OLD | NEW |
(Empty) | |
| 1 /* |
| 2 * Copyright (c) 2014 The Native Client Authors. All rights reserved. |
| 3 * Use of this source code is governed by a BSD-style license that can be |
| 4 * found in the LICENSE file. |
| 5 */ |
| 6 #include <string.h> |
| 7 |
| 8 #include "native_client/src/include/minsfi.h" |
| 9 #include "native_client/src/include/minsfi_priv.h" |
| 10 #include "native_client/src/include/nacl_assert.h" |
| 11 |
| 12 /* |
| 13 * Helper function which creates a NULL-terminated string that occupies |
| 14 * the given number of bytes. |
| 15 */ |
| 16 static inline char *get_str(int bytes) { |
| 17 char *str = (char*) malloc(bytes); |
| 18 memset(str, 'A', bytes - 1); |
| 19 str[bytes - 1] = 0; |
| 20 return str; |
| 21 } |
| 22 |
| 23 /* |
| 24 * Test the CopyArguments function. We verify that it will not attempt to write |
| 25 * beyond the bounds of the untrusted stack. |
| 26 */ |
| 27 void test_copy_limits(void) { |
| 28 const MinsfiSandbox *sb; |
| 29 int stack_fit; |
| 30 char *argv_fit[1]; |
| 31 char *argv_info_overflow[1]; |
| 32 char *argv_arg_overflow[2]; |
| 33 |
| 34 /* Initialize the sandbox. */ |
| 35 MinsfiInitializeSandbox(); |
| 36 sb = MinsfiGetActiveSandbox(); |
| 37 |
| 38 /* argc < 0 doesn't make sense */ |
| 39 ASSERT_EQ(0, MinsfiCopyArguments(-5, NULL, sb)); |
| 40 |
| 41 /* |
| 42 * Test that CopyArguments allows to fill the whole stack. |
| 43 * The info structure will contain two integers. We cannot invoke the sandbox |
| 44 * because it would immediately overflow the stack. |
| 45 */ |
| 46 stack_fit = sb->mem_layout.stack.length - 2 * sizeof(sfiptr_t); |
| 47 argv_fit[0] = get_str(stack_fit); |
| 48 ASSERT_EQ(sb->mem_layout.stack.offset, MinsfiCopyArguments(1, argv_fit, sb)); |
| 49 |
| 50 /* |
| 51 * Test that CopyArguments fails if the arguments don't leave enough space |
| 52 * for the info structure. |
| 53 */ |
| 54 argv_info_overflow[0] = get_str(stack_fit + 1); |
| 55 ASSERT_EQ(0, MinsfiCopyArguments(1, argv_info_overflow, sb)); |
| 56 ASSERT_EQ(EXIT_FAILURE, MinsfiInvokeSandbox(1, argv_info_overflow)); |
| 57 |
| 58 /* |
| 59 * Test that CopyArguments fails if the arguments do not fit onto the stack. |
| 60 * The info structure will contain three integers. |
| 61 */ |
| 62 stack_fit = sb->mem_layout.stack.length - 3 * sizeof(sfiptr_t); |
| 63 argv_arg_overflow[0] = get_str(stack_fit - 15); |
| 64 argv_arg_overflow[1] = get_str(16); |
| 65 ASSERT_EQ(0, MinsfiCopyArguments(2, argv_arg_overflow, sb)); |
| 66 ASSERT_EQ(EXIT_FAILURE, MinsfiInvokeSandbox(2, argv_arg_overflow)); |
| 67 |
| 68 /* Clean up. */ |
| 69 MinsfiDestroySandbox(); |
| 70 free(argv_fit[0]); |
| 71 free(argv_info_overflow[0]); |
| 72 free(argv_arg_overflow[0]); |
| 73 free(argv_arg_overflow[1]); |
| 74 } |
| 75 |
| 76 /* |
| 77 * This tests whether arguments are correctly passed to the sandbox. We do |
| 78 * this by passing it a series of strings containing integer numbers. The |
| 79 * sandbox is expected to parse the arguments and return their sum. |
| 80 */ |
| 81 void test_arguments_valid(void) { |
| 82 char *argv_99[] = { "99" }; |
| 83 char *argv_1_22_333[] = { "1", "22", "333" }; |
| 84 |
| 85 /* Prepare the sandbox. */ |
| 86 MinsfiInitializeSandbox(); |
| 87 |
| 88 /* Empty arguments. The sandbox should always receive at least one argument |
| 89 * (the name of the binary) but we test this anyway. */ |
| 90 ASSERT_EQ(0, MinsfiInvokeSandbox(0, NULL)); |
| 91 |
| 92 /* Single argument. */ |
| 93 ASSERT_EQ(99, MinsfiInvokeSandbox(1, argv_99)); |
| 94 |
| 95 /* Multiple arguments. */ |
| 96 ASSERT_EQ(356, MinsfiInvokeSandbox(3, argv_1_22_333)); |
| 97 |
| 98 /* Clean up. */ |
| 99 MinsfiDestroySandbox(); |
| 100 } |
| 101 |
| 102 int main(void) { |
| 103 test_copy_limits(); |
| 104 test_arguments_valid(); |
| 105 return 0; |
| 106 } |
OLD | NEW |