Path: blob/master/test/jdk/javax/net/ssl/TLSCommon/BufferOverflowUnderflowTest.java
41152 views
/*1* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223import java.nio.ByteBuffer;24import javax.net.ssl.SSLContext;25import javax.net.ssl.SSLEngine;26import javax.net.ssl.SSLEngineResult;27import javax.net.ssl.SSLException;2829/**30* Testing SSLEngine incorrect app data packages unwrapping.31*/32public class BufferOverflowUnderflowTest extends SSLEngineTestCase {3334private final String MESSAGE = "Hello peer!";3536public static void main(String[] args) {37BufferOverflowUnderflowTest test = new BufferOverflowUnderflowTest();38setUpAndStartKDCIfNeeded();39test.runTests();40}4142@Override43protected void testOneCipher(String cipher) throws SSLException {44SSLContext context = getContext();45int maxPacketSize = getMaxPacketSize();46boolean useSNI = !TEST_MODE.equals("norm");47SSLEngine clientEngine = getClientSSLEngine(context, useSNI);48SSLEngine serverEngine = getServerSSLEngine(context, useSNI);49clientEngine.setEnabledCipherSuites(new String[]{cipher});50serverEngine.setEnabledCipherSuites(new String[]{cipher});51serverEngine.setNeedClientAuth(!cipher.contains("anon"));52doHandshake(clientEngine, serverEngine, maxPacketSize,53HandshakeMode.INITIAL_HANDSHAKE);54checkBufferOverflowOnWrap(clientEngine);55checkBufferOverflowOnWrap(serverEngine);56checkBufferOverflowOnUnWrap(clientEngine, serverEngine);57checkBufferOverflowOnUnWrap(serverEngine, clientEngine);58checkBufferUnderflowOnUnWrap(serverEngine, clientEngine);59checkBufferUnderflowOnUnWrap(clientEngine, serverEngine);60}6162private void checkBufferOverflowOnWrap(SSLEngine engine)63throws SSLException {64String mode = engine.getUseClientMode() ? "client"65: "server";66System.out.println("================================================="67+ "===========");68System.out.println("Testing SSLEngine buffer overflow"69+ " on wrap by " + mode);70ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes());71//Making net buffer size less than required by 1 byte.72ByteBuffer net = ByteBuffer73.allocate(engine.getSession().getPacketBufferSize() - 1);74SSLEngineResult r = engine.wrap(app, net);75checkResult(r, SSLEngineResult.Status.BUFFER_OVERFLOW);76System.out.println("Passed");77}7879private void checkBufferOverflowOnUnWrap(SSLEngine wrappingEngine,80SSLEngine unwrappingEngine)81throws SSLException {82String wrapperMode = wrappingEngine.getUseClientMode() ? "client"83: "server";84String unwrapperMode = unwrappingEngine.getUseClientMode() ? "client"85: "server";86if (wrapperMode.equals(unwrapperMode)) {87throw new Error("Test error: both engines are in the same mode!");88}89System.out.println("================================================="90+ "===========");91System.out.println("Testing SSLEngine buffer overflow"92+ " on unwrap by " + unwrapperMode);93ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes());94ByteBuffer net = ByteBuffer95.allocate(wrappingEngine.getSession().getPacketBufferSize());96SSLEngineResult r = wrappingEngine.wrap(app, net);97checkResult(r, SSLEngineResult.Status.OK);98//Making app buffer size less than required by 1 byte.99app = ByteBuffer.allocate(MESSAGE.length() - 1);100net.flip();101r = unwrappingEngine.unwrap(net, app);102checkResult(r, SSLEngineResult.Status.BUFFER_OVERFLOW);103System.out.println("Passed");104}105106private void checkBufferUnderflowOnUnWrap(SSLEngine wrappingEngine,107SSLEngine unwrappingEngine)108throws SSLException {109String wrapperMode = wrappingEngine.getUseClientMode() ? "client"110: "server";111String unwrapperMode = unwrappingEngine.getUseClientMode() ? "client"112: "server";113if (wrapperMode.equals(unwrapperMode)) {114throw new Error("Test error: both engines are in the same mode!");115}116System.out.println("================================================="117+ "===========");118System.out.println("Testing SSLEngine buffer underflow"119+ " on unwrap by " + unwrapperMode);120ByteBuffer app = ByteBuffer.wrap(MESSAGE.getBytes());121ByteBuffer net = ByteBuffer122.allocate(wrappingEngine.getSession().getPacketBufferSize());123SSLEngineResult r = wrappingEngine.wrap(app, net);124checkResult(r, SSLEngineResult.Status.OK);125app = ByteBuffer.allocate(unwrappingEngine.getSession()126.getApplicationBufferSize());127net.flip();128//Making net buffer size less than size of dtls message.129net.limit(net.limit() - 1);130r = unwrappingEngine.unwrap(net, app);131checkResult(r, SSLEngineResult.Status.BUFFER_UNDERFLOW);132System.out.println("Passed");133}134}135136137