[tor-commits] [tor/master] Fix unit test failures in response to DNS hijacking.
nickm at torproject.org
nickm at torproject.org
Wed Jan 4 14:04:26 UTC 2017
commit c4a6b56cc19878de4c76e83ce8e38ad709839d92
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue Jan 3 10:11:23 2017 -0500
Fix unit test failures in response to DNS hijacking.
Some DNS NXDOMAIN hijackers hijack truly ridiculous domains, like
"invalid-stuff!!" or "1.2.3.4.5". This would provoke unit test
failures where we used addresses like that to force
tor_addr_lookup() to fail. The fix, for testing, is to mock
tor_addr_lookup() with a variant that always fails when it gets
a name with a !.
Fixes bugs 20862 and 20863.
---
changes/bug20862 | 6 ++++++
src/test/test_config.c | 4 ++++
src/test/test_controller.c | 5 ++++-
src/test/test_helpers.c | 15 +++++++++++++++
src/test/test_helpers.h | 3 +++
src/test/test_options.c | 11 +++++++++--
6 files changed, 41 insertions(+), 3 deletions(-)
diff --git a/changes/bug20862 b/changes/bug20862
new file mode 100644
index 0000000..fba98c8
--- /dev/null
+++ b/changes/bug20862
@@ -0,0 +1,6 @@
+ o Minor bugfixes (unit tests):
+ - Allow the unit tests to pass even when DNS lookups of bogus
+ addresses do not fail as expected. Fixes bug 20862 and 20863;
+ bugfix on unit tests introduced in 0.2.8.1-alpha through
+ 0.2.9.4-alpha.
+
diff --git a/src/test/test_config.c b/src/test/test_config.c
index a540bcc..eeda34e 100644
--- a/src/test/test_config.c
+++ b/src/test/test_config.c
@@ -46,6 +46,8 @@
#include "transports.h"
#include "util.h"
+#include "test_helpers.h"
+
static void
test_config_addressmap(void *arg)
{
@@ -4701,8 +4703,10 @@ test_config_parse_port_config__ports__ports_given(void *data)
// Test failure when asked to parse an invalid address followed by auto
config_free_lines(config_port_invalid); config_port_invalid = NULL;
config_port_invalid = mock_config_line("DNSPort", "invalidstuff!!:auto");
+ MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs);
ret = parse_port_config(NULL, config_port_invalid, NULL, "DNS", 0,
"127.0.0.46", 0, 0);
+ UNMOCK(tor_addr_lookup);
tt_int_op(ret, OP_EQ, -1);
// Test success with parsing both an address and a real port
diff --git a/src/test/test_controller.c b/src/test/test_controller.c
index 4e65d76..d9c0a1e 100644
--- a/src/test/test_controller.c
+++ b/src/test/test_controller.c
@@ -10,6 +10,7 @@
#include "rendservice.h"
#include "routerlist.h"
#include "test.h"
+#include "test_helpers.h"
static void
test_add_onion_helper_keyarg(void *arg)
@@ -186,8 +187,10 @@ test_rend_service_parse_port_config(void *arg)
tor_free(err_msg);
/* bogus IP address */
- cfg = rend_service_parse_port_config("100 1.2.3.4.5:9000",
+ MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs);
+ cfg = rend_service_parse_port_config("100 foo!!.example.com:9000",
" ", &err_msg);
+ UNMOCK(tor_addr_lookup);
tt_assert(!cfg);
tt_str_op(err_msg, OP_EQ, "Unparseable address in hidden service port "
"configuration.");
diff --git a/src/test/test_helpers.c b/src/test/test_helpers.c
index 132af39..5b84366 100644
--- a/src/test/test_helpers.c
+++ b/src/test/test_helpers.c
@@ -128,3 +128,18 @@ dummy_origin_circuit_new(int n_cells)
return TO_CIRCUIT(circ);
}
+/** Mock-replacement. As tor_addr_lookup, but always fails on any
+ * address containing a !. This is necessary for running the unit tests
+ * on networks where DNS hijackers think it's helpful to give answers
+ * for things like 1.2.3.4.5 or "invalidstuff!!"
+ */
+int
+mock_tor_addr_lookup__fail_on_bad_addrs(const char *name,
+ uint16_t family, tor_addr_t *out)
+{
+ if (name && strchr(name, '!')) {
+ return -1;
+ }
+ return tor_addr_lookup__real(name, family, out);
+}
+
diff --git a/src/test/test_helpers.h b/src/test/test_helpers.h
index ba93b10..c6d4d9c 100644
--- a/src/test/test_helpers.h
+++ b/src/test/test_helpers.h
@@ -17,6 +17,9 @@ void helper_setup_fake_routerlist(void);
void connection_write_to_buf_mock(const char *string, size_t len,
connection_t *conn, int zlib);
+int mock_tor_addr_lookup__fail_on_bad_addrs(const char *name,
+ uint16_t family, tor_addr_t *out);
+
extern const char TEST_DESCRIPTORS[];
#endif
diff --git a/src/test/test_options.c b/src/test/test_options.c
index e85e118..3fe0dc3 100644
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@ -18,6 +18,7 @@
#include "sandbox.h"
#include "memarea.h"
#include "policies.h"
+#include "test_helpers.h"
#define NS_MODULE test_options
@@ -648,18 +649,21 @@ test_options_validate__authdir(void *ignored)
int ret;
char *msg;
setup_capture_of_logs(LOG_INFO);
+ // XXXX But it _can_ exist, if you're DNS-hijacked.
options_test_data_t *tdata = get_options_test_data(
"AuthoritativeDirectory 1\n"
- "Address this.should.not_exist.example.org");
+ "Address this.should.not!exist!.example.org");
sandbox_disable_getaddrinfo_cache();
+ MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs);
ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
+ UNMOCK(tor_addr_lookup);
tt_int_op(ret, OP_EQ, -1);
tt_str_op(msg, OP_EQ, "Failed to resolve/guess local address. See logs for"
" details.");
expect_log_msg("Could not resolve local Address "
- "'this.should.not_exist.example.org'. Failing.\n");
+ "'this.should.not!exist!.example.org'. Failing.\n");
tor_free(msg);
free_options_test_data(tdata);
@@ -3037,6 +3041,7 @@ test_options_validate__proxy(void *ignored)
options_test_data_t *tdata = NULL;
sandbox_disable_getaddrinfo_cache();
setup_capture_of_logs(LOG_WARN);
+ MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs);
free_options_test_data(tdata);
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
@@ -3057,6 +3062,7 @@ test_options_validate__proxy(void *ignored)
tor_free(msg);
free_options_test_data(tdata);
+
tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
"HttpProxy not_so_valid!\n"
);
@@ -3357,6 +3363,7 @@ test_options_validate__proxy(void *ignored)
policies_free_all();
// sandbox_free_getaddrinfo_cache();
tor_free(msg);
+ UNMOCK(tor_addr_lookup);
}
static void
More information about the tor-commits
mailing list