From 0c8baf2b68a3abacb2ab9c37b3f6414dad0fa6d1 Mon Sep 17 00:00:00 2001
From: Philipp Gesang <philipp.gesang@intra2net.com>
Date: Mon, 28 Aug 2017 17:59:42 +0200
Subject: [PATCH] add unit test for borked ciphertext size

---
 runtests.py             |    2 ++
 testing/test_recover.py |   25 +++++++++++++++++++++++++
 2 files changed, 27 insertions(+), 0 deletions(-)

diff --git a/runtests.py b/runtests.py
index 146d6e4..a11ecdd 100755
--- a/runtests.py
+++ b/runtests.py
@@ -35,6 +35,7 @@ from testing.test_recover import \
     , RecoverCorruptHeaderGZMultiTest \
     , RecoverCorruptHeaderGZAESSingleTest \
     , RecoverCorruptHeaderGZAESMultiTest \
+    , RecoverCorruptHeaderCTSizeGZAESTest \
     , RecoverCorruptEntireHeaderSingleTest \
     , RecoverCorruptEntireHeaderMultiTest \
     , RecoverCorruptEntireHeaderGZSingleTest \
@@ -106,6 +107,7 @@ if __name__ == "__main__":
                          , RecoverCorruptHeaderGZMultiTest
                          , RecoverCorruptHeaderGZAESSingleTest
                          , RecoverCorruptHeaderGZAESMultiTest
+                         , RecoverCorruptHeaderCTSizeGZAESTest
                          , RecoverCorruptEntireHeaderSingleTest
                          , RecoverCorruptEntireHeaderMultiTest
                          , RecoverCorruptEntireHeaderGZSingleTest
diff --git a/testing/test_recover.py b/testing/test_recover.py
index cd48a00..dbf2608 100644
--- a/testing/test_recover.py
+++ b/testing/test_recover.py
@@ -84,6 +84,9 @@ def is_pdt_encrypted (fname):
 ## corruption simulators                                                     ##
 ###############################################################################
 
+class UndefinedTest (Exception):
+    """No test available for the asked combination of parameters."""
+
 def corrupt_header (_, fname, compress, encrypt):
     """
     Modify a significant byte in the object header of the format.
@@ -106,6 +109,19 @@ def corrupt_header (_, fname, compress, encrypt):
         flip_bits (fname, 100 + 8 + 8 + 8 + 12 + 12 + 1)
 
 
+def corrupt_ctsize (_, fname, compress, encrypt):
+    """
+    Blow up the size of an object so as to cause its apparent payload to leak
+    into the next one.
+    """
+    if encrypt is True:
+        # damage lowest bit of second least significant byte of size field;
+        # this effectively sets the ciphertext size to 422, causing it to
+        # extend over the next object into the third one.
+        return flip_bits (fname, crypto.HDR_OFF_CTSIZE + 1, b=0x01)
+    raise UndefinedTest ("corrupt_ctsize %s %s %s" % (fname, compress, encrypt))
+
+
 def corrupt_entire_header (_, fname, compress, encrypt):
     """
     Flip all bits in the first object header.
@@ -761,6 +777,15 @@ class RescueCorruptHoleGZAESTest (RescueCorruptHoleBaseTest):
     # to this point though
     FAILURES    = 1
 
+
+class RecoverCorruptHeaderCTSizeGZAESTest (RescueTest):
+    COMPRESSION = "#gz"
+    PASSWORD    = TEST_PASSWORD
+    FAILURES    = 0
+    CORRUPT     = corrupt_ctsize
+    MISMATCHES  = 0
+
+
 ###############################################################################
 # index
 ###############################################################################
-- 
1.7.1