config_hostkey_twice_rec"
+#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE_REC_STRING \
+ "HostKey "LIBSSH_ECDSA_521_TESTKEY"\n" \
+ "Include "LIBSSH_TEST_BIND_CONFIG_HOSTKEY2"\n"
#define LIBSSH_TEST_BIND_CONFIG_LOGLEVEL "libssh_test_bind_config_loglevel"
-#define LIBSSH_TEST_BIND_CONFIG_LOGLEVEL2 "libssh_test_bind_config_loglevel2"
+#define LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_STRING "LogLevel "LOGLEVEL"\n"
+#define LIBSSH_TEST_BIND_CONFIG_LOGLEVEL1 "libssh_test_bind_config_loglevel2"
+#define LIBSSH_TEST_BIND_CONFIG_LOGLEVEL1_STRING "LogLevel "LOGLEVEL2"\n"
#define LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE "libssh_test_bind_config_loglevel_twice"
+#define LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE_STRING \
+ "LogLevel "LOGLEVEL"\n" \
+ "LogLevel "LOGLEVEL2"\n"
#define LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE_REC "libssh_test_bind_config_loglevel_twice_rec"
+#define LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE_REC_STRING \
+ "LogLevel "LOGLEVEL"\n" \
+ "Include "LIBSSH_TEST_BIND_CONFIG_LOGLEVEL1"\n"
#define LIBSSH_TEST_BIND_CONFIG_CIPHERS "libssh_test_bind_config_ciphers"
+#define LIBSSH_TEST_BIND_CONFIG_CIPHERS_STRING "Ciphers "CIPHERS"\n"
#define LIBSSH_TEST_BIND_CONFIG_CIPHERS2 "libssh_test_bind_config_ciphers2"
+#define LIBSSH_TEST_BIND_CONFIG_CIPHERS2_STRING "Ciphers "CIPHERS2"\n"
#define LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE "libssh_test_bind_config_ciphers_twice"
+#define LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE_STRING \
+ "Ciphers "CIPHERS"\n" \
+ "Ciphers "CIPHERS2"\n"
#define LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE_REC "libssh_test_bind_config_ciphers_twice_rec"
+#define LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE_REC_STRING \
+ "Ciphers "CIPHERS"\n" \
+ "Include "LIBSSH_TEST_BIND_CONFIG_CIPHERS2"\n"
#define LIBSSH_TEST_BIND_CONFIG_MACS "libssh_test_bind_config_macs"
+#define LIBSSH_TEST_BIND_CONFIG_MACS_STRING "MACs "MACS"\n"
#define LIBSSH_TEST_BIND_CONFIG_MACS2 "libssh_test_bind_config_macs2"
+#define LIBSSH_TEST_BIND_CONFIG_MACS2_STRING "MACs "MACS2"\n"
#define LIBSSH_TEST_BIND_CONFIG_MACS_TWICE "libssh_test_bind_config_macs_twice"
+#define LIBSSH_TEST_BIND_CONFIG_MACS_TWICE_STRING \
+ "MACs "MACS"\n" \
+ "MACs "MACS2"\n"
#define LIBSSH_TEST_BIND_CONFIG_MACS_TWICE_REC "libssh_test_bind_config_macs_twice_rec"
+#define LIBSSH_TEST_BIND_CONFIG_MACS_TWICE_REC_STRING \
+ "MACs "MACS"\n" \
+ "Include "LIBSSH_TEST_BIND_CONFIG_MACS2"\n"
#define LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS "libssh_test_bind_config_kexalgorithms"
+#define LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_STRING "KexAlgorithms "KEXALGORITHMS"\n"
#define LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS2 "libssh_test_bind_config_kexalgorithms2"
+#define LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS2_STRING "KexAlgorithms "KEXALGORITHMS2"\n"
#define LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE "libssh_test_bind_config_kexalgorithms_twice"
+#define LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE_STRING \
+ "KexAlgorithms "KEXALGORITHMS"\n" \
+ "KexAlgorithms "KEXALGORITHMS2"\n"
#define LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE_REC "libssh_test_bind_config_kexalgorithms_twice_rec"
+#define LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE_REC_STRING \
+ "KexAlgorithms "KEXALGORITHMS"\n" \
+ "Include "LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS2"\n"
#define LIBSSH_TEST_BIND_CONFIG_FULL "libssh_test_bind_config_full"
#define LIBSSH_TEST_BIND_CONFIG_INCLUDE "libssh_test_bind_config_include"
#define LIBSSH_TEST_BIND_CONFIG_INCLUDE_RECURSIVE "libssh_test_bind_config_include_recursive"
+#define LIBSSH_TEST_BIND_CONFIG_INCLUDE_RECURSIVE_LOOP "libssh_test_bind_config_include_recursive_loop"
#define LIBSSH_TEST_BIND_CONFIG_CORNER_CASES "libssh_test_bind_config_corner_cases"
#define LIBSSH_TEST_BIND_CONFIG_MATCH_ALL "libssh_test_bind_config_match_all"
@@ -106,16 +163,34 @@ extern LIBSSH_THREAD int ssh_log_level;
#define LIBSSH_TEST_BIND_CONFIG_MATCH_INVALID2 "libssh_test_bind_config_match_invalid2"
#define LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED "libssh_test_bind_config_pubkey"
+#define LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_STRING "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES"\n"
#define LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED2 "libssh_test_bind_config_pubkey2"
+#define LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED2_STRING "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES2"\n"
#define LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE "libssh_test_bind_config_pubkey_twice"
+#define LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE_STRING \
+ "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES"\n" \
+ "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES2"\n"
#define LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE_REC "libssh_test_bind_config_pubkey_twice_rec"
+#define LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE_REC_STRING \
+ "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES2"\n" \
+ "Include "LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS"\n"
#define LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_UNKNOWN "libssh_test_bind_config_pubkey_unknown"
+#define LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_UNKNOWN_STRING "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES_UNKNOWN"\n"
#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS "libssh_test_bind_config_hostkey_alg"
+#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_STRING "HostKeyAlgorithms "HOSTKEYALGORITHMS"\n"
#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS2 "libssh_test_bind_config_hostkey_alg2"
+#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS2_STRING "HostKeyAlgorithms "HOSTKEYALGORITHMS2"\n"
#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE "libssh_test_bind_config_hostkey_alg_twice"
+#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE_STRING \
+ "HostKeyAlgorithms "HOSTKEYALGORITHMS"\n" \
+ "HostKeyAlgorithms "HOSTKEYALGORITHMS2"\n"
#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE_REC "libssh_test_bind_config_hostkey_alg_twice_rec"
+#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE_REC_STRING \
+ "HostKeyAlgorithms "HOSTKEYALGORITHMS2"\n" \
+ "Include "LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS"\n"
#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_UNKNOWN "libssh_test_bind_config_hostkey_alg_unknown"
+#define LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_UNKNOWN_STRING "HostKeyAlgorithms "HOSTKEYALGORITHMS_UNKNOWN"\n"
const char template[] = "temp_dir_XXXXXX";
@@ -168,81 +243,67 @@ static int setup_config_files(void **state)
#endif
torture_write_file(LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS,
- "ListenAddress "LISTEN_ADDRESS"\n");
+ LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS2,
- "ListenAddress "LISTEN_ADDRESS2"\n");
+ LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS2_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE,
- "ListenAddress "LISTEN_ADDRESS"\n"
- "ListenAddress "LISTEN_ADDRESS2"\n");
+ LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE_REC,
- "ListenAddress "LISTEN_ADDRESS"\n"
- "Include "LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS2"\n");
+ LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE_REC_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_PORT,
- "Port 123\n");
+ LIBSSH_TEST_BIND_CONFIG_PORT_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_PORT2,
- "Port 456\n");
+ LIBSSH_TEST_BIND_CONFIG_PORT2_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_PORT_TWICE,
- "Port 123\n"
- "Port 456\n");
+ LIBSSH_TEST_BIND_CONFIG_PORT_TWICE_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_PORT_TWICE_REC,
- "Port 123\n"
- "Include "LIBSSH_TEST_BIND_CONFIG_PORT2"\n");
+ LIBSSH_TEST_BIND_CONFIG_PORT_TWICE_REC_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY,
- "HostKey "LIBSSH_ECDSA_521_TESTKEY"\n");
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY2,
- "HostKey "LIBSSH_RSA_TESTKEY"\n");
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY2_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE,
- "HostKey "LIBSSH_ECDSA_521_TESTKEY"\n"
- "HostKey "LIBSSH_RSA_TESTKEY"\n");
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE_REC,
- "HostKey "LIBSSH_ECDSA_521_TESTKEY"\n"
- "Include "LIBSSH_TEST_BIND_CONFIG_HOSTKEY2"\n");
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE_REC_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_LOGLEVEL,
- "LogLevel "LOGLEVEL"\n");
- torture_write_file(LIBSSH_TEST_BIND_CONFIG_LOGLEVEL2,
- "LogLevel "LOGLEVEL2"\n");
+ LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_STRING);
+ torture_write_file(LIBSSH_TEST_BIND_CONFIG_LOGLEVEL1,
+ LIBSSH_TEST_BIND_CONFIG_LOGLEVEL1_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE,
- "LogLevel "LOGLEVEL"\n"
- "LogLevel "LOGLEVEL2"\n");
+ LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE_REC,
- "LogLevel "LOGLEVEL"\n"
- "Include "LIBSSH_TEST_BIND_CONFIG_LOGLEVEL2"\n");
+ LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE_REC_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_CIPHERS,
- "Ciphers "CIPHERS"\n");
+ LIBSSH_TEST_BIND_CONFIG_CIPHERS_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_CIPHERS2,
- "Ciphers "CIPHERS2"\n");
+ LIBSSH_TEST_BIND_CONFIG_CIPHERS2_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE,
- "Ciphers "CIPHERS"\n"
- "Ciphers "CIPHERS2"\n");
+ LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE_REC,
- "Ciphers "CIPHERS"\n"
- "Include "LIBSSH_TEST_BIND_CONFIG_CIPHERS2"\n");
+ LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE_REC_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_MACS,
- "MACs "MACS"\n");
+ LIBSSH_TEST_BIND_CONFIG_MACS_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_MACS2,
- "MACs "MACS2"\n");
+ LIBSSH_TEST_BIND_CONFIG_MACS2_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_MACS_TWICE,
- "MACs "MACS"\n"
- "MACs "MACS2"\n");
+ LIBSSH_TEST_BIND_CONFIG_MACS_TWICE_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_MACS_TWICE_REC,
- "MACs "MACS"\n"
- "Include "LIBSSH_TEST_BIND_CONFIG_MACS2"\n");
+ LIBSSH_TEST_BIND_CONFIG_MACS_TWICE_REC_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS,
- "KexAlgorithms "KEXALGORITHMS"\n");
+ LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS2,
- "KexAlgorithms "KEXALGORITHMS2"\n");
+ LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS2_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE,
- "KexAlgorithms "KEXALGORITHMS"\n"
- "KexAlgorithms "KEXALGORITHMS2"\n");
+ LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE_REC,
- "KexAlgorithms "KEXALGORITHMS"\n"
- "Include "LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS2"\n");
+ LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE_REC_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_FULL,
"ListenAddress "LISTEN_ADDRESS"\n"
@@ -265,6 +326,9 @@ static int setup_config_files(void **state)
torture_write_file(LIBSSH_TEST_BIND_CONFIG_INCLUDE_RECURSIVE,
"Include "LIBSSH_TEST_BIND_CONFIG_INCLUDE"\n");
+ torture_write_file(LIBSSH_TEST_BIND_CONFIG_INCLUDE_RECURSIVE_LOOP,
+ "Include "LIBSSH_TEST_BIND_CONFIG_INCLUDE_RECURSIVE_LOOP"\n");
+
/* Unsupported options and corner cases */
torture_write_file(LIBSSH_TEST_BIND_CONFIG_CORNER_CASES,
"\n" /* empty line */
@@ -334,30 +398,26 @@ static int setup_config_files(void **state)
"\tLogLevel "LOGLEVEL4"\n");
torture_write_file(LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED,
- "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES"\n");
+ LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED2,
- "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES2"\n");
+ LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED2_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE,
- "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES"\n"
- "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES2"\n");
+ LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE_REC,
- "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES2"\n"
- "Include "LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS"\n");
+ LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE_REC_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_UNKNOWN,
- "PubkeyAcceptedKeyTypes "PUBKEYACCEPTEDTYPES_UNKNOWN"\n");
+ LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_UNKNOWN_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS,
- "HostKeyAlgorithms "HOSTKEYALGORITHMS"\n");
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS2,
- "HostKeyAlgorithms "HOSTKEYALGORITHMS2"\n");
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS2_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE,
- "HostKeyAlgorithms "HOSTKEYALGORITHMS"\n"
- "HostKeyAlgorithms "HOSTKEYALGORITHMS2"\n");
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE_REC,
- "HostKeyAlgorithms "HOSTKEYALGORITHMS2"\n"
- "Include "LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS"\n");
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE_REC_STRING);
torture_write_file(LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_UNKNOWN,
- "HostKeyAlgorithms "HOSTKEYALGORITHMS_UNKNOWN"\n");
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_UNKNOWN_STRING);
return 0;
}
@@ -405,11 +465,43 @@ static int sshbind_teardown(void **state)
return 0;
}
-static void torture_bind_config_listen_address(void **state)
+/**
+ * @brief helper function loading configuration from either file or string
+ */
+static void
+_parse_config(ssh_bind bind,
+ const char *file,
+ const char *string,
+ int expected)
+{
+ int ret = -1;
+
+ /* make sure either config file or config string is given,
+ * not both */
+ assert_int_not_equal(file == NULL, string == NULL);
+
+ if (file != NULL) {
+ ret = ssh_bind_config_parse_file(bind, file);
+ } else if (string != NULL) {
+ ret = ssh_bind_config_parse_string(bind, string);
+ } else {
