From 67881aef23a3567aa5cb70364b388041011efbc7 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Tue, 12 Apr 2022 22:52:47 +0200 Subject: [PATCH] Avoid generating zero-length packets I used the construct like f_rnd_octstring(f_rnd_int(100)) in a number of places to generate random-length packets with randomized length. The problem I didn't realize is that f_rnd_int() of course can also return '0', which would generate zero-length packets. This may be permitted in some protocols, but it leads to problems e.g. when trying to send a UDP packet of zero length (which the kernel will not do). So let's introduce * f_rnd_int_nonzero() for returning non-zero randomized integers * f_rnd_octstring_rnd_len() for returning a random-length random payload octet string * replace all f_rnd_octstring(f_rnd_int()) call sites with the new function. Change-Id: I818a113ff8d2a2f7cab2ec7d9c8661607c6331d6 Closes: OS#5528 --- fr/FR_Tests.ttcn | 2 +- library/Osmocom_Types.ttcn | 10 ++++++++++ pcap-client/OPCAP_CLIENT_Tests.ttcn | 4 ++-- remsim/RemsimClient_Tests.ttcn | 12 ++++++------ sccp/SCCP_Tests_RAW.ttcn | 6 +++--- stp/STP_Tests.ttcn | 8 ++++---- stp/STP_Tests_M3UA.ttcn | 6 +++--- 7 files changed, 29 insertions(+), 19 deletions(-) diff --git a/fr/FR_Tests.ttcn b/fr/FR_Tests.ttcn index b7a56c3b7..65029c1b0 100644 --- a/fr/FR_Tests.ttcn +++ b/fr/FR_Tests.ttcn @@ -276,7 +276,7 @@ private function f_ul2dl_ud(charstring id) runs on UE_CT var integer ran_index := 0; var template (value) PDU_LLC llc_tx; var template (present) PDU_LLC llc_rx_exp; - var octetstring llc_payload := f_rnd_octstring(f_rnd_int(max_llc_payload_len)); + var octetstring llc_payload := f_rnd_octstring_rnd_len(max_llc_payload_len); var PDU_LLC llc_rx; timer T := 5.0; diff --git a/library/Osmocom_Types.ttcn b/library/Osmocom_Types.ttcn index b698a2e30..2edec368f 100644 --- a/library/Osmocom_Types.ttcn +++ b/library/Osmocom_Types.ttcn @@ -65,6 +65,11 @@ function f_rnd_int(integer max) return integer { return float2int(rnd()*int2float(max)); } +/* return random integer 1 <= ret < max */ +function f_rnd_int_nonzero(integer max) return integer { + return float2int(1.0 + rnd()*int2float(max-1)); +} + /* return hexstring composed of random digits */ function f_rnd_hexstring(in integer len, in integer max := 16) return hexstring { var integer i; @@ -85,6 +90,11 @@ function f_rnd_octstring(in integer len) return octetstring { return ret; } +/* return ocetstring composed of random bytes, at least 1, maximum 'maxlen' bytes long */ +function f_rnd_octstring_rnd_len(in integer maxlen) return octetstring { + return f_rnd_octstring(f_rnd_int_nonzero(maxlen)); +} + /* return bitstring composed of random bits */ function f_rnd_bitstring(in integer len) return bitstring { var octetstring oct := f_rnd_octstring(len / 8 + 1); diff --git a/pcap-client/OPCAP_CLIENT_Tests.ttcn b/pcap-client/OPCAP_CLIENT_Tests.ttcn index e9fe406ad..1efc343be 100644 --- a/pcap-client/OPCAP_CLIENT_Tests.ttcn +++ b/pcap-client/OPCAP_CLIENT_Tests.ttcn @@ -144,7 +144,7 @@ testcase TC_capture() runs on test_CT var octetstring udp_payload; /* we assume 1400 is low enough to avoid IP fragmentation */ - udp_payload := f_rnd_octstring(f_rnd_int(1400)); + udp_payload := f_rnd_octstring_rnd_len(1400); f_trafic_pkt_ab(udp_payload); f_opcap_exp_udp(udp_payload, 0); @@ -173,7 +173,7 @@ testcase TC_multi_capture() runs on test_CT var octetstring udp_payload; /* we assume 1400 is low enough to avoid IP fragmentation */ - udp_payload := f_rnd_octstring(f_rnd_int(1400)); + udp_payload := f_rnd_octstring_rnd_len(1400); f_trafic_pkt_ab(udp_payload); /* expect packet to arrive on both simulated servers */ diff --git a/remsim/RemsimClient_Tests.ttcn b/remsim/RemsimClient_Tests.ttcn index d7d6bc7f3..219573cb8 100644 --- a/remsim/RemsimClient_Tests.ttcn +++ b/remsim/RemsimClient_Tests.ttcn @@ -299,8 +299,8 @@ function f_xceive_apdus(ClientSlot cslot, BankSlot bslot, integer count := 100, integer i := 0) runs on client_test_CT { for (var integer j := 0; j < count; j := j+1) { - var octetstring c_apdu := f_rnd_octstring(f_rnd_int(270)); - var octetstring r_apdu := f_rnd_octstring(f_rnd_int(270)); + var octetstring c_apdu := f_rnd_octstring_rnd_len(270); + var octetstring r_apdu := f_rnd_octstring_rnd_len(270); f_client2bank(cslot, bslot, c_apdu, i:=i); f_bank2client(bslot, cslot, r_apdu, i:=i); } @@ -345,8 +345,8 @@ testcase TC_pipe_apdu_wrong_cslot() runs on client_test_CT { f_set_atr(cslot, '3B9F96801FC78031A073BE21136743200718000001A5'O, i:=1); - var octetstring c_apdu := f_rnd_octstring(f_rnd_int(270)); - var octetstring r_apdu := f_rnd_octstring(f_rnd_int(270)); + var octetstring c_apdu := f_rnd_octstring_rnd_len(270); + var octetstring r_apdu := f_rnd_octstring_rnd_len(270); /* Send C-APDU from correct ClientId/Slot to simulated bankd */ f_client2bank(cslot, bslot, c_apdu, i:=1); /* respond with R-APDU from correct bankId/Slot but stating wrong ClientId */ @@ -372,8 +372,8 @@ testcase TC_pipe_apdu_wrong_bslot() runs on client_test_CT { f_set_atr(cslot, '3B9F96801FC78031A073BE21136743200718000001A5'O, i:=1); - var octetstring c_apdu := f_rnd_octstring(f_rnd_int(270)); - var octetstring r_apdu := f_rnd_octstring(f_rnd_int(270)); + var octetstring c_apdu := f_rnd_octstring_rnd_len(270); + var octetstring r_apdu := f_rnd_octstring_rnd_len(270); /* Send C-APDU from correct ClientId/Slot to simulated bankd */ f_client2bank(cslot, bslot, c_apdu, i:=1); /* respond with R-APDU from wrong bankId but stating correct ClientId */ diff --git a/sccp/SCCP_Tests_RAW.ttcn b/sccp/SCCP_Tests_RAW.ttcn index 5013ddf3b..fd6bad9e1 100644 --- a/sccp/SCCP_Tests_RAW.ttcn +++ b/sccp/SCCP_Tests_RAW.ttcn @@ -182,7 +182,7 @@ testcase TC_cr_cc() runs on SCCP_Test_RAW_CT { testcase TC_udt_without_cr_cc() runs on SCCP_Test_RAW_CT { var SCCP_PAR_Address calling, called; var SCCP_MTP3_TRANSFERind rx; - var octetstring data := f_rnd_octstring(f_rnd_int(100)); + var octetstring data := f_rnd_octstring_rnd_len(100); /* Keep recommended ratio of T(iar) >= T(ias)*2, but anyway no IT should be received in this case. */ @@ -215,7 +215,7 @@ testcase TC_udt_without_cr_cc() runs on SCCP_Test_RAW_CT { testcase TC_tiar_timeout() runs on SCCP_Test_RAW_CT { var SCCP_PAR_Address calling, called; var OCT3 remote_lref; - var octetstring data := f_rnd_octstring(f_rnd_int(100)); + var octetstring data := f_rnd_octstring_rnd_len(100); /* Set T(iar) in sccp_demo_user low enough that it will trigger before other side has time to keep alive with a T(ias). Keep recommended ratio of @@ -320,7 +320,7 @@ private function f_tx_xudt_exp(SCCP_PAR_Address calling, SCCP_PAR_Address called /* Test if the IUT SCCP code processes an XUDT [treat it like UDT] and answers back. */ testcase TC_process_rx_xudt() runs on SCCP_Test_RAW_CT { var SCCP_PAR_Address calling, called; - var octetstring data := f_rnd_octstring(f_rnd_int(100)); + var octetstring data := f_rnd_octstring_rnd_len(100); f_init_raw(mp_sccp_cfg[0]); f_sleep(1.0); diff --git a/stp/STP_Tests.ttcn b/stp/STP_Tests.ttcn index 004af0507..ac45b1d40 100644 --- a/stp/STP_Tests.ttcn +++ b/stp/STP_Tests.ttcn @@ -73,7 +73,7 @@ testcase