* grub-core/tests/legacy_password_test.c: New test.

* grub-core/commands/legacycfg.c: Remove variable length arrays.
2013-11-12 02:38:33 +01:00 · 2013-11-12 02:38:33 +01:00 · 15decd26cc
commit 15decd26cc
parent 9c6482b8d6
6 changed files with 114 additions and 16 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2013-11-12  Vladimir Serbinenko  <phcoder@gmail.com>
+
+	* grub-core/tests/legacy_password_test.c: New test.
+	* grub-core/commands/legacycfg.c: Remove variable length arrays.
+
 2013-11-12  Vladimir Serbinenko  <phcoder@gmail.com>

 	* grub-core/lib/pbkdf2.c: Remove variable length arrays.
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@ -1921,6 +1921,11 @@ module = {
  common = tests/pbkdf2_test.c;
 };

+module = {
+  name = legacy_password_test;
+  common = tests/legacy_password_test.c;
+};
+
 module = {
  name = div_test;
  common = tests/div_test.c;
--- a/grub-core/commands/legacycfg.c
+++ b/grub-core/commands/legacycfg.c
@ -553,8 +553,13 @@ check_password_md5_real (const char *entered,
  grub_size_t enteredlen = grub_strlen (entered);
  unsigned char alt_result[MD5_HASHLEN];
  unsigned char *digest;
-  grub_uint8_t ctx[GRUB_MD_MD5->contextsize];
+  grub_uint8_t *ctx;
  grub_size_t i;
+  int ret;
+
+  ctx = grub_zalloc (GRUB_MD_MD5->contextsize);
+  if (!ctx)
+    return 0;

  GRUB_MD_MD5->init (ctx);
  GRUB_MD_MD5->write (ctx, entered, enteredlen);
@ -600,7 +605,9 @@ check_password_md5_real (const char *entered,
      GRUB_MD_MD5->final (ctx);
    }

-  return (grub_crypto_memcmp (digest, pw->hash, MD5_HASHLEN) == 0);
+  ret = (grub_crypto_memcmp (digest, pw->hash, MD5_HASHLEN) == 0);
+  grub_free (ctx);
+  return ret;
 }

 static grub_err_t
@ -723,18 +730,11 @@ grub_cmd_legacy_password (struct grub_command *mycmd __attribute__ ((unused)),
 					      NULL);
 }

-static grub_err_t
-grub_cmd_legacy_check_password (struct grub_command *mycmd __attribute__ ((unused)),
-				int argc, char **args)
+int
+grub_legacy_check_md5_password (int argc, char **args,
+				char *entered)
 {
  struct legacy_md5_password *pw = NULL;
-  char entered[GRUB_AUTH_MAX_PASSLEN];
-
-  if (argc == 0)
-    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
-  grub_puts_ (N_("Enter password: "));
-  if (!grub_password_get (entered, GRUB_AUTH_MAX_PASSLEN))
-    return GRUB_ACCESS_DENIED;

  if (args[0][0] != '-' || args[0][1] != '-')
    {
@ -743,17 +743,31 @@ grub_cmd_legacy_check_password (struct grub_command *mycmd __attribute__ ((unuse
      grub_memset (correct, 0, sizeof (correct));
      grub_strncpy (correct, args[0], sizeof (correct));

-      if (grub_crypto_memcmp (entered, correct, GRUB_AUTH_MAX_PASSLEN) != 0)
-	return GRUB_ACCESS_DENIED;
-      return GRUB_ERR_NONE;
+      return grub_crypto_memcmp (entered, correct, GRUB_AUTH_MAX_PASSLEN) == 0;
    }

  pw = parse_legacy_md5 (argc, args);

  if (!pw)
+    return 0;
+
+  return check_password_md5_real (entered, pw);
+}
+
+static grub_err_t
+grub_cmd_legacy_check_password (struct grub_command *mycmd __attribute__ ((unused)),
+				int argc, char **args)
+{
+  char entered[GRUB_AUTH_MAX_PASSLEN];
+
+  if (argc == 0)
+    return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
+  grub_puts_ (N_("Enter password: "));
+  if (!grub_password_get (entered, GRUB_AUTH_MAX_PASSLEN))
    return GRUB_ACCESS_DENIED;