+ /* should not happen */
+ fail();
+ }
+
+ /* make sure parsing went as expected */
+ assert_return_code(ret, expected);
+}
+
+
+static void
+torture_bind_config_listen_address(void **state,
+ const char *file,
+ const char *string,
+ const char *expect)
{
struct bind_st *test_state;
ssh_bind bind;
- int rc;
assert_non_null(state);
test_state = *((struct bind_st **)state);
@@ -417,37 +509,84 @@ static void torture_bind_config_listen_address(void **state)
assert_non_null(test_state->bind);
bind = test_state->bind;
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS);
- assert_int_equal(rc, 0);
- assert_non_null(bind->bindaddr);
- assert_string_equal(bind->bindaddr, LISTEN_ADDRESS);
+ _parse_config(bind, file, string, SSH_OK);
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE);
- assert_int_equal(rc, 0);
assert_non_null(bind->bindaddr);
- assert_string_equal(bind->bindaddr, LISTEN_ADDRESS);
+ assert_string_equal(bind->bindaddr, expect);
+}
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE_REC);
- assert_int_equal(rc, 0);
- assert_non_null(bind->bindaddr);
- assert_string_equal(bind->bindaddr, LISTEN_ADDRESS);
+static void torture_bind_config_listen_address_file(void **state)
+{
+ torture_bind_config_listen_address(state,
+ LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS,
+ NULL,
+ LISTEN_ADDRESS);
+}
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS2);
- assert_int_equal(rc, 0);
- assert_non_null(bind->bindaddr);
- assert_string_equal(bind->bindaddr, LISTEN_ADDRESS2);
+static void torture_bind_config_listen_address_string(void **state)
+{
+ torture_bind_config_listen_address(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_STRING,
+ LISTEN_ADDRESS);
+}
+
+static void torture_bind_config_listen_address2_file(void **state)
+{
+ torture_bind_config_listen_address(state,
+ LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS2,
+ NULL,
+ LISTEN_ADDRESS2);
+}
+
+static void torture_bind_config_listen_address2_string(void **state)
+{
+ torture_bind_config_listen_address(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS2_STRING,
+ LISTEN_ADDRESS2);
+}
+
+static void torture_bind_config_listen_address_twice_file(void **state)
+{
+ torture_bind_config_listen_address(state,
+ LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE,
+ NULL,
+ LISTEN_ADDRESS);
+}
+
+static void torture_bind_config_listen_address_twice_string(void **state)
+{
+ torture_bind_config_listen_address(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE_STRING,
+ LISTEN_ADDRESS);
+}
+static void torture_bind_config_listen_address_twice_rec_file(void **state)
+{
+ torture_bind_config_listen_address(state,
+ LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE_REC,
+ NULL,
+ LISTEN_ADDRESS);
}
-static void torture_bind_config_port(void **state)
+static void torture_bind_config_listen_address_twice_rec_string(void **state)
+{
+ torture_bind_config_listen_address(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_LISTENADDRESS_TWICE_REC_STRING,
+ LISTEN_ADDRESS);
+}
+
+static void
+torture_bind_config_port(void **state,
+ const char *file,
+ const char *string,
+ int expect)
{
struct bind_st *test_state;
ssh_bind bind;
- int rc;
assert_non_null(state);
test_state = *((struct bind_st **)state);
@@ -455,29 +594,82 @@ static void torture_bind_config_port(void **state)
assert_non_null(test_state->bind);
bind = test_state->bind;
- rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_PORT);
- assert_int_equal(rc, 0);
- assert_int_equal(bind->bindport, 123);
+ _parse_config(bind, file, string, SSH_OK);
- rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_PORT_TWICE);
- assert_int_equal(rc, 0);
- assert_int_equal(bind->bindport, 123);
+ assert_int_equal(bind->bindport, expect);
+}
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_PORT_TWICE_REC);
- assert_int_equal(rc, 0);
- assert_int_equal(bind->bindport, 123);
+static void torture_bind_config_port_file(void **state)
+{
+ torture_bind_config_port(state,
+ LIBSSH_TEST_BIND_CONFIG_PORT,
+ NULL,
+ 123);
+}
- rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_PORT2);
- assert_int_equal(rc, 0);
- assert_int_equal(bind->bindport, 456);
+static void torture_bind_config_port_string(void **state)
+{
+ torture_bind_config_port(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_PORT_STRING,
+ 123);
+}
+
+static void torture_bind_config_port2_file(void **state)
+{
+ torture_bind_config_port(state,
+ LIBSSH_TEST_BIND_CONFIG_PORT2,
+ NULL,
+ 456);
+}
+
+static void torture_bind_config_port2_string(void **state)
+{
+ torture_bind_config_port(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_PORT2_STRING,
+ 456);
+}
+
+static void torture_bind_config_port_twice_file(void **state)
+{
+ torture_bind_config_port(state,
+ LIBSSH_TEST_BIND_CONFIG_PORT_TWICE,
+ NULL,
+ 123);
+}
+
+static void torture_bind_config_port_twice_string(void **state)
+{
+ torture_bind_config_port(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_PORT_TWICE_STRING,
+ 123);
+}
+
+static void torture_bind_config_port_twice_rec_file(void **state)
+{
+ torture_bind_config_port(state,
+ LIBSSH_TEST_BIND_CONFIG_PORT_TWICE_REC,
+ NULL,
+ 123);
+}
+
+static void torture_bind_config_port_twice_rec_string(void **state)
+{
+ torture_bind_config_port(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_PORT_TWICE_REC_STRING,
+ 123);
}
-static void torture_bind_config_hostkey(void **state)
+static void
+torture_bind_config_hostkey(void **state,
+ const char *file,
+ const char *string)
{
struct bind_st *test_state;
ssh_bind bind;
- int rc;
assert_non_null(state);
test_state = *((struct bind_st **)state);
@@ -485,25 +677,19 @@ static void torture_bind_config_hostkey(void **state)
assert_non_null(test_state->bind);
bind = test_state->bind;
- rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_HOSTKEY);
- assert_int_equal(rc, 0);
- assert_non_null(bind->ecdsakey);
- assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY);
+ _parse_config(bind, file, string, SSH_OK);
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE);
- assert_int_equal(rc, 0);
assert_non_null(bind->ecdsakey);
assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY);
- assert_non_null(bind->rsakey);
- assert_string_equal(bind->rsakey, LIBSSH_RSA_TESTKEY);
}
-static void torture_bind_config_hostkey_twice_rec(void **state)
+static void
+torture_bind_config_hostkey2(void **state,
+ const char *file,
+ const char *string)
{
struct bind_st *test_state;
ssh_bind bind;
- int rc;
assert_non_null(state);
test_state = *((struct bind_st **)state);
@@ -511,15 +697,44 @@ static void torture_bind_config_hostkey_twice_rec(void **state)
assert_non_null(test_state->bind);
bind = test_state->bind;
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE_REC);
- assert_int_equal(rc, 0);
+ _parse_config(bind, file, string, SSH_OK);
+
assert_non_null(bind->ecdsakey);
assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY);
assert_non_null(bind->rsakey);
assert_string_equal(bind->rsakey, LIBSSH_RSA_TESTKEY);
}
