From: Michael Rash <mbr@cipherdyne.org>
Date: Sun, 17 Jun 2012 17:57:06 +0000 (-0400)
Subject: added test for invalid SOURCE access lines
X-Git-Tag: fwknop-2.5-pre1~274
X-Git-Url: http://www.cipherdyne.com/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff_plain;h=c6a2680be2b4a61266506847de69ba44c6ad32e1

added test for invalid SOURCE access lines
---

diff --git a/test/conf/invalid_source_access.conf b/test/conf/invalid_source_access.conf
new file mode 100644
index 0000000..10a72b5
--- /dev/null
+++ b/test/conf/invalid_source_access.conf
@@ -0,0 +1,7 @@
+SOURCE :ANY;
+KEY: fwknoptest;
+FW_ACCESS_TIMEOUT:  3;
+
+SOURCE: ANY;
+KEY: fwknoptest2;
+FW_ACCESS_TIMEOUT:  3;
diff --git a/test/test-fwknop.pl b/test/test-fwknop.pl
index f59e5c0..b919582 100755
--- a/test/test-fwknop.pl
+++ b/test/test-fwknop.pl
@@ -31,6 +31,7 @@ my $expired_access_conf = "$conf_dir/expired_stanza_access.conf";
 my $future_expired_access_conf = "$conf_dir/future_expired_stanza_access.conf";
 my $expired_epoch_access_conf = "$conf_dir/expired_epoch_stanza_access.conf";
 my $invalid_expire_access_conf = "$conf_dir/invalid_expire_access.conf";
+my $invalid_source_access_conf = "$conf_dir/invalid_source_access.conf";
 my $force_nat_access_conf = "$conf_dir/force_nat_access.conf";
 my $gpg_access_conf     = "$conf_dir/gpg_access.conf";
 my $default_digest_file = "$run_dir/digest.cache";
@@ -627,6 +628,20 @@ my @tests = (
     {
         'category' => 'Rijndael SPA',
         'subcategory' => 'client+server',
+        'detail'   => 'invalid SOURCE (tcp/22 ssh)',
+        'err_msg'  => 'SPA packet accepted',
+        'function' => \&spa_cycle,
+        'cmdline'  => $default_client_args,
+        'fwknopd_cmdline'  => "LD_LIBRARY_PATH=$lib_dir $valgrind_str " .
+            "$fwknopdCmd -c $default_conf -a $invalid_source_access_conf " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'server_positive_output_matches' => [qr/Fatal\serror\sparsing\sIP\sto\sint/],
+        'fw_rule_created' => $REQUIRE_NO_NEW_RULE,
+        'fatal'    => $NO
+    },
+    {
+        'category' => 'Rijndael SPA',
+        'subcategory' => 'client+server',
         'detail'   => 'expired stanza (tcp/22 ssh)',
         'err_msg'  => 'SPA packet accepted',
         'function' => \&spa_cycle,