From cda7bca126f8d5e9b7b200d34fe8a648fe752d51 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mjumper@apache.org>
Date: Sun, 7 Apr 2019 16:51:33 -0700
Subject: [PATCH] GUACAMOLE-637: Add RDP filesystem and SFTP unit tests for
 path depth.

---
 src/common-ssh/tests/sftp/normalize_path.c  | 42 ++++++++++++++++++++-
 src/protocols/rdp/tests/fs/normalize_path.c | 35 ++++++++++++++++-
 2 files changed, 73 insertions(+), 4 deletions(-)

diff --git a/src/common-ssh/tests/sftp/normalize_path.c b/src/common-ssh/tests/sftp/normalize_path.c
index 79f4d426..a33dbad6 100644
--- a/src/common-ssh/tests/sftp/normalize_path.c
+++ b/src/common-ssh/tests/sftp/normalize_path.c
@@ -164,7 +164,8 @@ void test_fs__normalize_relative_mixed() {
  *
  * @param length
  *     The number of bytes to include in the generated path, not counting the
- *     null-terminator.
+ *     null-terminator. If -1, the length of the path will be automatically
+ *     determined from the provided max_depth.
  *
  * @param max_depth
  *     The maximum number of path components to include within the generated
@@ -177,6 +178,10 @@ void test_fs__normalize_relative_mixed() {
  */
 static char* generate_path(int length, int max_depth) {
 
+    /* If no length given, calculate space required from max_depth */
+    if (length == -1)
+        length = max_depth * 2;
+
     int i;
     char* input = malloc(length + 1);
 
@@ -207,7 +212,7 @@ void test_fs__normalize_long() {
     char normalized[GUAC_COMMON_SSH_SFTP_MAX_PATH];
 
     /* Exceeds maximum length by a factor of 2 */
-    input = generate_path(GUAC_COMMON_SSH_SFTP_MAX_PATH*2, GUAC_COMMON_SSH_SFTP_MAX_DEPTH);
+    input = generate_path(GUAC_COMMON_SSH_SFTP_MAX_PATH * 2, GUAC_COMMON_SSH_SFTP_MAX_DEPTH);
     CU_ASSERT_EQUAL(guac_common_ssh_sftp_normalize_path(normalized, input), 0);
     free(input);
 
@@ -223,3 +228,36 @@ void test_fs__normalize_long() {
 
 }
 
+/**
+ * Test which verifies that paths exceeding the maximum path depth are
+ * rejected.
+ */
+void test_fs__normalize_deep() {
+
+    char* input;
+    char normalized[GUAC_COMMON_SSH_SFTP_MAX_PATH];
+
+    /* Exceeds maximum depth by a factor of 2 */
+    input = generate_path(-1, GUAC_COMMON_SSH_SFTP_MAX_DEPTH * 2);
+    CU_ASSERT_EQUAL(guac_common_ssh_sftp_normalize_path(normalized, input), 0);
+    free(input);
+
+    /* Exceeds maximum depth by one component */
+    input = generate_path(-1, GUAC_COMMON_SSH_SFTP_MAX_DEPTH + 1);
+    CU_ASSERT_EQUAL(guac_common_ssh_sftp_normalize_path(normalized, input), 0);
+    free(input);
+
+    /* Exactly maximum depth (should still be rejected as SFTP depth limits are
+     * set such that a path with the maximum depth will exceed the maximum
+     * length) */
+    input = generate_path(-1, GUAC_COMMON_SSH_SFTP_MAX_DEPTH);
+    CU_ASSERT_EQUAL(guac_common_ssh_sftp_normalize_path(normalized, input), 0);
+    free(input);
+
+    /* Less than maximum depth */
+    input = generate_path(-1, GUAC_COMMON_SSH_SFTP_MAX_DEPTH - 1);
+    CU_ASSERT_NOT_EQUAL(guac_common_ssh_sftp_normalize_path(normalized, input), 0);
+    free(input);
+
+}
+
diff --git a/src/protocols/rdp/tests/fs/normalize_path.c b/src/protocols/rdp/tests/fs/normalize_path.c
index 02fbc6a6..ccf23e01 100644
--- a/src/protocols/rdp/tests/fs/normalize_path.c
+++ b/src/protocols/rdp/tests/fs/normalize_path.c
@@ -164,7 +164,8 @@ void test_fs__normalize_relative_mixed() {
  *
  * @param length
  *     The number of bytes to include in the generated path, not counting the
- *     null-terminator.
+ *     null-terminator. If -1, the length of the path will be automatically
+ *     determined from the provided max_depth.
  *
  * @param max_depth
  *     The maximum number of path components to include within the generated
@@ -177,6 +178,10 @@ void test_fs__normalize_relative_mixed() {
  */
 static char* generate_path(int length, int max_depth) {
 
+    /* If no length given, calculate space required from max_depth */
+    if (length == -1)
+        length = max_depth * 2;
+
     int i;
     char* input = malloc(length + 1);
 
@@ -207,7 +212,7 @@ void test_fs__normalize_long() {
     char normalized[GUAC_RDP_FS_MAX_PATH];
 
     /* Exceeds maximum length by a factor of 2 */
-    input = generate_path(GUAC_RDP_FS_MAX_PATH*2, GUAC_RDP_MAX_PATH_DEPTH);
+    input = generate_path(GUAC_RDP_FS_MAX_PATH * 2, GUAC_RDP_MAX_PATH_DEPTH);
     CU_ASSERT_NOT_EQUAL(guac_rdp_fs_normalize_path(input, normalized), 0);
     free(input);
 
@@ -223,3 +228,29 @@ void test_fs__normalize_long() {
 
 }
 
+/**
+ * Test which verifies that paths exceeding the maximum path depth are
+ * rejected.
+ */
+void test_fs__normalize_deep() {
+
+    char* input;
+    char normalized[GUAC_RDP_FS_MAX_PATH];
+
+    /* Exceeds maximum depth by a factor of 2 */
+    input = generate_path(-1, GUAC_RDP_MAX_PATH_DEPTH * 2);
+    CU_ASSERT_NOT_EQUAL(guac_rdp_fs_normalize_path(input, normalized), 0);
+    free(input);
+
+    /* Exceeds maximum depth by one component */
+    input = generate_path(-1, GUAC_RDP_MAX_PATH_DEPTH + 1);
+    CU_ASSERT_NOT_EQUAL(guac_rdp_fs_normalize_path(input, normalized), 0);
+    free(input);
+
+    /* Exactly maximum depth */
+    input = generate_path(-1, GUAC_RDP_MAX_PATH_DEPTH);
+    CU_ASSERT_EQUAL(guac_rdp_fs_normalize_path(input, normalized), 0);
+    free(input);
+
+}
+