+static void torture_bind_config_hostkey_file(void **state)
+{
+ torture_bind_config_hostkey(state, LIBSSH_TEST_BIND_CONFIG_HOSTKEY, NULL);
+}
+
+static void torture_bind_config_hostkey_string(void **state)
+{
+ torture_bind_config_hostkey(state, NULL, LIBSSH_TEST_BIND_CONFIG_HOSTKEY_STRING);
+}
+
+static void torture_bind_config_hostkey_twice_file(void **state)
+{
+ torture_bind_config_hostkey2(state, LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE, NULL);
+}
+
+static void torture_bind_config_hostkey_twice_string(void **state)
+{
+ torture_bind_config_hostkey2(state, NULL, LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE_STRING);
+}
+
+static void torture_bind_config_hostkey_twice_rec_file(void **state)
+{
+ torture_bind_config_hostkey2(state, LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE_REC, NULL);
+}
+
+static void torture_bind_config_hostkey_twice_rec_string(void **state)
+{
+ torture_bind_config_hostkey2(state, NULL, LIBSSH_TEST_BIND_CONFIG_HOSTKEY_TWICE_REC_STRING);
+}
+
static void torture_bind_config_hostkey_separately(void **state)
{
struct bind_st *test_state;
@@ -545,12 +760,17 @@ static void torture_bind_config_hostkey_separately(void **state)
assert_string_equal(bind->ecdsakey, LIBSSH_ECDSA_521_TESTKEY);
}
-static void torture_bind_config_loglevel(void **state)
+static void
+torture_bind_config_loglevel(void **state,
+ const char *file,
+ const char *string,
+ int expect)
{
struct bind_st *test_state;
ssh_bind bind;
- int rc;
- int previous_level, new_level;
+ int previous_level, new_level, rc;
+
+ previous_level = ssh_get_log_level();
assert_non_null(state);
test_state = *((struct bind_st **)state);
@@ -558,45 +778,88 @@ static void torture_bind_config_loglevel(void **state)
assert_non_null(test_state->bind);
bind = test_state->bind;
- previous_level = ssh_get_log_level();
-
- rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_LOGLEVEL);
- assert_int_equal(rc, 0);
+ _parse_config(bind, file, string, SSH_OK);
new_level = ssh_get_log_level();
- assert_int_equal(new_level, 2);
+ assert_int_equal(new_level, expect);
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE);
- assert_int_equal(rc, 0);
+ rc = ssh_set_log_level(previous_level);
+ assert_int_equal(rc, SSH_OK);
+}
- new_level = ssh_get_log_level();
- assert_int_equal(new_level, 2);
+static void torture_bind_config_loglevel_file(void **state)
+{
+ torture_bind_config_loglevel(state,
+ LIBSSH_TEST_BIND_CONFIG_LOGLEVEL,
+ NULL,
+ 2);
+}
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE_REC);
- assert_int_equal(rc, 0);
+static void torture_bind_config_loglevel_string(void **state)
+{
+ torture_bind_config_loglevel(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_STRING,
+ 2);
+}
- new_level = ssh_get_log_level();
- assert_int_equal(new_level, 2);
+static void torture_bind_config_loglevel1_file(void **state)
+{
+ torture_bind_config_loglevel(state,
+ LIBSSH_TEST_BIND_CONFIG_LOGLEVEL1,
+ NULL,
+ 1);
+}
- rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_LOGLEVEL2);
- assert_int_equal(rc, 0);
+static void torture_bind_config_loglevel1_string(void **state)
+{
+ torture_bind_config_loglevel(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_LOGLEVEL1_STRING,
+ 1);
+}
- new_level = ssh_get_log_level();
- assert_int_equal(new_level, 1);
+static void torture_bind_config_loglevel_twice_file(void **state)
+{
+ torture_bind_config_loglevel(state,
+ LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE,
+ NULL,
+ 2);
+}
- rc = ssh_set_log_level(previous_level);
- assert_int_equal(rc, SSH_OK);
+static void torture_bind_config_loglevel_twice_string(void **state)
+{
+ torture_bind_config_loglevel(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE_STRING,
+ 2);
+}
+
+static void torture_bind_config_loglevel_twice_rec_file(void **state)
+{
+ torture_bind_config_loglevel(state,
+ LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE_REC,
+ NULL,
+ 2);
+}
+
+static void torture_bind_config_loglevel_twice_rec_string(void **state)
+{
+ torture_bind_config_loglevel(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_LOGLEVEL_TWICE_REC_STRING,
+ 2);
}
-static void torture_bind_config_ciphers(void **state)
+static void
+torture_bind_config_ciphers(void **state,
+ const char *file,
+ const char *string,
+ const char *expect)
{
struct bind_st *test_state;
ssh_bind bind;
- int rc;
char *fips_ciphers = NULL;
- char *fips_ciphers2 = NULL;
assert_non_null(state);
test_state = *((struct bind_st **)state);
@@ -605,73 +868,96 @@ static void torture_bind_config_ciphers(void **state)
bind = test_state->bind;
if (ssh_fips_mode()) {
- fips_ciphers = ssh_keep_fips_algos(SSH_CRYPT_C_S, CIPHERS);
+ fips_ciphers = ssh_keep_fips_algos(SSH_CRYPT_C_S, expect);
assert_non_null(fips_ciphers);
- fips_ciphers2 = ssh_keep_fips_algos(SSH_CRYPT_C_S, CIPHERS2);
- assert_non_null(fips_ciphers2);
}
- rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_CIPHERS);
- assert_int_equal(rc, 0);
- assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]);
- assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]);
- if (ssh_fips_mode()) {
- assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], fips_ciphers);
- assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], fips_ciphers);
- } else {
- assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS);
- assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS);
- }
+ _parse_config(bind, file, string, SSH_OK);
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE);
- assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]);
assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], fips_ciphers);
assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], fips_ciphers);
+ SAFE_FREE(fips_ciphers);
} else {
- assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS);
- assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS);
+ assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], expect);
+ assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], expect);
}
+}
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE_REC);
- assert_int_equal(rc, 0);
+static void torture_bind_config_ciphers_file(void **state)
+{
+ torture_bind_config_ciphers(state,
+ LIBSSH_TEST_BIND_CONFIG_CIPHERS,
+ NULL,
+ CIPHERS);
+}
- assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]);
- assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]);
- if (ssh_fips_mode()) {
- assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], fips_ciphers);
- assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], fips_ciphers);
- } else {
- assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS);
- assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS);
- }
+static void torture_bind_config_ciphers_string(void **state)
+{
+ torture_bind_config_ciphers(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_CIPHERS_STRING,
+ CIPHERS);
+}
- rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_CIPHERS2);
- assert_int_equal(rc, 0);
+static void torture_bind_config_ciphers2_file(void **state)
+{
+ torture_bind_config_ciphers(state,
