@@ -729,7 +729,7 @@ if (BUILD_TESTING)

             add_test(${test_name} ${test_name})

             # for compat with autotools make check

             set_tests_properties(${test_name} PROPERTIES

-                ENVIRONMENT "srcdir=${_UT_SOURCE_DIR}")

+                ENVIRONMENT "srcdir=${_UT_SOURCE_DIR};LSAN_OPTIONS=suppressions=${_UT_SOURCE_DIR}/input/leak_suppr.txt")

         endif ()

         add_executable(${test_name}

             tests/unit_tests/openvpn/${test_name}.c

@@ -4,6 +4,8 @@ EXTRA_DIST = input

 AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING) Unit-Tests'

+AM_TESTS_ENVIRONMENT = export LSAN_OPTIONS=suppressions=$(srcdir)/input/leak_suppr.txt;

+

 test_binaries = argv_testdriver buffer_testdriver crypto_testdriver packet_id_testdriver auth_token_testdriver \

 	ncp_testdriver misc_testdriver options_parse_testdriver pkt_testdriver ssl_testdriver \

 	user_pass_testdriver push_update_msg_testdriver provider_testdriver socket_testdriver

new file mode 100644

@@ -0,0 +1,3 @@

+	

+	

+(contains \t\n\t\n)

new file mode 100644

new file mode 100644

@@ -0,0 +1 @@

+leak:_assertions$

@@ -41,7 +41,6 @@

 msglvl_t x_debug_level = 0; /* Default to (almost) no debugging output */

 msglvl_t print_x_debug_level = 0;

-bool fatal_error_triggered = false;

 char mock_msg_buf[MOCK_MSG_BUF];

@@ -75,7 +74,6 @@ x_msg_va(const msglvl_t flags, const char *format, va_list arglist)

 {

     if (flags & M_FATAL)

     {

-        fatal_error_triggered = true;

         printf("FATAL ERROR:");

     }

     CLEAR(mock_msg_buf);

@@ -86,6 +84,12 @@ x_msg_va(const msglvl_t flags, const char *format, va_list arglist)

         printf("%s", mock_msg_buf);

         printf("\n");

     }

+#ifndef NO_CMOCKA

+    if (flags & M_FATAL)

+    {

+        mock_assert(false, "FATAL ERROR", __FILE__, __LINE__);

+    }

+#endif

 }

 void

@@ -180,6 +180,16 @@ test_get_user_pass_inline_creds(void **state)

     reset_user_pass(&up);

+    /*FIXME: query_user_exec() called even though nothing queued */

+    will_return(query_user_exec_builtin, true);

+    /*FIXME: silently removes control characters but does not error out */

+    assert_true(get_user_pass_cr(&up, "\t\n\t", "UT", flags, NULL));

+    assert_true(up.defined);

+    assert_string_equal(up.username, "");

+    assert_string_equal(up.password, "");

+

+    reset_user_pass(&up);

+

     expect_string(query_user_exec_builtin, query_user[i].prompt, "Enter UT Password:");

     will_return(query_user_exec_builtin, "cpassword");

     will_return(query_user_exec_builtin, true);

@@ -212,6 +222,25 @@ test_get_user_pass_inline_creds(void **state)

     assert_string_equal(up.password, "cpassword");

 }

+/* NOTE: expect_assert_failure does not seem to work with MSVC */

+#ifndef _MSC_VER

+/* NOTE: leaks gc memory */

+static void

+test_get_user_pass_inline_creds_assertions(void **state)

+{

+    struct user_pass up = { 0 };

+    reset_user_pass(&up);

+    unsigned int flags = GET_USER_PASS_INLINE_CREDS;

+

+    reset_user_pass(&up);

+

+    /*FIXME: query_user_exec() called even though nothing queued */

+    /*FIXME? username error thrown very late in stdin handling */

+    will_return(query_user_exec_builtin, true);

+    expect_assert_failure(get_user_pass_cr(&up, "\nipassword\n", "UT", flags, NULL));

+}

+#endif

+

 static void

 test_get_user_pass_authfile_stdin(void **state)

 {

@@ -239,8 +268,39 @@ test_get_user_pass_authfile_stdin(void **state)

     assert_true(up.defined);

     assert_string_equal(up.username, "user");

     assert_string_equal(up.password, "cpassword");

