Browse Source

Avoid generating zero-length packets

I used the construct like f_rnd_octstring(f_rnd_int(100)) in a number
of places to generate random-length packets with randomized length.

The problem I didn't realize is that f_rnd_int() of course can also
return '0', which would generate zero-length packets.  This may be
permitted in some protocols, but it leads to problems e.g. when trying
to send a UDP packet of zero length (which the kernel will not do).

So let's introduce
* f_rnd_int_nonzero() for returning non-zero randomized integers
* f_rnd_octstring_rnd_len() for returning a random-length random payload
  octet string
* replace all f_rnd_octstring(f_rnd_int()) call sites with the new
  function.

Change-Id: I818a113ff8d2a2f7cab2ec7d9c8661607c6331d6
Closes: OS#5528
changes/63/27763/1
Harald Welte 4 months ago
parent
commit
67881aef23
  1. 2
      fr/FR_Tests.ttcn
  2. 10
      library/Osmocom_Types.ttcn
  3. 4
      pcap-client/OPCAP_CLIENT_Tests.ttcn
  4. 12
      remsim/RemsimClient_Tests.ttcn
  5. 6
      sccp/SCCP_Tests_RAW.ttcn
  6. 8
      stp/STP_Tests.ttcn
  7. 6
      stp/STP_Tests_M3UA.ttcn

2
fr/FR_Tests.ttcn

@ -276,7 +276,7 @@ private function f_ul2dl_ud(charstring id) runs on UE_CT
var integer ran_index := 0;
var template (value) PDU_LLC llc_tx;
var template (present) PDU_LLC llc_rx_exp;
var octetstring llc_payload := f_rnd_octstring(f_rnd_int(max_llc_payload_len));
var octetstring llc_payload := f_rnd_octstring_rnd_len(max_llc_payload_len);
var PDU_LLC llc_rx;
timer T := 5.0;

10
library/Osmocom_Types.ttcn

@ -65,6 +65,11 @@ function f_rnd_int(integer max) return integer {
return float2int(rnd()*int2float(max));
}
/* return random integer 1 <= ret < max */
function f_rnd_int_nonzero(integer max) return integer {
return float2int(1.0 + rnd()*int2float(max-1));
}
/* return hexstring composed of random digits */
function f_rnd_hexstring(in integer len, in integer max := 16) return hexstring {
var integer i;
@ -85,6 +90,11 @@ function f_rnd_octstring(in integer len) return octetstring {
return ret;
}
/* return ocetstring composed of random bytes, at least 1, maximum 'maxlen' bytes long */
function f_rnd_octstring_rnd_len(in integer maxlen) return octetstring {
return f_rnd_octstring(f_rnd_int_nonzero(maxlen));
}
/* return bitstring composed of random bits */
function f_rnd_bitstring(in integer len) return bitstring {
var octetstring oct := f_rnd_octstring(len / 8 + 1);

4
pcap-client/OPCAP_CLIENT_Tests.ttcn

@ -144,7 +144,7 @@ testcase TC_capture() runs on test_CT
var octetstring udp_payload;
/* we assume 1400 is low enough to avoid IP fragmentation */
udp_payload := f_rnd_octstring(f_rnd_int(1400));
udp_payload := f_rnd_octstring_rnd_len(1400);
f_trafic_pkt_ab(udp_payload);
f_opcap_exp_udp(udp_payload, 0);
@ -173,7 +173,7 @@ testcase TC_multi_capture() runs on test_CT
var octetstring udp_payload;
/* we assume 1400 is low enough to avoid IP fragmentation */
udp_payload := f_rnd_octstring(f_rnd_int(1400));
udp_payload := f_rnd_octstring_rnd_len(1400);
f_trafic_pkt_ab(udp_payload);
/* expect packet to arrive on both simulated servers */

