File _service:tar_scm:backport-0005-CVE-2023-6004-to... of Package libssh

File _service:tar_scm:backport-0005-CVE-2023-6004-torture_misc-Add-test-for-ssh_check_ho.patch of Package libssh

From 9bbb817c0c5434f03613d0783b2ef5f52235b901 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertpocs0@gmail.com>
Date: Tue, 10 Oct 2023 12:45:28 +0200
Subject: [PATCH 05/20] CVE-2023-6004: torture_misc: Add test for
 ssh_check_hostname_syntax

Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
 tests/unittests/torture_misc.c | 73 ++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)

diff --git a/tests/unittests/torture_misc.c b/tests/unittests/torture_misc.c
index 9e346ff8..e682b6d4 100644
--- a/tests/unittests/torture_misc.c
+++ b/tests/unittests/torture_misc.c
@@ -760,6 +760,78 @@ static void torture_ssh_strerror(void **state)
     assert_non_null(out);
 }
 
+static void torture_ssh_check_hostname_syntax(void **state)
+{
+    int rc;
+    (void)state;
+
+    rc = ssh_check_hostname_syntax("duckduckgo.com");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("www.libssh.org");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("Some-Thing.com");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("amazon.a23456789012345678901234567890123456789012345678901234567890123");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("amazon.a23456789012345678901234567890123456789012345678901234567890123.a23456789012345678901234567890123456789012345678901234567890123.ok");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("amazon.a23456789012345678901234567890123456789012345678901234567890123.a23456789012345678901234567890123456789012345678901234567890123.a23456789012345678901234567890123456789012345678901234567890123");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("lavabo-inter.innocentes-manus-meas");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("localhost");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("a");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("a-0.b-b");
+    assert_int_equal(rc, SSH_OK);
+    rc = ssh_check_hostname_syntax("libssh.");
+    assert_int_equal(rc, SSH_OK);
+
+    rc = ssh_check_hostname_syntax(NULL);
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("/");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("@");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("[");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("`");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("{");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("&");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("|");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("\"");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("`");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax(" ");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("*the+giant&\"rooks\".c0m");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("!www.libssh.org");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("--.--");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("libssh.a234567890123456789012345678901234567890123456789012345678901234");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("libssh.a234567890123456789012345678901234567890123456789012345678901234.a234567890123456789012345678901234567890123456789012345678901234");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("libssh-");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("fe80::9656:d028:8652:66b6");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax(".");
+    assert_int_equal(rc, SSH_ERROR);
+    rc = ssh_check_hostname_syntax("..");
+    assert_int_equal(rc, SSH_ERROR);
+}
+
 int torture_run_tests(void) {
     int rc;
     struct CMUnitTest tests[] = {
@@ -784,6 +856,7 @@ int torture_run_tests(void) {
         cmocka_unit_test(torture_ssh_quote_file_name),
         cmocka_unit_test(torture_ssh_strreplace),
         cmocka_unit_test(torture_ssh_strerror),
+        cmocka_unit_test(torture_ssh_check_hostname_syntax),
     };
 
     ssh_init();
-- 
2.33.0