Mbed-TLS/mbedtls-framework
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls-framework.git synced 2026-06-05 21:15:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix exact-size check on failure in the child

Browse Source 
When reading data from the child, if the child reports a failure, the parent
expects the child to write an `mbedtls_test_info_t` structure, no less, no
more. To achieve this, we try reading at least one byte more, and check that
we couldn't read more than the expected size. This commit fixes two bugs:

* On success, don't require the child to fill the output buffer. This check
  was only intended for the failure case, but was accidentally put in the
  wrong place.
* On failure, we weren't checking that the child had written at least the
  expected size, which could have been worse (we'd end up with a
  child_test_info structure that's only partially initialized).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
2026-03-16 15:16:35 +01:00
parent 0384a5929a
commit 96c9dca216
1 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/src/fork_helpers.c
+9 -9
View File
@@ -117,7 +117,10 @@ int mbedtls_test_fork_run_child(
pipe_fd[1] = -1;
unsigned char result_char;
struct {
mbedtls_test_info_t child_test_info;
unsigned char excess;
} reading_on_failure;
/* Normally, the child should give us a 1-byte result, then either
* the child body's output or a test info. */
ssize_t n = read(pipe_fd[0], &result_char, 1);
@@ -139,18 +142,15 @@ int mbedtls_test_fork_run_child(
} else {
do {
n = read(pipe_fd[0],
(unsigned char *) &child_test_info + offset,
sizeof(child_test_info) - offset);
(unsigned char *) &reading_on_failure + offset,
sizeof(reading_on_failure) - offset);
if (n > 0) {
offset += n;
}
} while (n > 0 && offset < sizeof(child_test_info));
} while (n > 0 && offset < sizeof(reading_on_failure));
TEST_ASSERT_ERRNO(n != -1);
}
/* Check that the child didn't write more than it should. */
if (n > 0) {
unsigned char excess;
TEST_EQUAL(read(pipe_fd[0], &excess, 1), 0);
/* Check that the child wrote the amount of data that what we expect. */
TEST_EQUAL(offset, sizeof(reading_on_failure.child_test_info));
}
/* Close the pipe. If we left it open, there could be a deadlock if the
@@ -166,7 +166,7 @@ int mbedtls_test_fork_run_child(
*child_output_length = n;
ret = 0;
} else {
mbedtls_test_info_overwrite(&child_test_info);
mbedtls_test_info_overwrite(&reading_on_failure.child_test_info);
}
} else {
/* Weird status, just report it. */