Add a test for fragmented alerts
The previous commit fixed a problem where fragmented alerts would cause an infinite loop. This commit adds a test for these fragmented alerts. Reviewed-by: Andy Polyakov <appro@openssl.org>
This commit is contained in:
Matt Caswell
parent
63916e9a23
commit
c3fd55d4a6
2 changed files with 63 additions and 2 deletions
|
|
@ -38,7 +38,7 @@ my $proxy = TLSProxy::Proxy->new(
|
|||
my $content_type = TLSProxy::Record::RT_APPLICATION_DATA;
|
||||
my $inject_recs_num = 1;
|
||||
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
|
||||
plan tests => 3;
|
||||
plan tests => 4;
|
||||
ok(TLSProxy::Message->fail(), "Out of context empty records test");
|
||||
|
||||
#Test 2: Injecting in context empty records should succeed
|
||||
|
|
@ -54,6 +54,14 @@ $inject_recs_num = 33;
|
|||
$proxy->start();
|
||||
ok(TLSProxy::Message->fail(), "Too many in context empty records test");
|
||||
|
||||
#Test 4: Injecting a fragmented fatal alert should fail. We actually expect no
|
||||
# alerts to be sent from either side because *we* injected the fatal
|
||||
# alert, i.e. this will look like a disorderly close
|
||||
$proxy->clear();
|
||||
$proxy->filter(\&add_frag_alert_filter);
|
||||
$proxy->start();
|
||||
ok(!TLSProxy::Message->end(), "Fragmented alert records test");
|
||||
|
||||
sub add_empty_recs_filter
|
||||
{
|
||||
my $proxy = shift;
|
||||
|
|
@ -78,3 +86,55 @@ sub add_empty_recs_filter
|
|||
push @{$proxy->record_list}, $record;
|
||||
}
|
||||
}
|
||||
|
||||
sub add_frag_alert_filter
|
||||
{
|
||||
my $proxy = shift;
|
||||
my $byte;
|
||||
|
||||
# We're only interested in the initial ClientHello
|
||||
if ($proxy->flight != 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
# Add a zero length fragment first
|
||||
#my $record = TLSProxy::Record->new(
|
||||
# 0,
|
||||
# TLSProxy::Record::RT_ALERT,
|
||||
# TLSProxy::Record::VERS_TLS_1_2,
|
||||
# 0,
|
||||
# 0,
|
||||
# 0,
|
||||
# "",
|
||||
# ""
|
||||
#);
|
||||
#push @{$proxy->record_list}, $record;
|
||||
|
||||
# Now add the alert level (Fatal) as a seperate record
|
||||
$byte = pack('C', TLSProxy::Message::AL_LEVEL_FATAL);
|
||||
my $record = TLSProxy::Record->new(
|
||||
0,
|
||||
TLSProxy::Record::RT_ALERT,
|
||||
TLSProxy::Record::VERS_TLS_1_2,
|
||||
1,
|
||||
1,
|
||||
1,
|
||||
$byte,
|
||||
$byte
|
||||
);
|
||||
push @{$proxy->record_list}, $record;
|
||||
|
||||
# And finally the description (Unexpected message) in a third record
|
||||
$byte = pack('C', TLSProxy::Message::AL_DESC_UNEXPECTED_MESSAGE);
|
||||
$record = TLSProxy::Record->new(
|
||||
0,
|
||||
TLSProxy::Record::RT_ALERT,
|
||||
TLSProxy::Record::VERS_TLS_1_2,
|
||||
1,
|
||||
1,
|
||||
1,
|
||||
$byte,
|
||||
$byte
|
||||
);
|
||||
push @{$proxy->record_list}, $record;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,7 +36,8 @@ use constant {
|
|||
|
||||
#Alert descriptions
|
||||
use constant {
|
||||
AL_DESC_CLOSE_NOTIFY => 0
|
||||
AL_DESC_CLOSE_NOTIFY => 0,
|
||||
AL_DESC_UNEXPECTED_MESSAGE => 10
|
||||
};
|
||||
|
||||
my %message_type = (
|
||||
|
|
|
|||
Loading…
Reference in a new issue