==24642==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe00450850 at pc 0x7f2043eef5e3 bp 0x7ffe00450660 sp 0x7ffe0044fdf0
WRITE of size 3 at 0x7ffe00450850 thread T0
#0 0x7f2043eef5e2 in __interceptor_vsprintf /var/tmp/portage/sys-devel/gcc-8.2.0-r2/work/gcc-8.2.0/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1522
#1 0x7f2043eef956 in __interceptor_sprintf /var/tmp/portage/sys-devel/gcc-8.2.0-r2/work/gcc-8.2.0/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:1553
#2 0x4026f1 in prf_test unit/test-prf-sha1.c:64
#3 0x407478 in l_test_run ell/test.c:83
#4 0x4029e3 in main unit/test-prf-sha1.c:130
#5 0x7f2042dd9ed9 in __libc_start_main (/lib64/libc.so.6+0x20ed9)
#6 0x401f79 in _start (/home/denkenz/iwd-master/unit/test-prf-sha1+0x401f79)
Now that the peer element is validated we must send valid point data.
This should have been done in the beginning anyways, but since the
point data was not previously validated this test still passed.
Since this particular unit test is really testing timeouts we can just
use the commit buffer for other tests since it contains a valid scalar
and point.
Using the gcc wrap feature, l_getrandom was redefined to use a known
good, hardcoded random value. The two other tests were also disabled
if l_getrandom is not supported since these do require randomness
for proper testing.
Single AVP should not be padded with zeros as padding is only
used to separate AVPs in a sequence.
RFC 5281 Section 10.2. AVP Sequences
Data encapsulated within the TLS record layer must consist entirely
of a sequence of zero or more AVPs. Each AVP must begin on a four-
octet boundary relative to the first AVP in the sequence. If an AVP
is not a multiple of four octets, it must be padded with zeros to the
next four-octet boundary.
Note that the AVP Length does not include the padding.
Some compilers complained that:
../unit/test-ecc.c: In function ‘run_test’:
../unit/test-ecc.c:295:38: warning: ‘lres’ may be used uninitialized in
this function [-Wmaybe-uninitialized]
assert(data->lres == lres);
^
Since aes_wrap & aes_unwrap advertise support for overlapped in/out
buffers, make sure that the unit test actually tests this as well.
valgrind will complain if the memory is overlapped and memcpy is used
instead of memmove.