12
remsim/RemsimClient_Tests.ttcn

@ -299,8 +299,8 @@ function f_xceive_apdus(ClientSlot cslot, BankSlot bslot,
integer count := 100, integer i := 0) runs on client_test_CT
{
for (var integer j := 0; j < count; j := j+1) {
var octetstring c_apdu := f_rnd_octstring(f_rnd_int(270));
var octetstring r_apdu := f_rnd_octstring(f_rnd_int(270));
var octetstring c_apdu := f_rnd_octstring_rnd_len(270);
var octetstring r_apdu := f_rnd_octstring_rnd_len(270);
f_client2bank(cslot, bslot, c_apdu, i:=i);
f_bank2client(bslot, cslot, r_apdu, i:=i);
}
@ -345,8 +345,8 @@ testcase TC_pipe_apdu_wrong_cslot() runs on client_test_CT {
f_set_atr(cslot, '3B9F96801FC78031A073BE21136743200718000001A5'O, i:=1);
var octetstring c_apdu := f_rnd_octstring(f_rnd_int(270));
var octetstring r_apdu := f_rnd_octstring(f_rnd_int(270));
var octetstring c_apdu := f_rnd_octstring_rnd_len(270);
var octetstring r_apdu := f_rnd_octstring_rnd_len(270);
/* Send C-APDU from correct ClientId/Slot to simulated bankd */
f_client2bank(cslot, bslot, c_apdu, i:=1);
/* respond with R-APDU from correct bankId/Slot but stating wrong ClientId */
@ -372,8 +372,8 @@ testcase TC_pipe_apdu_wrong_bslot() runs on client_test_CT {
f_set_atr(cslot, '3B9F96801FC78031A073BE21136743200718000001A5'O, i:=1);
var octetstring c_apdu := f_rnd_octstring(f_rnd_int(270));
var octetstring r_apdu := f_rnd_octstring(f_rnd_int(270));
var octetstring c_apdu := f_rnd_octstring_rnd_len(270);
var octetstring r_apdu := f_rnd_octstring_rnd_len(270);
/* Send C-APDU from correct ClientId/Slot to simulated bankd */
f_client2bank(cslot, bslot, c_apdu, i:=1);
/* respond with R-APDU from wrong bankId but stating correct ClientId */

6
sccp/SCCP_Tests_RAW.ttcn

@ -182,7 +182,7 @@ testcase TC_cr_cc() runs on SCCP_Test_RAW_CT {
testcase TC_udt_without_cr_cc() runs on SCCP_Test_RAW_CT {
var SCCP_PAR_Address calling, called;
var SCCP_MTP3_TRANSFERind rx;
var octetstring data := f_rnd_octstring(f_rnd_int(100));
var octetstring data := f_rnd_octstring_rnd_len(100);
/* Keep recommended ratio of T(iar) >= T(ias)*2, but anyway no IT
should be received in this case. */
@ -215,7 +215,7 @@ testcase TC_udt_without_cr_cc() runs on SCCP_Test_RAW_CT {
testcase TC_tiar_timeout() runs on SCCP_Test_RAW_CT {
var SCCP_PAR_Address calling, called;
var OCT3 remote_lref;
var octetstring data := f_rnd_octstring(f_rnd_int(100));
var octetstring data := f_rnd_octstring_rnd_len(100);
/* Set T(iar) in sccp_demo_user low enough that it will trigger before other side
has time to keep alive with a T(ias). Keep recommended ratio of
@ -320,7 +320,7 @@ private function f_tx_xudt_exp(SCCP_PAR_Address calling, SCCP_PAR_Address called
/* Test if the IUT SCCP code processes an XUDT [treat it like UDT] and answers back. */
testcase TC_process_rx_xudt() runs on SCCP_Test_RAW_CT {
var SCCP_PAR_Address calling, called;
var octetstring data := f_rnd_octstring(f_rnd_int(100));
var octetstring data := f_rnd_octstring_rnd_len(100);
f_init_raw(mp_sccp_cfg[0]);
f_sleep(1.0);