+ LIBSSH_TEST_BIND_CONFIG_CIPHERS2,
+ NULL,
+ CIPHERS2);
+}
- assert_non_null(bind->wanted_methods[SSH_CRYPT_C_S]);
- assert_non_null(bind->wanted_methods[SSH_CRYPT_S_C]);
- if (ssh_fips_mode()) {
- assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], fips_ciphers2);
- assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], fips_ciphers2);
- } else {
- assert_string_equal(bind->wanted_methods[SSH_CRYPT_C_S], CIPHERS2);
- assert_string_equal(bind->wanted_methods[SSH_CRYPT_S_C], CIPHERS2);
- }
+static void torture_bind_config_ciphers2_string(void **state)
+{
+ torture_bind_config_ciphers(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_CIPHERS2_STRING,
+ CIPHERS2);
+}
- SAFE_FREE(fips_ciphers);
- SAFE_FREE(fips_ciphers2);
+static void torture_bind_config_ciphers_twice_file(void **state)
+{
+ torture_bind_config_ciphers(state,
+ LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE,
+ NULL,
+ CIPHERS);
+}
+
+static void torture_bind_config_ciphers_twice_string(void **state)
+{
+ torture_bind_config_ciphers(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE_STRING,
+ CIPHERS);
}
-static void torture_bind_config_macs(void **state)
+static void torture_bind_config_ciphers_twice_rec_file(void **state)
+{
+ torture_bind_config_ciphers(state,
+ LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE_REC,
+ NULL,
+ CIPHERS);
+}
+
+static void torture_bind_config_ciphers_twice_rec_string(void **state)
+{
+ torture_bind_config_ciphers(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_CIPHERS_TWICE_REC_STRING,
+ CIPHERS);
+}
+
+static void
+torture_bind_config_macs(void **state,
+ const char *file,
+ const char *string,
+ const char *expect)
{
struct bind_st *test_state;
ssh_bind bind;
- int rc;
assert_non_null(state);
test_state = *((struct bind_st **)state);
@@ -679,59 +965,87 @@ static void torture_bind_config_macs(void **state)
assert_non_null(test_state->bind);
bind = test_state->bind;
- rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_MACS);
- assert_int_equal(rc, 0);
-
- assert_non_null(bind->wanted_methods[SSH_MAC_S_C]);
- assert_string_equal(bind->wanted_methods[SSH_MAC_S_C], MACS);
+ _parse_config(bind, file, string, SSH_OK);
assert_non_null(bind->wanted_methods[SSH_MAC_C_S]);
- assert_string_equal(bind->wanted_methods[SSH_MAC_C_S], MACS);
-
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_MACS_TWICE);
- assert_int_equal(rc, 0);
-
assert_non_null(bind->wanted_methods[SSH_MAC_S_C]);
- assert_string_equal(bind->wanted_methods[SSH_MAC_S_C], MACS);
+ assert_string_equal(bind->wanted_methods[SSH_MAC_C_S], expect);
+ assert_string_equal(bind->wanted_methods[SSH_MAC_S_C], expect);
+}
- assert_non_null(bind->wanted_methods[SSH_MAC_C_S]);
- assert_string_equal(bind->wanted_methods[SSH_MAC_C_S], MACS);
+static void torture_bind_config_macs_file(void **state)
+{
+ torture_bind_config_macs(state,
+ LIBSSH_TEST_BIND_CONFIG_MACS,
+ NULL,
+ MACS);
+}
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_MACS_TWICE_REC);
- assert_int_equal(rc, 0);
+static void torture_bind_config_macs_string(void **state)
+{
+ torture_bind_config_macs(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_MACS_STRING,
+ MACS);
+}
- assert_non_null(bind->wanted_methods[SSH_MAC_S_C]);
- assert_string_equal(bind->wanted_methods[SSH_MAC_S_C], MACS);
+static void torture_bind_config_macs2_file(void **state)
+{
+ torture_bind_config_macs(state,
+ LIBSSH_TEST_BIND_CONFIG_MACS2,
+ NULL,
+ MACS2);
+}
- assert_non_null(bind->wanted_methods[SSH_MAC_C_S]);
- assert_string_equal(bind->wanted_methods[SSH_MAC_C_S], MACS);
+static void torture_bind_config_macs2_string(void **state)
+{
+ torture_bind_config_macs(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_MACS2_STRING,
+ MACS2);
+}
- rc = ssh_bind_config_parse_file(bind, LIBSSH_TEST_BIND_CONFIG_MACS2);
- assert_int_equal(rc, 0);
+static void torture_bind_config_macs_twice_file(void **state)
+{
+ torture_bind_config_macs(state,
+ LIBSSH_TEST_BIND_CONFIG_MACS_TWICE,
+ NULL,
+ MACS);
+}
- assert_non_null(bind->wanted_methods[SSH_MAC_S_C]);
- assert_string_equal(bind->wanted_methods[SSH_MAC_S_C], MACS2);
+static void torture_bind_config_macs_twice_string(void **state)
+{
+ torture_bind_config_macs(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_MACS_TWICE_STRING,
+ MACS);
+}
- assert_non_null(bind->wanted_methods[SSH_MAC_C_S]);
- assert_string_equal(bind->wanted_methods[SSH_MAC_C_S], MACS2);
+static void torture_bind_config_macs_twice_rec_file(void **state)
+{
+ torture_bind_config_macs(state,
+ LIBSSH_TEST_BIND_CONFIG_MACS_TWICE_REC,
+ NULL,
+ MACS);
+}
+
+static void torture_bind_config_macs_twice_rec_string(void **state)
+{
+ torture_bind_config_macs(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_MACS_TWICE_REC_STRING,
+ MACS);
}
-static void torture_bind_config_kexalgorithms(void **state)
+static void
+torture_bind_config_kexalgorithms(void **state,
+ const char *file,
+ const char *string,
+ const char *expect)
{
struct bind_st *test_state;
ssh_bind bind;
char *fips_kex = NULL;
- char *fips_kex2 = NULL;
- int rc;
-
- if (ssh_fips_mode()) {
- fips_kex = ssh_keep_fips_algos(SSH_KEX, KEXALGORITHMS);
- assert_non_null(fips_kex);
- fips_kex2 = ssh_keep_fips_algos(SSH_KEX, KEXALGORITHMS2);
- assert_non_null(fips_kex2);
- }
assert_non_null(state);
test_state = *((struct bind_st **)state);
@@ -739,64 +1053,95 @@ static void torture_bind_config_kexalgorithms(void **state)
assert_non_null(test_state->bind);
bind = test_state->bind;
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS);
- assert_int_equal(rc, 0);
- assert_non_null(bind->wanted_methods[SSH_KEX]);
if (ssh_fips_mode()) {
- assert_string_equal(bind->wanted_methods[SSH_KEX], fips_kex);
- } else {
- assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS);
+ fips_kex = ssh_keep_fips_algos(SSH_KEX, expect);
+ assert_non_null(fips_kex);
}
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE);
- assert_int_equal(rc, 0);
- assert_non_null(bind->wanted_methods[SSH_KEX]);
- if (ssh_fips_mode()) {
- assert_string_equal(bind->wanted_methods[SSH_KEX], fips_kex);
- } else {
- assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS);
- }
+ _parse_config(bind, file, string, SSH_OK);
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE_REC);
- assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_KEX]);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_KEX], fips_kex);
+ SAFE_FREE(fips_kex);
} else {
- assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS);
+ assert_string_equal(bind->wanted_methods[SSH_KEX], expect);
}
+}
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS2);
- assert_int_equal(rc, 0);
- assert_non_null(bind->wanted_methods[SSH_KEX]);
- if (ssh_fips_mode()) {
- assert_string_equal(bind->wanted_methods[SSH_KEX], fips_kex2);
- } else {
- assert_string_equal(bind->wanted_methods[SSH_KEX], KEXALGORITHMS2);
- }
+static void torture_bind_config_kexalgorithms_file(void **state)
+{
+ torture_bind_config_kexalgorithms(state,
+ LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS,
