From ec08b71fb47b82402f0fbb8859a2445519f79615 Mon Sep 17 00:00:00 2001 From: Philipp Gesang Date: Tue, 6 Nov 2018 21:34:30 +0100 Subject: sid: sid_test: validate identifier authority on create() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reject ia’s greater than six bytes can encompass. --- sid.ml | 1 + sid.mli | 5 +++-- sid_test.ml | 20 ++++++++++++++++++-- 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/sid.ml b/sid.ml index 0d5c89b..2cced76 100644 --- a/sid.ml +++ b/sid.ml @@ -22,6 +22,7 @@ let create_unsafe sa ia = the number of subauths. *) let create ?(sa=[||]) ia = if Array.length sa > max_subauth_count then None else + if U64.compare ia max_ident_auth > 0 then None else Some (create_unsafe sa ia) let get_ident_auth s = s.sid_ident_auth diff --git a/sid.mli b/sid.mli index 0a9fbd8..8c3a5fa 100644 --- a/sid.mli +++ b/sid.mli @@ -6,7 +6,8 @@ type sub_auths = Stdint.Uint32.t array val create : ?sa:Stdint.Uint32.t array -> Stdint.Uint64.t -> t option (** [create sas ia] constructs a SID with the identifier authority [ia] and, optionally, the subauthorities [sas]. The operation will return - [None] if [sa] contains more than fifteen subauthorities. *) + [None] if [sa] contains more than fifteen subauthorities, or if [ia] + exceeds 48 bits. *) val create_unsafe : Stdint.Uint32.t array -> Stdint.Uint64.t -> t (** [create_unsafe sas ia] constructs a SID with the identifier authority [ia] @@ -60,7 +61,7 @@ module PacketRep : to channel [oc] with endianness [endian]. *) end -(** Pre-defined SID constansts and constructors with fixed identifier +(** Pre-defined SID constants and constructors with fixed identifier authority (MS-DTYP 2.4.2.4). *) module WellKnown : sig diff --git a/sid_test.ml b/sid_test.ml index 97af2a3..9b61b40 100644 --- a/sid_test.ml +++ b/sid_test.ml @@ -31,12 +31,21 @@ let create_ok () = (Printf.sprintf "[%s] ≠ [%s]" (Sid.to_string s) (Sid.to_string w)) (Sid.equal s w) -let create_fail () = +let create_etoomany_fail () = let sas = Array.make 16 U32.one in match Sid.create ~sa:sas U64.zero with | None -> () | Some s -> assert_failure ("Sid.create succeeded on invalid sa array") +let max_ident_auth = U64.of_string "0x0000_ffff_ffff_ffff" + +let create_iatoobig_fail () = + let sas = Array.make 2 U32.one in + let ia = U64.add max_ident_auth U64.one in + match Sid.create ~sa:sas ia with + | None -> () + | Some s -> assert_failure ("Sid.create succeeded on invalid ident auth") + let unwrap_of_string s = match Sid.of_string s with | Error e -> @@ -345,7 +354,14 @@ let packet_rep_test = "packet-rep" >::: ; "decode-odd-fail" >:: pr_decode_odd_fail ] +let toplevel_test = "toplevel" >::: + [ "create-ok" >:: create_ok + ; "create-etoomany-fail" >:: create_etoomany_fail + ; "create-iatoobig-fail" >:: create_iatoobig_fail + ] + let () = ignore (run_test_tt_main string_format_test); - ignore (run_test_tt_main packet_rep_test ) + ignore (run_test_tt_main packet_rep_test ); + ignore (run_test_tt_main toplevel_test ) -- cgit v1.2.3