path: root/backport-CVE-2024-7264-x509asn1-unittests-and-fixes-fo.patch

From 27959ecce75cdb2809c0bdb3286e60e08fadb519 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Tue, 30 Jul 2024 16:40:48 +0200
Subject: [PATCH] x509asn1: unittests and fixes for gtime2str

Fix issues in GTime2str() and add unit test cases to verify correct
behaviour.

Follow-up to 3c914bc6801

Closes #14316
---
 lib/vtls/x509asn1.c     |  32 +++++++---
 lib/vtls/x509asn1.h     |  11 ++++
 tests/data/Makefile.inc |   2 +-
 tests/data/test1656     |  22 +++++++
 tests/unit/Makefile.inc |   4 +-
 tests/unit/unit1656.c   | 133 ++++++++++++++++++++++++++++++++++++++++
 6 files changed, 194 insertions(+), 10 deletions(-)
 create mode 100644 tests/data/test1656
 create mode 100644 tests/unit/unit1656.c

diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c
index dd7985d..5c65df1 100644
--- a/lib/vtls/x509asn1.c
+++ b/lib/vtls/x509asn1.c
@@ -561,12 +561,13 @@ static const char *GTime2str(const char *beg, const char *end)
   fracl = 0; /* no fractional seconds detected so far */
   if(fracp < end && (*fracp == '.' || *fracp == ',')) {
     /* Have fractional seconds, e.g. "[.,]\d+". How many? */
-    tzp = fracp++; /* should be a digit char or BAD ARGUMENT */
+    fracp++; /* should be a digit char or BAD ARGUMENT */
+    tzp = fracp;
     while(tzp < end && ISDIGIT(*tzp))
       tzp++;
     if(tzp == fracp) /* never looped, no digit after [.,] */
       return CURLE_BAD_FUNCTION_ARGUMENT;
-    fracl = tzp - fracp - 1; /* number of fractional sec digits */
+    fracl = tzp - fracp; /* number of fractional sec digits */
     DEBUGASSERT(fracl > 0);
     /* Strip trailing zeroes in fractional seconds.
      * May reduce fracl to 0 if only '0's are present. */
@@ -575,18 +576,24 @@ static const char *GTime2str(const char *beg, const char *end)
   }
 
   /* Process timezone. */
-  if(tzp >= end)
-    ;           /* Nothing to do. */
+  if(tzp >= end) {
+    tzp = "";
+    tzl = 0;
+  }
   else if(*tzp == 'Z') {
-    tzp = " GMT";
-    end = tzp + 4;
+    sep = " ";
+    tzp = "GMT";
+    tzl = 3;
+  }
+  else if((*tzp == '+') || (*tzp == '-')) {
+    sep = " UTC";
+    tzl = end - tzp;
   }
   else {
     sep = " ";
-    tzp++;
+    tzl = end - tzp;
   }
 
-  tzl = end - tzp;
   return curl_maprintf("%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s",
                        beg, beg + 4, beg + 6,
                        beg + 8, beg + 10, sec1, sec2,
@@ -594,6 +601,15 @@ static const char *GTime2str(const char *beg, const char *end)
                        sep, (int)tzl, tzp);
 }
 
+#ifdef UNITTESTS
+/* used by unit1656.c */
+CURLcode Curl_x509_GTime2str(struct dynbuf *store,
+                             const char *beg, const char *end)
+{
+  return GTime2str(store, beg, end);
+}
+#endif
+
 /*
  *  Convert an ASN.1 UTC time to a printable string.
  * Return the dynamically allocated string, or NULL if an error occurs.
diff --git a/lib/vtls/x509asn1.h b/lib/vtls/x509asn1.h
index 23a67b8..1d8bbab 100644
--- a/lib/vtls/x509asn1.h
+++ b/lib/vtls/x509asn1.h
@@ -76,5 +76,16 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, int certnum,
                                const char *beg, const char *end);
 CURLcode Curl_verifyhost(struct Curl_cfilter *cf, struct Curl_easy *data,
                          const char *beg, const char *end);
+
+#ifdef UNITTESTS
+#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \
+  defined(USE_MBEDTLS)
+
+/* used by unit1656.c */
+CURLcode Curl_x509_GTime2str(struct dynbuf *store,
+                             const char *beg, const char *end);
+#endif
+#endif
+
 #endif /* USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL or USE_SECTRANSP */
 #endif /* HEADER_CURL_X509ASN1_H */
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 1472b19..0af94e6 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -207,7 +207,7 @@ test1620 test1621 \
 \
 test1630 test1631 test1632 test1633 test1634 test1635 \
 \
-test1650 test1651 test1652 test1653 test1654 test1655 \
+test1650 test1651 test1652 test1653 test1654 test1655 test1656 \
 test1660 test1661 test1662 \
 \
 test1670 test1671 \
diff --git a/tests/data/test1656 b/tests/data/test1656
new file mode 100644
index 0000000..2fab21b
--- /dev/null
+++ b/tests/data/test1656
@@ -0,0 +1,22 @@
+<testcase>
+<info>
+<keywords>
+unittest
+Curl_x509_GTime2str
+</keywords>
+</info>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+<features>
+unittest
+</features>
+<name>
+Curl_x509_GTime2str unit tests
+</name>
+</client>
+</testcase>
diff --git a/tests/unit/Makefile.inc b/tests/unit/Makefile.inc
index 36e922b..b0eaf64 100644
--- a/tests/unit/Makefile.inc
+++ b/tests/unit/Makefile.inc
@@ -36,7 +36,7 @@ UNITPROGS = unit1300          unit1302 unit1303 unit1304 unit1305 unit1307 \
  unit1600 unit1601 unit1602 unit1603 unit1604 unit1605 unit1606 unit1607 \
  unit1608 unit1609 unit1610 unit1611 unit1612 unit1614 \
  unit1620 unit1621 \
- unit1650 unit1651 unit1652 unit1653 unit1654 unit1655 \
+ unit1650 unit1651 unit1652 unit1653 unit1654 unit1655 unit1656 \
  unit1660 unit1661 \
  unit2600 unit2601 unit2602 unit2603 \
  unit3200
@@ -117,6 +117,8 @@ unit1654_SOURCES = unit1654.c $(UNITFILES)
 
 unit1655_SOURCES = unit1655.c $(UNITFILES)
 
