A test suite for security hardening and vulnerability prevention.
Copyright (c) 2025 Sanko Robinson
This source code is dual-licensed under the Artistic License 2.0 or the MIT License. You may choose to use this code under the terms of either license.
SPDX-License-Identifier: (Artistic-2.0 OR MIT)
The documentation blocks within this file are licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0).
SPDX-License-Identifier: CC-BY-4.0
This suite consolidates several tests to verify the security-related features and hardening of the infix library. It is designed to be run on all platforms, with specific tests activating based on the target OS and compiler.
The key areas verified are:
- Use-After-Free Prevention: Confirms that attempting to call a freed trampoline results in a safe, immediate crash (e.g., SIGSEGV or Access Violation) due to the guard page mechanism in
infix_executable_free. This is tested for both forward and reverse trampolines.
- Read-Only Context Protection: Verifies that the context for a reverse trampoline is made read-only after creation. Attempting to write to this hardened memory should cause a crash, preventing exploits that might modify callback behavior at runtime.
- API Hardening (Integer Overflows): Ensures that the
infix_type_create_* functions are resilient to integer overflow attacks. It passes maliciously crafted size, offset, or element counts that would cause size_t to wrap around, and confirms that the API rejects these inputs gracefully.
- POSIX Hardened Allocator: A simple check to confirm that the dual-mapping
shm_open memory allocator, used on hardened Linux/BSD systems, functions correctly.
1.9.8