-  if (!check_password_md5_real (entered, pw))
+  if (!grub_legacy_check_md5_password (argc, args,
+				       entered))
    return GRUB_ACCESS_DENIED;

  return GRUB_ERR_NONE;
--- a/grub-core/tests/legacy_password_test.c
+++ b/grub-core/tests/legacy_password_test.c
@ -0,0 +1,68 @@
+/*
+ *  GRUB  --  GRand Unified Bootloader
+ *  Copyright (C) 2013 Free Software Foundation, Inc.
+ *
+ *  GRUB is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  GRUB is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/test.h>
+#include <grub/dl.h>
+#include <grub/misc.h>
+#include <grub/crypto.h>
+#include <grub/legacy_parse.h>
+#include <grub/auth.h>
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+struct
+{
+  char **args;
+  int argc;
+  char entered[GRUB_AUTH_MAX_PASSLEN];
+  int exp;
+} vectors[] = {
+  { (char * []) { (char *) "hello", NULL }, 1, "hello", 1 },
+  { (char * []) { (char *) "hello", NULL }, 1, "hi", 0 },
+  { (char * []) { (char *) "hello", NULL }, 1, "hillo", 0 },
+  { (char * []) { (char *) "hello", NULL }, 1, "hellw", 0 },
+  { (char * []) { (char *) "hello", NULL }, 1, "hell", 0 },
+  { (char * []) { (char *) "hello", NULL }, 1, "h", 0 },
+  { (char * []) { (char *) "--md5", (char *) "$1$maL$OKEF0PD2k6eQ0Po8u4Gjr/",
+		  NULL }, 2, "hello", 1 },
+  { (char * []) { (char *) "--md5", (char *) "$1$maL$OKEF0PD2k6eQ0Po8u4Gjr/",
+		  NULL }, 2, "hell", 0 },
+  { (char * []) { (char *) "--md5", (char *) "$1$naL$BaFO8zGgmss1E76GsrAec1",
+		  NULL }, 2, "hello", 1 },
+  { (char * []) { (char *) "--md5", (char *) "$1$naL$BaFO8zGgmss1E76GsrAec1",
+		  NULL }, 2, "hell", 0 },
+  { (char * []) { (char *) "--md5", (char *) "$1$oaL$eyrazuM7TkxVkKgBim1WH1",
+		  NULL }, 2, "hi", 1 },
+  { (char * []) { (char *) "--md5", (char *) "$1$oaL$eyrazuM7TkxVkKgBim1WH1",
+		  NULL }, 2, "hello", 0 },
+};
+
+static void
+legacy_password_test (void)
+{
+  grub_size_t i;
+
+  for (i = 0; i < ARRAY_SIZE (vectors); i++)
+    grub_test_assert (grub_legacy_check_md5_password (vectors[i].argc,
+						      vectors[i].args,
+						      vectors[i].entered)
+		      == vectors[i].exp, "Bad password check (%d)", (int) i);
+}
+
+/* Register example_test method as a functional test.  */
+GRUB_FUNCTIONAL_TEST (legacy_password_test, legacy_password_test);
--- a/grub-core/tests/lib/functional_test.c
+++ b/grub-core/tests/lib/functional_test.c
@ -61,6 +61,7 @@ grub_functional_all_tests (grub_extcmd_context_t ctxt __attribute__ ((unused)),
  grub_dl_load ("div_test");
  grub_dl_load ("xnu_uuid_test");
  grub_dl_load ("pbkdf2_test");
+  grub_dl_load ("legacy_password_test");

  FOR_LIST_ELEMENTS (test, grub_test_list)
    ok = !grub_test_run (test) && ok;
--- a/include/grub/legacy_parse.h
+++ b/include/grub/legacy_parse.h
@ -24,4 +24,9 @@
 char *grub_legacy_parse (const char *buf, char **entryname, char **suffix);
 char *grub_legacy_escape (const char *in, grub_size_t len);

+/* Entered has to be GRUB_AUTH_MAX_PASSLEN long, zero-padded.  */
+int
+grub_legacy_check_md5_password (int argc, char **args,
+				char *entered);
+
 #endif