hostapd/tests
Davide Caratti 0c2d8417c6 dbus: Fix memory leak in case dbus provides tlv in P2P UPnP SD request
Using D-Bus it is possible to trigger a valid UPnP SD request where
"tlv" is specified: in this case "tlv" is allocated, and then not used
nor freed. Valgrind complains as follows:

 72 bytes in 2 blocks are definitely lost in loss record 46 of 68
    at 0x484C214: calloc (vg_replace_malloc.c:1675)
    by 0x41C673: wpabuf_alloc (wpabuf.c:124)
    by 0x41C673: wpabuf_alloc_copy (wpabuf.c:162)
    by 0x54F8B5: wpas_dbus_handler_p2p_service_sd_req (dbus_new_handlers_p2p.c:2928)
    by 0x53B9A2: msg_method_handler (dbus_new_helpers.c:356)
    by 0x53B9A2: message_handler (dbus_new_helpers.c:412)
    by 0x4EAB4B8: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.19.13)
    by 0x5495DF: dispatch_data (dbus_common.c:37)
    by 0x5495DF: process_watch (dbus_common.c:73)
    by 0x5495DF: process_watch_read (dbus_common.c:89)
    by 0x41EE8E: eloop_sock_table_dispatch.part.0 (eloop.c:603)
    by 0x41FA46: eloop_sock_table_dispatch (eloop.c:597)
    by 0x41FA46: eloop_run (eloop.c:1233)
    by 0x56A3CE: wpa_supplicant_run (wpa_supplicant.c:8074)
    by 0x40DB06: main (main.c:393)

Fix it ensuring that "tlv" is freed, both in the error and non-error
path of wpas_dbus_handler_p2p_service_sd_req(). Also, add a test case in
test_dbus.py to verify correct behavior.

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2024-07-11 18:37:14 +03:00
..
build Disable _FORTIFY_SOURCE when building with -O0 2024-01-13 20:07:04 +02:00
fuzzing AP MLD: Require same AKM and pairwise cipher for all links 2024-04-20 18:31:11 +03:00
hwsim dbus: Fix memory leak in case dbus provides tlv in P2P UPnP SD request 2024-07-11 18:37:14 +03:00
remote tests: Replace deprecated thread isAlive function 2021-02-20 00:16:33 +02:00
.gitignore tests: Rewrite .gitignore file 2020-10-10 12:54:30 +03:00
cipher-and-key-mgmt-testing.txt Fix the notes on EAPOL-Key testing procedures 2017-10-20 20:32:36 +03:00
Makefile tests: Add a unit test for RNR/basic ML element parsing 2023-12-02 19:02:02 +02:00
README tests: New style fuzzing tool for wpa_supplicant WNM handling 2019-06-02 13:00:36 +03:00
test-aes.c tests: Move AES key wrap/unwrap test cases into hwsim framework 2015-01-05 16:35:59 +02:00
test-base64.c tests: Silence compiler warnings from test-base64 2020-10-12 21:41:47 +03:00
test-bss.c BSS: Switch struct wpa_bss to use valid_links bitmask 2024-03-02 12:24:15 +02:00
test-https.c Declare wpa_debug_* variables in src/utils/wpa_debug.h 2013-12-31 19:29:52 +02:00
test-https_server.c tests: Add a simple HTTPS server for TLS testing 2019-02-10 01:55:39 +02:00
test-list.c Remove the GPL notification from files contributed by Jouni Malinen 2012-02-11 19:39:36 +02:00
test-md4.c Use ARRAY_SIZE() macro 2013-10-26 17:49:05 +03:00
test-milenage.c Declare wpa_debug_* variables in src/utils/wpa_debug.h 2013-12-31 19:29:52 +02:00
test-rc4.c Use ARRAY_SIZE() macro 2013-10-26 17:49:05 +03:00
test-rsa-sig-ver.c tests: Allow test-rsa-sig-ver data files to be set on command line 2021-03-12 23:24:29 +02:00
test-sha1.c tests: Move SHA1 test cases into hwsim framework 2015-01-05 17:29:00 +02:00
test-sha256.c tests: Move SHA256 test cases into hwsim framework 2015-01-05 17:34:20 +02:00
test-x509v3.c tests: Enable dumping of key information in test-x509v3 2020-04-05 20:12:59 +03:00
test_x509v3_nist.sh Move test_x509v3 into the new tests subdirectory 2009-12-06 18:10:52 +02:00
test_x509v3_nist2.sh tests: Add 4.16.1 and 4.16.2 from NIST PKITS 2014-05-10 13:13:20 +03:00

hostap.git test tools
---------------------

The tests directory with its subdirectories contain number of tools used
for testing wpa_supplicant and hostapd implementations.

hwsim directory contains the test setup for full system testing of
wpa_supplicant and hostapd with a simulated radio (mac80211_hwsim). See
hwsim/READM and hwsim/vm/README for more details.