+

+    reset_user_pass(&up);

+

+    flags |= GET_USER_PASS_PASSWORD_ONLY;

+    expect_string(query_user_exec_builtin, query_user[i].prompt, "Enter UT Password:");

+    will_return(query_user_exec_builtin, "");

+    will_return(query_user_exec_builtin, true);

+    /*FIXME? does not error out on empty password */

+    assert_true(get_user_pass_cr(&up, "stdin", "UT", flags, NULL));

+    assert_true(up.defined);

+    assert_string_equal(up.username, "user");

+    assert_string_equal(up.password, "");

 }

+/* NOTE: expect_assert_failure does not seem to work with MSVC */

+#ifndef _MSC_VER

+/* NOTE: leaks gc memory */

+static void

+test_get_user_pass_authfile_stdin_assertions(void **state)

+{

+    struct user_pass up = { 0 };

+    reset_user_pass(&up);

+    unsigned int flags = 0;

+

+    expect_string(query_user_exec_builtin, query_user[i].prompt, "Enter UT Username:");

+    expect_string(query_user_exec_builtin, query_user[i].prompt, "Enter UT Password:");

+    will_return(query_user_exec_builtin, "");

+    will_return(query_user_exec_builtin, "cpassword");

+    will_return(query_user_exec_builtin, true);

+    expect_assert_failure(get_user_pass_cr(&up, "stdin", "UT", flags, NULL));

+}

+#endif

+

 static void

 test_get_user_pass_authfile_file(void **state)

 {

@@ -260,6 +320,17 @@ test_get_user_pass_authfile_file(void **state)

     reset_user_pass(&up);

+    openvpn_test_get_srcdir_dir(authfile, PATH_MAX, "input/appears_empty.txt");

+    /*FIXME: query_user_exec() called even though nothing queued */

+    will_return(query_user_exec_builtin, true);

+    /*FIXME? does not error out */

+    assert_true(get_user_pass_cr(&up, authfile, "UT", flags, NULL));

+    assert_true(up.defined);

+    assert_string_equal(up.username, "");

+    assert_string_equal(up.password, "");

+

+    reset_user_pass(&up);

+

     openvpn_test_get_srcdir_dir(authfile, PATH_MAX, "input/user_only.txt");

     expect_string(query_user_exec_builtin, query_user[i].prompt, "Enter UT Password:");

     will_return(query_user_exec_builtin, "cpassword");

@@ -361,6 +432,29 @@ test_get_user_pass_static_challenge(void **state)

 }

 #endif /* ENABLE_MANAGEMENT */

+/* NOTE: expect_assert_failure does not seem to work with MSVC */

+#ifndef _MSC_VER

+/* NOTE: leaks gc memory */

+static void

+test_get_user_pass_authfile_file_assertions(void **state)

+{

+    struct user_pass up = { 0 };

+    reset_user_pass(&up);

+    unsigned int flags = 0;

+

+    char authfile[PATH_MAX] = { 0 };

+

+    openvpn_test_get_srcdir_dir(authfile, PATH_MAX, "input/empty.txt");

+    expect_assert_failure(get_user_pass_cr(&up, authfile, "UT", flags, NULL));

+

+    reset_user_pass(&up);

+

+    flags |= GET_USER_PASS_PASSWORD_ONLY;

+    openvpn_test_get_srcdir_dir(authfile, PATH_MAX, "input/empty.txt");

+    expect_assert_failure(get_user_pass_cr(&up, authfile, "UT", flags, NULL));

+}

+#endif /* ifndef _MSC_VER */

+

 const struct CMUnitTest user_pass_tests[] = {

     cmocka_unit_test(test_get_user_pass_defined),

     cmocka_unit_test(test_get_user_pass_needok),

@@ -371,6 +465,11 @@ const struct CMUnitTest user_pass_tests[] = {

     cmocka_unit_test(test_get_user_pass_dynamic_challenge),

     cmocka_unit_test(test_get_user_pass_static_challenge),

 #endif /* ENABLE_MANAGEMENT */

+#ifndef _MSC_VER

+    cmocka_unit_test(test_get_user_pass_inline_creds_assertions),

+    cmocka_unit_test(test_get_user_pass_authfile_stdin_assertions),

+    cmocka_unit_test(test_get_user_pass_authfile_file_assertions),

+#endif

 };

 int