8
stp/STP_Tests.ttcn

@ -73,7 +73,7 @@ testcase TC_m3ua_to_ipa() runs on IPA_M3UA_CT {
f_M3UA_asp_up_act(0, omit, omit); // TODO: rctx
/* send a well-formed, encoded SCCP message via M3UA */
var octetstring data := f_rnd_octstring(f_rnd_int(100));
var octetstring data := f_rnd_octstring_rnd_len(100);
var SCCP_PAR_Address called := valueof(ts_SccpAddr_GT('1234'H));
var SCCP_PAR_Address calling := valueof(ts_SccpAddr_GT('5678'H));
var PDU_SCCP sccp := valueof(ts_SCCP_UDT(called, calling, data));
@ -105,7 +105,7 @@ testcase TC_ipa_to_m3ua() runs on IPA_M3UA_CT {
f_M3UA_asp_up_act(0, omit, omit); // TODO: rctx
/* send a well-formed, encoded SCCP message via IPA */
var octetstring data := f_rnd_octstring(f_rnd_int(100));
var octetstring data := f_rnd_octstring_rnd_len(100);
var SCCP_PAR_Address called := valueof(ts_SccpAddr_GT('1234'H));
var SCCP_PAR_Address calling := valueof(ts_SccpAddr_GT('5678'H));
var PDU_SCCP sccp := valueof(ts_SCCP_UDT(called, calling, data));
@ -137,7 +137,7 @@ testcase TC_ipa_to_m3ua_ni() runs on IPA_M3UA_CT {
f_M3UA_asp_up_act(0, omit, omit); // TODO: rctx
/* send a well-formed, encoded SCCP message via IPA */
var octetstring data := f_rnd_octstring(f_rnd_int(100));
var octetstring data := f_rnd_octstring_rnd_len(100);
var SCCP_PAR_Address called := valueof(ts_SccpAddr_GT('1234'H));
var SCCP_PAR_Address calling := valueof(ts_SccpAddr_GT('5678'H));
var PDU_SCCP sccp := valueof(ts_SCCP_UDT(called, calling, data));
@ -173,7 +173,7 @@ testcase TC_ipa_to_m3ua_patch_sccp() runs on IPA_M3UA_CT {
f_M3UA_asp_up_act(0, omit, omit); // TODO: rctx
/* send a well-formed, encoded SCCP message via IPA */
var octetstring data := f_rnd_octstring(f_rnd_int(100));
var octetstring data := f_rnd_octstring_rnd_len(100);
var SCCP_PAR_Address called := valueof(ts_SccpAddr_GT('1234'H));
var SCCP_PAR_Address calling := valueof(ts_SccpAddr_GT('5678'H));
var PDU_SCCP sccp := valueof(ts_SCCP_UDT(called, calling, data));

6
stp/STP_Tests_M3UA.ttcn

@ -407,7 +407,7 @@ private function f_test_traffic(integer idx_tx, template (omit) OCT4 rctx_sender
integer idx_rx, template (omit) OCT4 rctx_receiver, OCT4 pc_rx,
OCT1 si := '23'O, OCT1 ni := '00'O, OCT1 mp := '00'O, OCT1 sls := '00'O)
runs on RAW_M3UA_CT {
var octetstring data := f_rnd_octstring(f_rnd_int(100));
var octetstring data := f_rnd_octstring_rnd_len(100);
f_M3UA_send(idx_tx, ts_M3UA_DATA(rctx_sender,
ts_M3UA_protocol_data(pc_tx, pc_rx, si, ni, mp, sls, data)), 1);
f_M3UA_exp(idx_rx, tr_M3UA_DATA(rctx_receiver,
@ -482,7 +482,7 @@ testcase TC_tmt_loadshare() runs on RAW_M3UA_CT {
const integer iter_per_asp := 5;
var integer num_rx[NR_M3UA] := { 0, 0, 0 };
for (i := 0; i < 2*iter_per_asp; i := i+1) {
var octetstring data := f_rnd_octstring(f_rnd_int(100));
var octetstring data := f_rnd_octstring_rnd_len(100);
var template (value) M3UA_Protocol_Data tx_pd;
var template (present) M3UA_Protocol_Data rx_pd;
tx_pd := ts_M3UA_protocol_data(pc_sender, pc_receiver, '23'O, '00'O, '00'O, '00'O, data);
@ -533,7 +533,7 @@ testcase TC_tmt_broadcast() runs on RAW_M3UA_CT {
/* verify traffic is routed from sender to new receiver */
for (i := 0; i < 10; i := i+1) {
var octetstring data := f_rnd_octstring(f_rnd_int(100));
var octetstring data := f_rnd_octstring_rnd_len(100);
var template (value) M3UA_Protocol_Data tx_pd;
var template (present) M3UA_Protocol_Data rx_pd;
tx_pd := ts_M3UA_protocol_data(pc_sender, pc_receiver, '23'O, '00'O, '00'O, '00'O, data);

Loading…
Cancel
Save