+ NULL,
+ KEXALGORITHMS);
+}
- SAFE_FREE(fips_kex);
- SAFE_FREE(fips_kex2);
+static void torture_bind_config_kexalgorithms_string(void **state)
+{
+ torture_bind_config_kexalgorithms(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_STRING,
+ KEXALGORITHMS);
+}
+
+static void torture_bind_config_kexalgorithms2_file(void **state)
+{
+ torture_bind_config_kexalgorithms(state,
+ LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS2,
+ NULL,
+ KEXALGORITHMS2);
+}
+
+static void torture_bind_config_kexalgorithms2_string(void **state)
+{
+ torture_bind_config_kexalgorithms(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS2_STRING,
+ KEXALGORITHMS2);
+}
+
+static void torture_bind_config_kexalgorithms_twice_file(void **state)
+{
+ torture_bind_config_kexalgorithms(state,
+ LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE,
+ NULL,
+ KEXALGORITHMS);
+}
+
+static void torture_bind_config_kexalgorithms_twice_string(void **state)
+{
+ torture_bind_config_kexalgorithms(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE_STRING,
+ KEXALGORITHMS);
+}
+
+static void torture_bind_config_kexalgorithms_twice_rec_file(void **state)
+{
+ torture_bind_config_kexalgorithms(state,
+ LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE_REC,
+ NULL,
+ KEXALGORITHMS);
}
-static void torture_bind_config_pubkey_accepted(void **state)
+static void torture_bind_config_kexalgorithms_twice_rec_string(void **state)
+{
+ torture_bind_config_kexalgorithms(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_KEXALGORITHMS_TWICE_REC_STRING,
+ KEXALGORITHMS);
+}
+
+static void
+torture_bind_config_pubkey_accepted(void **state,
+ const char *file,
+ const char *string,
+ const char *expect)
{
struct bind_st *test_state;
ssh_bind bind;
- int rc;
char *fips_pubkeys = NULL;
- char *fips_pubkeys2 = NULL;
-
- if (ssh_fips_mode()) {
- fips_pubkeys = ssh_keep_fips_algos(SSH_HOSTKEYS, PUBKEYACCEPTEDTYPES);
- assert_non_null(fips_pubkeys);
- fips_pubkeys2 = ssh_keep_fips_algos(SSH_HOSTKEYS, PUBKEYACCEPTEDTYPES2);
- assert_non_null(fips_pubkeys2);
- }
assert_non_null(state);
test_state = *((struct bind_st **)state);
@@ -804,75 +1149,111 @@ static void torture_bind_config_pubkey_accepted(void **state)
assert_non_null(test_state->bind);
bind = test_state->bind;
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED);
- assert_int_equal(rc, 0);
- assert_non_null(bind->pubkey_accepted_key_types);
if (ssh_fips_mode()) {
- assert_string_equal(bind->pubkey_accepted_key_types, fips_pubkeys);
- } else {
- assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES);
+ fips_pubkeys = ssh_keep_fips_algos(SSH_HOSTKEYS, expect);
+ assert_non_null(fips_pubkeys);
}
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED2);
- assert_int_equal(rc, 0);
- assert_non_null(bind->pubkey_accepted_key_types);
- if (ssh_fips_mode()) {
- assert_string_equal(bind->pubkey_accepted_key_types, fips_pubkeys2);
- } else {
- assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES2);
- }
+ _parse_config(bind, file, string, SSH_OK);
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE);
- assert_int_equal(rc, 0);
assert_non_null(bind->pubkey_accepted_key_types);
if (ssh_fips_mode()) {
assert_string_equal(bind->pubkey_accepted_key_types, fips_pubkeys);
+ SAFE_FREE(fips_pubkeys);
} else {
- assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES);
+ assert_string_equal(bind->pubkey_accepted_key_types, expect);
}
+}
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE_REC);
- assert_int_equal(rc, 0);
- assert_non_null(bind->pubkey_accepted_key_types);
- if (ssh_fips_mode()) {
- assert_string_equal(bind->pubkey_accepted_key_types, fips_pubkeys2);
- } else {
- assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES2);
- }
+static void torture_bind_config_pubkey_accepted_file(void **state)
+{
+ torture_bind_config_pubkey_accepted(state,
+ LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED,
+ NULL,
+ PUBKEYACCEPTEDTYPES);
+}
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_UNKNOWN);
- assert_int_equal(rc, 0);
- assert_non_null(bind->pubkey_accepted_key_types);
- if (ssh_fips_mode()) {
- assert_string_equal(bind->pubkey_accepted_key_types, fips_pubkeys);
- } else {
- assert_string_equal(bind->pubkey_accepted_key_types, PUBKEYACCEPTEDTYPES);
- }
+static void torture_bind_config_pubkey_accepted_string(void **state)
+{
+ torture_bind_config_pubkey_accepted(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_STRING,
+ PUBKEYACCEPTEDTYPES);
+}
- SAFE_FREE(fips_pubkeys);
- SAFE_FREE(fips_pubkeys2);
+static void torture_bind_config_pubkey_accepted_twice_file(void **state)
+{
+ torture_bind_config_pubkey_accepted(state,
+ LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE,
+ NULL,
+ PUBKEYACCEPTEDTYPES);
}
-static void torture_bind_config_hostkey_algorithms(void **state)
+static void torture_bind_config_pubkey_accepted_twice_string(void **state)
{
- struct bind_st *test_state;
- ssh_bind bind;
- int rc;
+ torture_bind_config_pubkey_accepted(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE_STRING,
+ PUBKEYACCEPTEDTYPES);
+}
- char *fips_hostkeys = NULL;
- char *fips_hostkeys2 = NULL;
+static void torture_bind_config_pubkey_accepted_twice_rec_file(void **state)
+{
+ torture_bind_config_pubkey_accepted(state,
+ LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE_REC,
+ NULL,
+ PUBKEYACCEPTEDTYPES2);
+}
- if (ssh_fips_mode()) {
- fips_hostkeys = ssh_keep_fips_algos(SSH_HOSTKEYS, HOSTKEYALGORITHMS);
- assert_non_null(fips_hostkeys);
- fips_hostkeys2 = ssh_keep_fips_algos(SSH_HOSTKEYS, HOSTKEYALGORITHMS2);
- assert_non_null(fips_hostkeys2);
- }
+static void torture_bind_config_pubkey_accepted_twice_rec_string(void **state)
+{
+ torture_bind_config_pubkey_accepted(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_TWICE_REC_STRING,
+ PUBKEYACCEPTEDTYPES2);
+}
+
+static void torture_bind_config_pubkey_accepted_unknown_file(void **state)
+{
+ torture_bind_config_pubkey_accepted(state,
+ LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_UNKNOWN,
+ NULL,
+ PUBKEYACCEPTEDTYPES);
+}
+
+static void torture_bind_config_pubkey_accepted_unknown_string(void **state)
+{
+ torture_bind_config_pubkey_accepted(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED_UNKNOWN_STRING,
+ PUBKEYACCEPTEDTYPES);
+}
+
+static void torture_bind_config_pubkey_accepted2_file(void **state)
+{
+ torture_bind_config_pubkey_accepted(state,
+ LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED2,
+ NULL,
+ PUBKEYACCEPTEDTYPES2);
+}
+
+static void torture_bind_config_pubkey_accepted2_string(void **state)
+{
+ torture_bind_config_pubkey_accepted(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_PUBKEY_ACCEPTED2_STRING,
+ PUBKEYACCEPTEDTYPES2);
+}
+
+static void
+torture_bind_config_hostkey_algorithms(void **state,
+ const char *file,
+ const char *string,
+ const char *expect)
+{
+ struct bind_st *test_state;
+ ssh_bind bind;
+ char *fips_hostkey = NULL;
assert_non_null(state);
test_state = *((struct bind_st **)state);
