CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
[samba.git] / lib / ldb / tests / ldb_match_test.c
1 /*
2  * Tests exercising the ldb match operations.
3  *
4  *
5  * Copyright (C) Catalyst.NET Ltd 2017
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 3 of the License, or
10  * (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
19  *
20  */
21
22 /*
23  * from cmocka.c:
24  * These headers or their equivalents should be included prior to
25  * including
26  * this header file.
27  *
28  * #include <stdarg.h>
29  * #include <stddef.h>
30  * #include <setjmp.h>
31  *
32  * This allows test applications to use custom definitions of C standard
33  * library functions and types.
34  */
35 #include <stdarg.h>
36 #include <stddef.h>
37 #include <stdint.h>
38 #include <setjmp.h>
39 #include <cmocka.h>
40
41 #include "../common/ldb_match.c"
42
43 #include "../include/ldb.h"
44
45 struct ldbtest_ctx {
46         struct tevent_context *ev;
47         struct ldb_context *ldb;
48 };
49
50 static int ldb_test_canonicalise(
51         struct ldb_context *ldb,
52         void *mem_ctx,
53         const struct ldb_val *in,
54         struct ldb_val *out)
55 {
56         out->length = in->length;
57         out->data = in->data;
58         return 0;
59 }
60
61 static int setup(void **state)
62 {
63         struct ldbtest_ctx *test_ctx;
64         struct ldb_schema_syntax *syntax = NULL;
65         int ret;
66
67         test_ctx = talloc_zero(NULL, struct ldbtest_ctx);
68         assert_non_null(test_ctx);
69
70         test_ctx->ev = tevent_context_init(test_ctx);
71         assert_non_null(test_ctx->ev);
72
73         test_ctx->ldb = ldb_init(test_ctx, test_ctx->ev);
74         assert_non_null(test_ctx->ldb);
75
76         syntax = talloc_zero(test_ctx, struct ldb_schema_syntax);
77         assert_non_null(syntax);
78         syntax->canonicalise_fn = ldb_test_canonicalise;
79
80         ret = ldb_schema_attribute_add_with_syntax(
81             test_ctx->ldb, "a", LDB_ATTR_FLAG_FIXED, syntax);
82         assert_int_equal(LDB_SUCCESS, ret);
83
84         *state = test_ctx;
85         return 0;
86 }
87
88 static int teardown(void **state)
89 {
90         talloc_free(*state);
91         return 0;
92 }
93
94 static void escape_string(uint8_t *buf, size_t buflen,
95                           const uint8_t *s, size_t len)
96 {
97         size_t i;
98         size_t j = 0;
99         for (i = 0; i < len; i++) {
100                 if (j == buflen - 1) {
101                         goto fin;
102                 }
103                 if (s[i] >= 0x20) {
104                         buf[j] = s[i];
105                         j++;
106                 } else {
107                         if (j >= buflen - 4) {
108                                 goto fin;
109                         }
110                         /* utf-8 control char representation */
111                         buf[j] = 0xE2;
112                         buf[j + 1] = 0x90;
113                         buf[j + 2] = 0x80 + s[i];
114                         j+= 3;
115                 }
116         }
117 fin:
118         buf[j] = 0;
119 }
120
121
122 /*
123  * The wild card pattern "attribute=*" is parsed as an LDB_OP_PRESENT operation
124  * rather than a LDB_OP_????
125  *
126  * This test serves to document that behaviour, and to confirm that
127  * ldb_wildcard_compare handles this case appropriately.
128  */
129 static void test_wildcard_match_star(void **state)
130 {
131         struct ldbtest_ctx *ctx = *state;
132         bool matched = false;
133         int ret;
134
135         uint8_t value[] = "The value.......end";
136         struct ldb_val val = {
137                 .data   = value,
138                 .length = (sizeof(value))
139         };
140         struct ldb_parse_tree *tree = ldb_parse_tree(ctx, "a=*");
141         assert_non_null(tree);
142
143         ret = ldb_wildcard_compare(ctx->ldb, tree, val, &matched);
144         assert_false(matched);
145         assert_int_equal(LDB_ERR_INAPPROPRIATE_MATCHING, ret);
146 }
147
148 /*
149  * Test basic wild card matching
150  *
151  */
152 struct wildcard_test {
153         uint8_t *val;
154         size_t val_size;
155         const char *search;
156         bool should_match;
157         bool fold;
158 };
159
160 /*
161  * Q: Why this macro rather than plain struct values?
162  * A: So we can get the size of the const char[] value while it is still a
163  * true array, not a pointer.
164  *
165  * Q: but why not just use strlen?
166  * A: so values can contain '\0', which we supposedly allow.
