1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
#!/usr/bin/env bash
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://aws.amazon.com/apache2.0
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
#
set -e
# Test that all file descriptors are properly cleaned up when `exec`ing from
# from an initialized s2n-tls process.
source codebuild/bin/s2n_setup_env.sh
source codebuild/bin/jobs.sh
function build() {
echo "=== BUILDING $1 ==="
cmake . -B$1 -DCMAKE_PREFIX_PATH=$TARGET_LIBCRYPTO_PATH ${@:2}
cmake --build $1 -- -j $JOBS
}
function fail() {
echo "test failure: $1"
exit 1
}
function write_exec_app() {
cat <<EOF > build/detect_exec_leak.c
#include <s2n.h>
#include "unistd.h"
int main() {
s2n_init();
execl("build/bin/detect_exec_leak_finish", "", NULL);
return 0;
}
EOF
}
function write_exec_finish_app() {
cat <<EOF > build/detect_exec_leak_finish.c
#include <s2n.h>
int main() {
s2n_init();
s2n_cleanup();
/* close std* file descriptors so valgrind output is less noisy */
fclose(stdin);
fclose(stdout);
fclose(stderr);
return 0;
}
EOF
}
# download libcrypto if its not available
TARGET_LIBCRYPTO="${S2N_LIBCRYPTO//[-.]/_}"
TARGET_LIBCRYPTO_PATH="${TEST_DEPS_DIR}/${S2N_LIBCRYPTO}"
if [ ! -f $TARGET_LIBCRYPTO_PATH/lib/libcrypto.a ]; then
./codebuild/bin/install_${TARGET_LIBCRYPTO}.sh $TARGET_LIBCRYPTO_PATH/src $TARGET_LIBCRYPTO_PATH linux
fi
# build s2n-tls
build build -DBUILD_SHARED_LIBS=on -DBUILD_TESTING=on
# compile the test app for exec leak test
mkdir -p build/valgrind_log_dir
write_exec_app
write_exec_finish_app
cc -Iapi build/detect_exec_leak.c build/lib/libs2n.so -o build/bin/detect_exec_leak
cc -Iapi build/detect_exec_leak_finish.c build/lib/libs2n.so -o build/bin/detect_exec_leak_finish
# run valgrind with track-fds enabled
valgrind_log_dir=valgrind_log_dir
for test_file in detect_exec_leak detect_exec_leak_finish; do
LD_LIBRARY_PATH="build/lib:$TARGET_LIBCRYPTO_PATH/lib:$LD_LIBRARY_PATH" S2N_VALGRIND=1 \
valgrind --leak-check=full --show-leak-kinds=all --errors-for-leak-kinds=all \
--run-libc-freeres=yes -q --gen-suppressions=all --track-fds=yes \
--leak-resolution=high --undef-value-errors=no --trace-children=yes \
--suppressions=tests/unit/valgrind.suppressions --log-file="build/$valgrind_log_dir/$test_file" \
build/bin/$test_file
# search for all leaked file descriptors, excluding the valgrind_log_dir file
cat build/$valgrind_log_dir/$test_file | \
grep "Open file descriptor" | \
grep --invert-match $valgrind_log_dir \
&& fail "file leak detected while running $test_file"
done
echo pass
|
