CDRIVER-2342 check for null user in _mongoc_scram_start

jmikola · jmikola · commit 48fae8421fd3 · 2017-11-09T03:09:22.000-05:00
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -733,6 +733,7 @@ set(test-libmongoc-sources
    ${SOURCE_DIR}/tests/test-mongoc-read-prefs.c
    ${SOURCE_DIR}/tests/test-mongoc-rpc.c
    ${SOURCE_DIR}/tests/test-mongoc-sample-commands.c
+   ${SOURCE_DIR}/tests/test-mongoc-scram.c
    ${SOURCE_DIR}/tests/test-mongoc-sdam.c
    ${SOURCE_DIR}/tests/test-mongoc-sdam-monitoring.c
    ${SOURCE_DIR}/tests/test-mongoc-server-selection.c
diff --git a/src/mongoc/mongoc-scram.c b/src/mongoc/mongoc-scram.c
@@ -172,6 +172,14 @@ _mongoc_scram_start (mongoc_scram_t *scram,
    BSON_ASSERT (outbufmax);
    BSON_ASSERT (outbuflen);
 
+   if (!scram->user) {
+      bson_set_error (error,
+                      MONGOC_ERROR_SCRAM,
+                      MONGOC_ERROR_SCRAM_PROTOCOL_ERROR,
+                      "SCRAM Failure: username is not set");
+      goto FAIL;
+   }
+
    /* auth message is as big as the outbuf just because */
    scram->auth_message = (uint8_t *) bson_malloc (outbufmax);
    scram->auth_messagemax = outbufmax;
diff --git a/tests/Makefile.am b/tests/Makefile.am
@@ -94,6 +94,7 @@ test_libmongoc_SOURCES = \
 	tests/test-mongoc-rpc.c \
 	tests/test-mongoc-socket.c \
 	tests/test-mongoc-sample-commands.c \
+	tests/test-mongoc-scram.c \
 	tests/test-mongoc-sdam.c \
 	tests/test-mongoc-sdam-monitoring.c \
 	tests/test-mongoc-server-selection.c \
diff --git a/tests/test-libmongoc.c b/tests/test-libmongoc.c
@@ -93,6 +93,8 @@ test_rpc_install (TestSuite *suite);
 extern void
 test_samples_install (TestSuite *suite);
 extern void
+test_scram_install (TestSuite *suite);
+extern void
 test_sdam_install (TestSuite *suite);
 extern void
 test_sdam_monitoring_install (TestSuite *suite);
@@ -2003,6 +2005,7 @@ main (int argc, char *argv[])
    test_topology_scanner_install (&suite);
    test_topology_reconcile_install (&suite);
    test_samples_install (&suite);
+   test_scram_install (&suite);
    test_sdam_install (&suite);
    test_sdam_monitoring_install (&suite);
    test_server_selection_install (&suite);
diff --git a/tests/test-mongoc-scram.c b/tests/test-mongoc-scram.c
@@ -0,0 +1,42 @@
+#include <mongoc.h>
+
+#include "mongoc-scram-private.h"
+
+#include "TestSuite.h"
+
+#ifdef MONGOC_ENABLE_SSL
+static void
+test_mongoc_scram_step_username_not_set (void)
+{
+   mongoc_scram_t scram;
+   bool success;
+   uint8_t buf[4096] = {0};
+   uint32_t buflen = 0;
+   bson_error_t error;
+
+   _mongoc_scram_init (&scram);
+   _mongoc_scram_set_pass (&scram, "password");
+
+   success = _mongoc_scram_step (
+      &scram, buf, buflen, buf, sizeof buf, &buflen, &error);
+
+   ASSERT (!success);
+   ASSERT_ERROR_CONTAINS (error,
+                          MONGOC_ERROR_SCRAM,
+                          MONGOC_ERROR_SCRAM_PROTOCOL_ERROR,
+                          "SCRAM Failure: username is not set");
+
+   _mongoc_scram_destroy (&scram);
+}
+#endif
+
+
+void
+test_scram_install (TestSuite *suite)
+{
+#ifdef MONGOC_ENABLE_SSL
+   TestSuite_Add (suite,
+                  "/scram/username_not_set",
+                  test_mongoc_scram_step_username_not_set);
+#endif
+}