@@ -880,58 +1261,100 @@ static void torture_bind_config_hostkey_algorithms(void **state)
assert_non_null(test_state->bind);
bind = test_state->bind;
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS);
- assert_int_equal(rc, 0);
- assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]);
if (ssh_fips_mode()) {
- assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], fips_hostkeys);
- } else {
- assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS);
+ fips_hostkey = ssh_keep_fips_algos(SSH_HOSTKEYS, expect);
+ assert_non_null(fips_hostkey);
}
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS2);
- assert_int_equal(rc, 0);
- assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]);
- if (ssh_fips_mode()) {
- assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], fips_hostkeys2);
- } else {
- assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS2);
- }
+ _parse_config(bind, file, string, SSH_OK);
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE);
- assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]);
if (ssh_fips_mode()) {
- assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], fips_hostkeys);
+ assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], fips_hostkey);
+ SAFE_FREE(fips_hostkey);
} else {
- assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS);
+ assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], expect);
}
+}
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE_REC);
- assert_int_equal(rc, 0);
- assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]);
- if (ssh_fips_mode()) {
- assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], fips_hostkeys2);
- } else {
- assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS2);
- }
+static void torture_bind_config_hostkey_algorithms_file(void **state)
+{
+ torture_bind_config_hostkey_algorithms(state,
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS,
+ NULL,
+ HOSTKEYALGORITHMS);
+}
- rc = ssh_bind_config_parse_file(bind,
- LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_UNKNOWN);
- assert_int_equal(rc, 0);
- assert_non_null(bind->wanted_methods[SSH_HOSTKEYS]);
- if (ssh_fips_mode()) {
- assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], fips_hostkeys);
- } else {
- assert_string_equal(bind->wanted_methods[SSH_HOSTKEYS], HOSTKEYALGORITHMS);
- }
+static void torture_bind_config_hostkey_algorithms_string(void **state)
+{
+ torture_bind_config_hostkey_algorithms(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_STRING,
+ HOSTKEYALGORITHMS);
+}
+
+static void torture_bind_config_hostkey_algorithms_twice_file(void **state)
+{
+ torture_bind_config_hostkey_algorithms(state,
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE,
+ NULL,
+ HOSTKEYALGORITHMS);
+}
+
+static void torture_bind_config_hostkey_algorithms_twice_string(void **state)
+{
+ torture_bind_config_hostkey_algorithms(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE_STRING,
+ HOSTKEYALGORITHMS);
+}
+
+static void torture_bind_config_hostkey_algorithms_twice_rec_file(void **state)
+{
+ torture_bind_config_hostkey_algorithms(state,
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE_REC,
+ NULL,
+ HOSTKEYALGORITHMS2);
+}
+
+static void torture_bind_config_hostkey_algorithms_twice_rec_string(void **state)
+{
+ torture_bind_config_hostkey_algorithms(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_TWICE_REC_STRING,
+ HOSTKEYALGORITHMS2);
+}
+
+static void torture_bind_config_hostkey_algorithms2_file(void **state)
+{
+ torture_bind_config_hostkey_algorithms(state,
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS2,
+ NULL,
+ HOSTKEYALGORITHMS2);
+}
- SAFE_FREE(fips_hostkeys);
- SAFE_FREE(fips_hostkeys2);
+static void torture_bind_config_hostkey_algorithms2_string(void **state)
+{
+ torture_bind_config_hostkey_algorithms(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS2_STRING,
+ HOSTKEYALGORITHMS2);
+}
+
+static void torture_bind_config_hostkey_algorithms_unknown_file(void **state)
+{
+ torture_bind_config_hostkey_algorithms(state,
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_UNKNOWN,
+ NULL,
+ HOSTKEYALGORITHMS);
+}
+
+static void torture_bind_config_hostkey_algorithms_unknown_string(void **state)
+{
+ torture_bind_config_hostkey_algorithms(state,
+ NULL,
+ LIBSSH_TEST_BIND_CONFIG_HOSTKEY_ALGORITHMS_UNKNOWN_STRING,
+ HOSTKEYALGORITHMS);
}
static int assert_full_bind_config(void **state)
@@ -1076,6 +1499,23 @@ static void torture_bind_config_include_recursive(void **state)
assert_int_equal(rc, SSH_OK);
}
+static void torture_bind_config_include_recursive_loop(void **state)
+{
+ struct bind_st *test_state;
+ ssh_bind bind;
+ int rc;
+
+ assert_non_null(state);
+ test_state = *((struct bind_st **)state);
+ assert_non_null(test_state);
+ assert_non_null(test_state->bind);
+ bind = test_state->bind;
+
+ rc = ssh_bind_config_parse_file(bind,
+ LIBSSH_TEST_BIND_CONFIG_INCLUDE_RECURSIVE_LOOP);
+ assert_int_equal(rc, 0);
+}
+
/**
* @brief Verify the configuration parser does not choke on unknown
* or unsupported configuration options
@@ -1263,23 +1703,115 @@ int torture_run_tests(void)
{
int rc;
struct CMUnitTest tests[] = {
- cmocka_unit_test_setup_teardown(torture_bind_config_listen_address,
+ cmocka_unit_test_setup_teardown(torture_bind_config_listen_address_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_listen_address_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_listen_address2_file,
sshbind_setup, sshbind_teardown),
- cmocka_unit_test_setup_teardown(torture_bind_config_port,
+ cmocka_unit_test_setup_teardown(torture_bind_config_listen_address2_string,
sshbind_setup, sshbind_teardown),
- cmocka_unit_test_setup_teardown(torture_bind_config_hostkey,
+ cmocka_unit_test_setup_teardown(torture_bind_config_listen_address_twice_file,
sshbind_setup, sshbind_teardown),
- cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_twice_rec,
+ cmocka_unit_test_setup_teardown(torture_bind_config_listen_address_twice_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_listen_address_twice_rec_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_listen_address_twice_rec_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_port_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_port_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_port2_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_port2_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_port_twice_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_port_twice_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_port_twice_rec_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_port_twice_rec_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_twice_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_twice_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_twice_rec_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_twice_rec_string,
sshbind_setup, sshbind_teardown),
cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_separately,
sshbind_setup, sshbind_teardown),
- cmocka_unit_test_setup_teardown(torture_bind_config_loglevel,
