diff options
author | Jakob Unterwurzacher | 2017-02-12 15:35:50 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2017-02-12 17:59:09 +0100 |
commit | 8adfbf2dc34560df7436c89b59a9749d2dd3b78e (patch) | |
tree | b1f7a10f654a6c2e35fdc60f53770d83bff1267c /tests | |
parent | 2dd90ac19ce97544c412d90a24df0f68e66311db (diff) |
Check for trailing garbage after the password
From the comment:
// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/cli/cli_test.go | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/tests/cli/cli_test.go b/tests/cli/cli_test.go index b39c816..cce7fa0 100644 --- a/tests/cli/cli_test.go +++ b/tests/cli/cli_test.go @@ -272,3 +272,47 @@ func TestShadows(t *testing.T) { t.Errorf("Should have failed") } } + +// TestInitTrailingGarbage verfies that gocryptfs exits with an error if we +// pass additional data after the password. +func TestInitTrailingGarbage(t *testing.T) { + table := []struct { + pw string + closeStdin bool + expectSuccess bool + }{ + {"foo\n", false, true}, + {"foo", true, true}, + {"foo\n", true, true}, + {"foo\n\n", false, false}, + {"foo\nbar", false, false}, + {"foo\n\n", true, false}, + {"foo\nbar", true, false}, + } + for _, row := range table { + dir, err := ioutil.TempDir(test_helpers.TmpDir, "") + if err != nil { + t.Fatal(err) + } + cmd := exec.Command(test_helpers.GocryptfsBinary, "-q", "-init", "-scryptn=10", dir) + childStdin, err := cmd.StdinPipe() + if err != nil { + t.Fatal(err) + } + err = cmd.Start() + if err != nil { + t.Fatal(err) + } + childStdin.Write([]byte(row.pw)) + if row.closeStdin { + childStdin.Close() + } + err = cmd.Wait() + success := (err == nil) + if success == true && row.expectSuccess == false { + t.Errorf("pw=%q should have failed, but succeeded", row.pw) + } else if success == false && row.expectSuccess == true { + t.Errorf("pw=%q should have succeeded, but failed", row.pw) + } + } +} |