TC_m3ua_to_ipa() runs on IPA_M3UA_CT { f_M3UA_asp_up_act(0, omit, omit); // TODO: rctx /* send a well-formed, encoded SCCP message via M3UA */ - var octetstring data := f_rnd_octstring(f_rnd_int(100)); + var octetstring data := f_rnd_octstring_rnd_len(100); var SCCP_PAR_Address called := valueof(ts_SccpAddr_GT('1234'H)); var SCCP_PAR_Address calling := valueof(ts_SccpAddr_GT('5678'H)); var PDU_SCCP sccp := valueof(ts_SCCP_UDT(called, calling, data)); @@ -105,7 +105,7 @@ testcase TC_ipa_to_m3ua() runs on IPA_M3UA_CT { f_M3UA_asp_up_act(0, omit, omit); // TODO: rctx /* send a well-formed, encoded SCCP message via IPA */ - var octetstring data := f_rnd_octstring(f_rnd_int(100)); + var octetstring data := f_rnd_octstring_rnd_len(100); var SCCP_PAR_Address called := valueof(ts_SccpAddr_GT('1234'H)); var SCCP_PAR_Address calling := valueof(ts_SccpAddr_GT('5678'H)); var PDU_SCCP sccp := valueof(ts_SCCP_UDT(called, calling, data)); @@ -137,7 +137,7 @@ testcase TC_ipa_to_m3ua_ni() runs on IPA_M3UA_CT { f_M3UA_asp_up_act(0, omit, omit); // TODO: rctx /* send a well-formed, encoded SCCP message via IPA */ - var octetstring data := f_rnd_octstring(f_rnd_int(100)); + var octetstring data := f_rnd_octstring_rnd_len(100); var SCCP_PAR_Address called := valueof(ts_SccpAddr_GT('1234'H)); var SCCP_PAR_Address calling := valueof(ts_SccpAddr_GT('5678'H)); var PDU_SCCP sccp := valueof(ts_SCCP_UDT(called, calling, data)); @@ -173,7 +173,7 @@ testcase TC_ipa_to_m3ua_patch_sccp() runs on IPA_M3UA_CT { f_M3UA_asp_up_act(0, omit, omit); // TODO: rctx /* send a well-formed, encoded SCCP message via IPA */ - var octetstring data := f_rnd_octstring(f_rnd_int(100)); + var octetstring data := f_rnd_octstring_rnd_len(100); var SCCP_PAR_Address called := valueof(ts_SccpAddr_GT('1234'H)); var SCCP_PAR_Address calling := valueof(ts_SccpAddr_GT('5678'H)); var PDU_SCCP sccp := valueof(ts_SCCP_UDT(called, calling, data)); diff --git a/stp/STP_Tests_M3UA.ttcn b/stp/STP_Tests_M3UA.ttcn index 31bab9300..08fc9c95c 100644 --- a/stp/STP_Tests_M3UA.ttcn +++ b/stp/STP_Tests_M3UA.ttcn @@ -407,7 +407,7 @@ private function f_test_traffic(integer idx_tx, template (omit) OCT4 rctx_sender integer idx_rx, template (omit) OCT4 rctx_receiver, OCT4 pc_rx, OCT1 si := '23'O, OCT1 ni := '00'O, OCT1 mp := '00'O, OCT1 sls := '00'O) runs on RAW_M3UA_CT { - var octetstring data := f_rnd_octstring(f_rnd_int(100)); + var octetstring data := f_rnd_octstring_rnd_len(100); f_M3UA_send(idx_tx, ts_M3UA_DATA(rctx_sender, ts_M3UA_protocol_data(pc_tx, pc_rx, si, ni, mp, sls, data)), 1); f_M3UA_exp(idx_rx, tr_M3UA_DATA(rctx_receiver, @@ -482,7 +482,7 @@ testcase TC_tmt_loadshare() runs on RAW_M3UA_CT { const integer iter_per_asp := 5; var integer num_rx[NR_M3UA] := { 0, 0, 0 }; for (i := 0; i < 2*iter_per_asp; i := i+1) { - var octetstring data := f_rnd_octstring(f_rnd_int(100)); + var octetstring data := f_rnd_octstring_rnd_len(100); var template (value) M3UA_Protocol_Data tx_pd; var template (present) M3UA_Protocol_Data rx_pd; tx_pd := ts_M3UA_protocol_data(pc_sender, pc_receiver, '23'O, '00'O, '00'O, '00'O, data); @@ -533,7 +533,7 @@ testcase TC_tmt_broadcast() runs on RAW_M3UA_CT { /* verify traffic is routed from sender to new receiver */ for (i := 0; i < 10; i := i+1) { - var octetstring data := f_rnd_octstring(f_rnd_int(100)); + var octetstring data := f_rnd_octstring_rnd_len(100); var template (value) M3UA_Protocol_Data tx_pd; var template (present) M3UA_Protocol_Data rx_pd; tx_pd := ts_M3UA_protocol_data(pc_sender, pc_receiver, '23'O, '00'O, '00'O, '00'O, data);