+ cmocka_unit_test_setup_teardown(torture_bind_config_loglevel_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_loglevel_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_loglevel1_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_loglevel1_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_loglevel_twice_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_loglevel_twice_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_loglevel_twice_rec_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_loglevel_twice_rec_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_ciphers_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_ciphers_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_ciphers2_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_ciphers2_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_ciphers_twice_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_ciphers_twice_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_ciphers_twice_rec_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_ciphers_twice_rec_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_macs_file,
sshbind_setup, sshbind_teardown),
- cmocka_unit_test_setup_teardown(torture_bind_config_ciphers,
+ cmocka_unit_test_setup_teardown(torture_bind_config_macs_string,
sshbind_setup, sshbind_teardown),
- cmocka_unit_test_setup_teardown(torture_bind_config_macs,
+ cmocka_unit_test_setup_teardown(torture_bind_config_macs2_file,
sshbind_setup, sshbind_teardown),
- cmocka_unit_test_setup_teardown(torture_bind_config_kexalgorithms,
+ cmocka_unit_test_setup_teardown(torture_bind_config_macs2_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_macs_twice_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_macs_twice_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_macs_twice_rec_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_macs_twice_rec_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_kexalgorithms_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_kexalgorithms_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_kexalgorithms2_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_kexalgorithms2_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_kexalgorithms_twice_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_kexalgorithms_twice_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_kexalgorithms_twice_rec_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_kexalgorithms_twice_rec_string,
sshbind_setup, sshbind_teardown),
cmocka_unit_test_setup_teardown(torture_bind_config_full,
sshbind_setup, sshbind_teardown),
@@ -1287,6 +1819,8 @@ int torture_run_tests(void)
sshbind_setup, sshbind_teardown),
cmocka_unit_test_setup_teardown(torture_bind_config_include_recursive,
sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_include_recursive_loop,
+ sshbind_setup, sshbind_teardown),
cmocka_unit_test_setup_teardown(torture_bind_config_corner_cases,
sshbind_setup, sshbind_teardown),
cmocka_unit_test_setup_teardown(torture_bind_config_match_all,
@@ -1301,9 +1835,45 @@ int torture_run_tests(void)
sshbind_setup, sshbind_teardown),
cmocka_unit_test_setup_teardown(torture_bind_config_match_invalid,
sshbind_setup, sshbind_teardown),
- cmocka_unit_test_setup_teardown(torture_bind_config_pubkey_accepted,
+ cmocka_unit_test_setup_teardown(torture_bind_config_pubkey_accepted_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_pubkey_accepted_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_pubkey_accepted_twice_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_pubkey_accepted_twice_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_pubkey_accepted_twice_rec_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_pubkey_accepted_twice_rec_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_pubkey_accepted2_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_pubkey_accepted2_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_pubkey_accepted_unknown_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_pubkey_accepted_unknown_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_algorithms_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_algorithms_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_algorithms_twice_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_algorithms_twice_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_algorithms_twice_rec_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_algorithms_twice_rec_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_algorithms2_file,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_algorithms2_string,
+ sshbind_setup, sshbind_teardown),
+ cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_algorithms_unknown_file,
sshbind_setup, sshbind_teardown),
- cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_algorithms,
+ cmocka_unit_test_setup_teardown(torture_bind_config_hostkey_algorithms_unknown_string,
sshbind_setup, sshbind_teardown),
};
diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c
index 08b67deb..a23acc9c 100644
--- a/tests/unittests/torture_config.c
+++ b/tests/unittests/torture_config.c
@@ -38,6 +38,7 @@ extern LIBSSH_THREAD int ssh_log_level;
#define LIBSSH_TEST_PUBKEYTYPES "libssh_test_PubkeyAcceptedKeyTypes.tmp"
#define LIBSSH_TEST_NONEWLINEEND "libssh_test_NoNewLineEnd.tmp"
#define LIBSSH_TEST_NONEWLINEONELINE "libssh_test_NoNewLineOneline.tmp"
+#define LIBSSH_TEST_RECURSIVE_INCLUDE "libssh_test_recursive_include.tmp"
#define LIBSSH_TESTCONFIG_STRING1 \
"User "USERNAME"\nInclude "LIBSSH_TESTCONFIG2"\n\n"
@@ -183,6 +184,9 @@ extern LIBSSH_THREAD int ssh_log_level;
#define LIBSSH_TEST_NONEWLINEONELINE_STRING \
"ConnectTimeout 30"
+#define LIBSSH_TEST_RECURSIVE_INCLUDE_STRING \
+ "Include " LIBSSH_TEST_RECURSIVE_INCLUDE
+
/**
* @brief helper function loading configuration from either file or string
*/
@@ -418,6 +422,22 @@ static void torture_config_include_string(void **state)
}
/**
+ * @brief tests ssh_config_parse_file with recursive Include directives from file
+ */
+static void torture_config_include_recursive_file(void **state)
+{
+ _parse_config(*state, LIBSSH_TEST_RECURSIVE_INCLUDE, NULL, SSH_OK);
+}
+
+/**
+ * @brief tests ssh_config_parse_string with Include directives from string
+ */
+static void torture_config_include_recursive_string(void **state)
+{
+ _parse_config(*state, NULL, LIBSSH_TEST_RECURSIVE_INCLUDE_STRING, SSH_OK);
+}
+
+/**
* @brief tests ssh_config_parse_file with multiple Port settings.
*/
static void torture_config_double_ports_file(void **state)
@@ -1646,6 +1666,10 @@ int torture_run_tests(void)
setup, teardown),
cmocka_unit_test_setup_teardown(torture_config_include_string,
setup, teardown),
+ cmocka_unit_test_setup_teardown(torture_config_include_recursive_file,
+ setup, teardown),
+ cmocka_unit_test_setup_teardown(torture_config_include_recursive_string,
+ setup, teardown),
cmocka_unit_test_setup_teardown(torture_config_double_ports_file,
setup, teardown),
cmocka_unit_test_setup_teardown(torture_config_double_ports_string,