+unit1656_SOURCES = unit1656.c $(UNITFILES)
+
 unit1660_SOURCES = unit1660.c $(UNITFILES)
 
 unit1661_SOURCES = unit1661.c $(UNITFILES)
diff --git a/tests/unit/unit1656.c b/tests/unit/unit1656.c
new file mode 100644
index 0000000..644e72f
--- /dev/null
+++ b/tests/unit/unit1656.c
@@ -0,0 +1,133 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "curlcheck.h"
+
+#include "vtls/x509asn1.h"
+
+static CURLcode unit_setup(void)
+{
+  return CURLE_OK;
+}
+
+static void unit_stop(void)
+{
+
+}
+
+#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \
+  defined(USE_MBEDTLS)
+
+#ifndef ARRAYSIZE
+#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0]))
+#endif
+
+struct test_spec {
+  const char *input;
+  const char *exp_output;
+  CURLcode exp_result;
+};
+
+static struct test_spec test_specs[] = {
+  { "190321134340", "1903-21-13 43:40:00", CURLE_OK },
+  { "", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+  { "WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+  { "0WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+  { "19032113434", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+  { "19032113434WTF", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+  { "190321134340.", NULL, CURLE_BAD_FUNCTION_ARGUMENT },
+  { "190321134340.1", "1903-21-13 43:40:00.1", CURLE_OK },
+  { "19032113434017.0", "1903-21-13 43:40:17", CURLE_OK },
+  { "19032113434017.01", "1903-21-13 43:40:17.01", CURLE_OK },
+  { "19032113434003.001", "1903-21-13 43:40:03.001", CURLE_OK },
+  { "19032113434003.090", "1903-21-13 43:40:03.09", CURLE_OK },
+  { "190321134340Z", "1903-21-13 43:40:00 GMT", CURLE_OK },
+  { "19032113434017.0Z", "1903-21-13 43:40:17 GMT", CURLE_OK },
+  { "19032113434017.01Z", "1903-21-13 43:40:17.01 GMT", CURLE_OK },
+  { "19032113434003.001Z", "1903-21-13 43:40:03.001 GMT", CURLE_OK },
+  { "19032113434003.090Z", "1903-21-13 43:40:03.09 GMT", CURLE_OK },
+  { "190321134340CET", "1903-21-13 43:40:00 CET", CURLE_OK },
+  { "19032113434017.0CET", "1903-21-13 43:40:17 CET", CURLE_OK },
+  { "19032113434017.01CET", "1903-21-13 43:40:17.01 CET", CURLE_OK },
+  { "190321134340+02:30", "1903-21-13 43:40:00 UTC+02:30", CURLE_OK },
+  { "19032113434017.0+02:30", "1903-21-13 43:40:17 UTC+02:30", CURLE_OK },
+  { "19032113434017.01+02:30", "1903-21-13 43:40:17.01 UTC+02:30", CURLE_OK },
+  { "190321134340-3", "1903-21-13 43:40:00 UTC-3", CURLE_OK },
+  { "19032113434017.0-04", "1903-21-13 43:40:17 UTC-04", CURLE_OK },
+  { "19032113434017.01-01:10", "1903-21-13 43:40:17.01 UTC-01:10", CURLE_OK },
+};
+
+static bool do_test(struct test_spec *spec, size_t i, struct dynbuf *dbuf)
+{
+  CURLcode result;
+  const char *in = spec->input;
+
+  Curl_dyn_reset(dbuf);
+  result = Curl_x509_GTime2str(dbuf, in, in + strlen(in));
+  if(result != spec->exp_result) {
+    fprintf(stderr, "test %zu: expect result %d, got %d\n",
+            i, spec->exp_result, result);
+    return FALSE;
+  }
+  else if(!result && strcmp(spec->exp_output, Curl_dyn_ptr(dbuf))) {
+    fprintf(stderr, "test %zu: input '%s', expected output '%s', got '%s'\n",
+            i, in, spec->exp_output, Curl_dyn_ptr(dbuf));
+    return FALSE;
+  }
+
+  return TRUE;
+}
+
+UNITTEST_START
+{
+  size_t i;
+  struct dynbuf dbuf;
+  bool all_ok = TRUE;
+
+  Curl_dyn_init(&dbuf, 32*1024);
+
+  if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
+    fprintf(stderr, "curl_global_init() failed\n");
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  for(i = 0; i < ARRAYSIZE(test_specs); ++i) {
+    if(!do_test(&test_specs[i], i, &dbuf))
+      all_ok = FALSE;
+  }
+  fail_unless(all_ok, "some tests of Curl_x509_GTime2str() fails");
+
+  Curl_dyn_free(&dbuf);
+  curl_global_cleanup();
+}
+UNITTEST_STOP
+
+#else
+
+UNITTEST_START
+{
+  puts("not tested since Curl_x509_GTime2str() is not built-in");
+}
+UNITTEST_STOP
+
+#endif
-- 
2.41.0