From f73e3ddc7bb778efb1c562633f9779bf027117d4 Mon Sep 17 00:00:00 2001
From: Philipp Gesang <phg@phi-gamma.net>
Date: Tue, 30 Oct 2018 01:13:44 +0100
Subject: sid: catch more boundary violations

---
 sid_test.ml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'sid_test.ml')

diff --git a/sid_test.ml b/sid_test.ml
index 61e5366..f9e3688 100644
--- a/sid_test.ml
+++ b/sid_test.ml
@@ -1,5 +1,8 @@
 open OUnit
 
+module U64 = Stdint.Uint64
+module U32 = Stdint.Uint32
+
 (*
 let () = Printexc.record_backtrace true ;;
  *)
@@ -76,6 +79,32 @@ let sf_parse_trailing_ok () =
   let s = unwrap_of_string "S-1-0-0-" in
   assert_equal (Sid.to_string s) "S-1-0-0"
 
+let sf_parse_maxint_ok () =
+  let s = unwrap_of_string
+      (Printf.sprintf "S-1-281474976710655-%s-%s"
+         (U32.to_string U32.max_int)
+         (U32.to_string U32.max_int))
+  in
+  assert_equal (Sid.to_string s) "S-1-281474976710655-4294967295-4294967295"
+
+let sf_parse_oobia_fail () =
+  match Sid.of_string
+          (Printf.sprintf "S-1-%s-42" (U64.to_string U64.max_int))
+  with
+    | Ok _ -> assert_failure "unexpectedly parsed the out of bounds subauth"
+    | Error e ->
+      assert_equal e "Invalid SID: identifier authority cannot fit 6 B \
+                      (281474976710655)"
+
+let sf_parse_oobsa_fail () =
+  match Sid.of_string
+          (Printf.sprintf "S-1-42-%s" (U64.to_string U64.max_int))
+  with
+    | Ok _ -> assert_failure "unexpectedly parsed the out of bounds subauth"
+    | Error e ->
+      assert_equal e "Invalid SID: error parsing subauth at position 7, \
+                      (err: Uint32.of_string)"
+
 let sf_parse_long_ok () =
   let s = unwrap_of_string "S-1-1-0-1-2-3-4-5-6-7-8-9-10-11-12-13-14"
   and l = max_sid in
@@ -279,6 +308,9 @@ let string_format_test = "string-format-syntax" >:::
   ; "parse-junk-fail"       >:: sf_parse_junk_fail
   ; "parse-ia-junk-fail"    >:: sf_parse_ia_junk_fail
   ; "parse-trailing-ok"     >:: sf_parse_trailing_ok
+  ; "parse-maxint-ok"       >:: sf_parse_maxint_ok
+  ; "parse-oobia-fail"      >:: sf_parse_oobia_fail
+  ; "parse-oobsa-fail"      >:: sf_parse_oobsa_fail
   ; "parse-long-ok"         >:: sf_parse_long_ok
   ; "parse-too-long-ok"     >:: sf_parse_too_long_ok
   ]
-- 
cgit v1.2.3