Build testing
-------------

wpa_supplicant and hostapd support number of build option
combinations. The test scripts in the build subdirectory can be used to
verify that various combinations do not break the builds. More
configuration examples can be added there
(build-{hostapd,wpa_supplicant}-*.config) to get them included in test
builds.

# Example
cd build
./run-build-tests.h


Fuzz testing
------------

Newer fuzz testing tools are under the fuzzing directory. See
fuzzing/README for more details on them. The following text describes
the older fuzz testing tools that are subject to removal once the same
newer tools have the same coverage available.

Number of the test tools here can be used for fuzz testing with tools
like American fuzzy lop (afl-fuzz) that are designed to modify an
external file for program input. ap-mgmt-fuzzer, eapol-fuzzer,
test-eapol, test-json, test-tls, and test-x509 are examples of such
tools that expose hostap.git module functionality with input from a file
specified on the command line.

Here are some examples of how fuzzing can be performed:

##### JSON parser
make clean
CC=afl-gcc make test-json
mkdir json-examples
cat > json-examples/1.json <<EOF
{"a":[[]],"b":1,"c":"q","d":{"e":[{}]}}
EOF
afl-fuzz -i json-examples -o json-findings -- $PWD/test-json @@

Alternatively, using libFuzzer from LLVM:
make clean
make test-json LIBFUZZER=y
mkdir json-examples
cat > json-examples/1.json <<EOF
{"a":[[]],"b":1,"c":"q","d":{"e":[{}]}}
EOF
./test-json json-examples

##### EAPOL-Key Supplicant
make clean
CC=afl-gcc make test-eapol TEST_FUZZ=y
mkdir eapol-auth-examples
./test-eapol auth write eapol-auth-examples/auth.msg
afl-fuzz -i eapol-auth-examples -o eapol-auth-findings -- $PWD/test-eapol auth read @@

##### EAPOL-Key Authenticator
make clean
CC=afl-gcc make test-eapol TEST_FUZZ=y
mkdir eapol-supp-examples
./test-eapol supp write eapol-supp-examples/supp.msg
afl-fuzz -i eapol-supp-examples -o eapol-supp-findings -- $PWD/test-eapol supp read @@

##### TLS client
make clean
CC=afl-gcc make test-tls TEST_FUZZ=y
mkdir tls-server-examples
./test-tls server write tls-server-examples/server.msg
afl-fuzz -i tls-server-examples -o tls-server-findings -- $PWD/test-tls server read @@

##### TLS server
make clean
CC=afl-gcc make test-tls TEST_FUZZ=y
mkdir tls-client-examples
./test-tls client write tls-client-examples/client.msg
afl-fuzz -i tls-client-examples -o tls-client-findings -- $PWD/test-tls client read @@

##### AP management frame processing
cd ap-mgmt-fuzzer
make clean
CC=afl-gcc make
mkdir multi-examples
cp multi.dat multi-examples
afl-fuzz -i multi-examples -o multi-findings -- $PWD/ap-mgmt-fuzzer -m @@

##### EAPOL-Key Supplicant (separate)
cd eapol-fuzzer
make clean
CC=afl-gcc make
mkdir eapol-examples
cp *.dat eapol-examples
afl-fuzz -i eapol-examples -o eapol-findings -- $PWD/eapol-fuzzer @@

##### P2P
cd p2p-fuzzer
make clean
CC=afl-gcc make
mkdir p2p-proberesp-examples
cp proberesp*.dat p2p-proberesp-examples
afl-fuzz -i p2p-proberesp-examples -o p2p-proberesp-findings -- $PWD/p2p-fuzzer proberesp @@
mkdir p2p-action-examples
cp go*.dat inv*.dat p2ps*.dat p2p-action-examples
afl-fuzz -i p2p-action-examples -o p2p-action-findings -- $PWD/p2p-fuzzer action @@

##### WNM
cd wnm-fuzzer
make clean
CC=afl-gcc make
mkdir wnm-examples
cp *.dat wnm-examples
afl-fuzz -i wnm-examples -o wnm-findings -- $PWD/wnm-fuzzer @@