167  */
168
169 #define TEST_ENTRY(val, search, should_match, fold)     \
170         {                                               \
171                 (uint8_t*)discard_const(val),           \
172                 sizeof(val) - 1,                        \
173                 search,                                 \
174                 should_match,                           \
175                 fold                                    \
176          }
177
178 static void test_wildcard_match(void **state)
179 {
180         struct ldbtest_ctx *ctx = *state;
181         size_t failed = 0;
182         size_t i;
183         struct wildcard_test tests[] = {
184                 TEST_ENTRY("                     1  0", "1*0*", true, true),
185                 TEST_ENTRY("                     1  0", "1 *0", true, true),
186                 TEST_ENTRY("The value.......end", "*end", true, true),
187                 TEST_ENTRY("The value.......end", "*fend", false, true),
188                 TEST_ENTRY("The value.......end", "*eel", false, true),
189                 TEST_ENTRY("The value.......end", "*d", true, true),
190                 TEST_ENTRY("The value.......end", "*D*", true, true),
191                 TEST_ENTRY("The value.......end", "*e*d*", true, true),
192                 TEST_ENTRY("end", "*e*d*", true, true),
193                 TEST_ENTRY("end", "  *e*d*", true, true),
194                 TEST_ENTRY("1.0.0.0.0.0.0.0aaaaaaaaaaaa", "*aaaaa", true, true),
195                 TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", true,  true),
196                 TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0aaaa", "*aaaaa", false, true),
197                 TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0", true, true),
198                 TEST_ENTRY("1.0.0.0.0.0.0.0.0.0.0", "*0.0.0", true, true),
199                 TEST_ENTRY("1.0.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true,
200                            true),
201                 TEST_ENTRY("1.0.0.0.0.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", false,
202                            true),
203                 TEST_ENTRY("1.0.0.0.000.0.0.0.0", "1*0*0*0*0*0*0*0*0*0", true,
204                            true),
205                 TEST_ENTRY("1\n0\r0\t000.0.0.0.0", "1*0*0*0*0*0*0*0*0", true,
206                            true),
207                 /*
208                  *  We allow NUL bytes and redundant spaces in non-casefolding
209                  *  syntaxes.
210                  */
211                 TEST_ENTRY("                  1  0", "*1  0", true, false),
212                 TEST_ENTRY("                  1  0", "*1  0", true, false),
213                 TEST_ENTRY("1    0", "*1 0", false, false),
214                 TEST_ENTRY("1\x00 x", "1*x", true, false),
215                 TEST_ENTRY("1\x00 x", "*x", true, false),
216                 TEST_ENTRY("1\x00 x", "*x*", true, false),
217                 TEST_ENTRY("1\x00 x", "* *", true, false),
218                 TEST_ENTRY("1\x00 x", "1*", true, false),
219                 TEST_ENTRY("1\x00 b* x", "1*b*", true, false),
220                 TEST_ENTRY("1.0..0.0.0.0.0.0.0aAaaaAAAAAAA", "*a", false,  false),
221         };
222
223         for (i = 0; i < ARRAY_SIZE(tests); i++) {
224                 bool matched;
225                 int ret;
226                 struct ldb_val val = {
227                         .data   = (uint8_t *)tests[i].val,
228                         .length = tests[i].val_size
229                 };
230                 const char *attr = tests[i].fold ? "objectclass" : "birthLocation";
231                 const char *s = talloc_asprintf(ctx, "%s=%s",
232                                                 attr, tests[i].search);
233                 struct ldb_parse_tree *tree = ldb_parse_tree(ctx, s);
234                 assert_non_null(tree);
235                 ret = ldb_wildcard_compare(ctx->ldb, tree, val, &matched);
236                 if (ret != LDB_SUCCESS) {
237                         uint8_t buf[100];
238                         escape_string(buf, sizeof(buf),
239                                       tests[i].val, tests[i].val_size);
240                         print_error("%zu val: «%s», search «%s» FAILED with %d\n",
241                                     i, buf, tests[i].search, ret);
242                         failed++;
243                 }
244                 if (matched != tests[i].should_match) {
245                         uint8_t buf[100];
246                         escape_string(buf, sizeof(buf),
247                                       tests[i].val, tests[i].val_size);
248                         print_error("%zu val: «%s», search «%s» should %s\n",
249                                     i, buf, tests[i].search,
250                                     matched ? "not match" : "match");
251                         failed++;
252                 }
253         }
254         if (failed != 0) {
255                 fail_msg("wrong results for %zu/%zu wildcard searches\n",
256                          failed, ARRAY_SIZE(tests));
257         }
258 }
259
260 #undef TEST_ENTRY
261
262
263 /*
264  * ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0'
265  * to the data, to make them safe to use the C string functions on.
266  *
267  * However testing for the trailing '\0' is not the correct way to test for
268  * the end of a value, the length should be checked instead.
269  */
270 static void test_wildcard_match_end_condition(void **state)
271 {
272         struct ldbtest_ctx *ctx = *state;
273         bool matched = false;
274
275         uint8_t value[] = "hellomynameisbobx";
276         struct ldb_val val = {
277                 .data   = talloc_memdup(NULL, value, sizeof(value)),
278                 .length = (sizeof(value) - 2)
279         };
280         struct ldb_parse_tree *tree = ldb_parse_tree(ctx, "a=*hello*mynameis*bob");
281         assert_non_null(tree);
282
283         ldb_wildcard_compare(ctx->ldb, tree, val, &matched);
284         assert_true(matched);
285 }
286
287 /*
288  * Note: to run under valgrind use:
289  *       valgrind \
290  *           --suppressions=lib/ldb/tests/ldb_match_test.valgrind \
291  *           bin/ldb_match_test
292  */
293 int main(int argc, const char **argv)
294 {
295         const struct CMUnitTest tests[] = {
296                 cmocka_unit_test_setup_teardown(
297                         test_wildcard_match_star,
298                         setup,
299                         teardown),
300                 cmocka_unit_test_setup_teardown(
301                         test_wildcard_match,
302                         setup,
303                         teardown),
304                 cmocka_unit_test_setup_teardown(
305                         test_wildcard_match_end_condition,
306                         setup,
307                         teardown),
308         };
309
310         return cmocka_run_group_tests(tests, NULL, NULL);
311 }