Test SearchForPubKey authorized_keys no-match rejection#1107
Open
yosuke-wolfssl wants to merge 1 commit into
Open
Test SearchForPubKey authorized_keys no-match rejection#1107yosuke-wolfssl wants to merge 1 commit into
yosuke-wolfssl wants to merge 1 commit into
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR closes a unit-test coverage gap around SearchForPubKey’s “no authorized_keys line matched ⇒ authentication failure” gate by adding a negative-path test and exposing SearchForPubKey to the wolfsshd unit-test binary (without changing production behavior).
Changes:
- Expose
SearchForPubKeyas non-staticunderWOLFSSHD_UNIT_TEST && !_WIN32so the unit-test binary can call it. - Add a new
test_SearchForPubKeycovering authorized-key accept (StrictModes off/on), unauthorized-key reject, and missing-file error. - Add the unit-test-only prototype to
auth.hunder the existingWOLFSSHD_UNIT_TEST/!_WIN32block.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| apps/wolfsshd/test/test_configuration.c | Adds test_SearchForPubKey and registers it in the test table. |
| apps/wolfsshd/auth.h | Declares SearchForPubKey for unit tests on non-Windows builds. |
| apps/wolfsshd/auth.c | Makes SearchForPubKey externally visible only for unit tests (non-Windows). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
f2e0527 to
0a4aa41
Compare
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #1107
Scan targets checked: wolfssh-bugs, wolfssh-src
No new issues found in the changed files. ✅
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
Adds a negative-path unit test for
SearchForPubKey, the authorized_keys authorization gate for default (non-certificate) wolfsshd builds. Finding 6814 was a test-coverage gap, not a live bug: the gate that converts "no authorized_keys line matched" into an authentication failure was untested, so a deletion or condition-inversion of it could ship undetected.Background
SearchForPubKey(apps/wolfsshd/auth.c) reads a user's authorized_keys file and callsCheckAuthKeysLinefor each line.foundKeyis set only when a line matches; the final gateis the sole line that turns an all-mismatch file into a rejection. It had no coverage:
SearchForPubKeywasstaticand not exported through theWOLFSSHD_UNIT_TESTblock.test_CheckAuthKeysLineexercises a single line in isolation, never thefoundKeyaggregation.run_all_sshd_tests.sh) is positive-only — it always presents an authorized key — so it cannot kill a mutation of this gate.A deletion of the
ifblock, or inverting!foundKeytofoundKey, would makeSearchForPubKeyreturn success for a key that is not in authorized_keys, propagating up asWOLFSSH_USERAUTH_SUCCESS— a public-key auth bypass.Changes
apps/wolfsshd/auth.c— exposeSearchForPubKey(non-static) under#if defined(WOLFSSHD_UNIT_TEST) && !defined(_WIN32), mirroring the existingCheckAuthKeysLine/wsshd_setre*_cbunit-test hooks. No production behavior change.apps/wolfsshd/auth.h— add the prototype inside the existingWOLFSSHD_UNIT_TEST/#ifndef _WIN32block.apps/wolfsshd/test/test_configuration.c— addtest_SearchForPubKey, driving the real function against amkdtemptemp authorized_keys file across four scenarios:wolfSSHD_OpenSecureFiledispatch branchWSSHD_AUTH_FAILURErc < 0, theWS_BAD_FILE_Epath)Registered under
#if defined(WOLFSSL_BASE64_ENCODE) && !defined(_WIN32).Mutation coverage
The negative controls were confirmed by hand-mutating the gate and observing the test fail:
!foundKey→foundKey(inversion): the authorized-key scenario fails.rc == WSSHD_AUTH_SUCCESSleaks through).Both mutations are now killed; the gate was then restored to its correct form.
Testing
apps/wolfsshd/test/test_configuration— all four scenarios pass, full suite exits 0.