* [LTP] [PATCH] cve/cve-2017-2671.c: check if socket() supports IPPROTO_ICMP
@ 2017-08-03 9:12 Xiao Yang
2017-08-03 15:52 ` Cyril Hrubis
0 siblings, 1 reply; 5+ messages in thread
From: Xiao Yang @ 2017-08-03 9:12 UTC (permalink / raw)
To: ltp
socket() does not support IPPROTO_ICMP, and the ping_group_range file
does not exist in older kernels(e.g. RHEL5.11GA). these supports are
introduced by:
'c319b4d("net: ipv4: add IPPROTO_ICMP socket kind")'
This case should get TCONF instead of TBROK, so we add check to fix it.
Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
testcases/cve/cve-2017-2671.c | 24 ++++++++++++++++++------
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/testcases/cve/cve-2017-2671.c b/testcases/cve/cve-2017-2671.c
index 2148512..86d12e6 100644
--- a/testcases/cve/cve-2017-2671.c
+++ b/testcases/cve/cve-2017-2671.c
@@ -37,6 +37,8 @@
* enabled by default, root privileges are not required.
*/
+#include <errno.h>
+#include <unistd.h>
#include <stdio.h>
#include <sys/socket.h>
#include <arpa/inet.h>
@@ -52,7 +54,7 @@
#define PING_SYSCTL_PATH "/proc/sys/net/ipv4/ping_group_range"
static int sockfd;
-static unsigned int ping_min_grp = 1, ping_max_grp;
+static unsigned int ping_min_grp, ping_max_grp;
static struct tst_fzsync_pair fzsync_pair = TST_FZSYNC_PAIR_INIT;
static struct sockaddr_in iaddr, uaddr;
@@ -64,17 +66,27 @@ static void setup(void)
uaddr.sin_family = AF_UNSPEC;
fzsync_pair.delay_inc = 1;
- SAFE_FILE_SCANF(PING_SYSCTL_PATH, "%u %u",
- &ping_min_grp, &ping_max_grp);
- SAFE_FILE_PRINTF(PING_SYSCTL_PATH, "0 0");
+ if (!access(PING_SYSCTL_PATH, F_OK)) {
+ SAFE_FILE_SCANF(PING_SYSCTL_PATH, "%u %u",
+ &ping_min_grp, &ping_max_grp);
+ SAFE_FILE_PRINTF(PING_SYSCTL_PATH, "0 0");
+ }
- sockfd = SAFE_SOCKET(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
+ sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
+ if (sockfd == -1) {
+ if (errno == EPROTONOSUPPORT) {
+ tst_brk(TCONF | TERRNO,
+ "socket() does not support IPPROTO_ICMP");
+ }
+ tst_brk(TBROK | TERRNO, "socket() failed");
+ }
tst_res(TINFO, "Created ping socket, attempting to race...");
}
static void cleanup(void)
{
- SAFE_CLOSE(sockfd);
+ if (sockfd > 0)
+ SAFE_CLOSE(sockfd);
if (ping_min_grp | ping_max_grp)
SAFE_FILE_PRINTF(PING_SYSCTL_PATH, "%u %u",
ping_min_grp, ping_max_grp);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [LTP] [PATCH] cve/cve-2017-2671.c: check if socket() supports IPPROTO_ICMP
2017-08-03 9:12 [LTP] [PATCH] cve/cve-2017-2671.c: check if socket() supports IPPROTO_ICMP Xiao Yang
@ 2017-08-03 15:52 ` Cyril Hrubis
2017-08-04 1:00 ` Xiao Yang
2017-08-04 1:21 ` [LTP] [PATCH v2] " Xiao Yang
0 siblings, 2 replies; 5+ messages in thread
From: Cyril Hrubis @ 2017-08-03 15:52 UTC (permalink / raw)
To: ltp
Hi!
> socket() does not support IPPROTO_ICMP, and the ping_group_range file
> does not exist in older kernels(e.g. RHEL5.11GA). these supports are
> introduced by:
> 'c319b4d("net: ipv4: add IPPROTO_ICMP socket kind")'
Hm, the question is if there is a system that supports IPPROTO_ICMP
and where the ping_group_range file is missing. Does that even happen?
If not we should simplify this by exitting (tst_brk()) with TCONF if the
ping_group_range is missing instead of doing that later on
EPROTONOSUPPORT.
--
Cyril Hrubis
chrubis@suse.cz
^ permalink raw reply [flat|nested] 5+ messages in thread
* [LTP] [PATCH] cve/cve-2017-2671.c: check if socket() supports IPPROTO_ICMP
2017-08-03 15:52 ` Cyril Hrubis
@ 2017-08-04 1:00 ` Xiao Yang
2017-08-04 1:21 ` [LTP] [PATCH v2] " Xiao Yang
1 sibling, 0 replies; 5+ messages in thread
From: Xiao Yang @ 2017-08-04 1:00 UTC (permalink / raw)
To: ltp
On 2017/08/03 23:52, Cyril Hrubis wrote:
> Hi!
>> socket() does not support IPPROTO_ICMP, and the ping_group_range file
>> does not exist in older kernels(e.g. RHEL5.11GA). these supports are
>> introduced by:
>> 'c319b4d("net: ipv4: add IPPROTO_ICMP socket kind")'
> Hm, the question is if there is a system that supports IPPROTO_ICMP
> and where the ping_group_range file is missing. Does that even happen?
>
> If not we should simplify this by exitting (tst_brk()) with TCONF if the
> ping_group_range is missing instead of doing that later on
> EPROTONOSUPPORT.
>
Hi Cyril,
Thanks for your comments. I think there is not a system that supports
IPPROTO_ICMP
and where the ping_group_range file is missing. I will simplify it as
you suggested.
Thanks,
Xiao Yang.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [LTP] [PATCH v2] cve/cve-2017-2671.c: check if socket() supports IPPROTO_ICMP
2017-08-03 15:52 ` Cyril Hrubis
2017-08-04 1:00 ` Xiao Yang
@ 2017-08-04 1:21 ` Xiao Yang
2017-08-04 10:33 ` Cyril Hrubis
1 sibling, 1 reply; 5+ messages in thread
From: Xiao Yang @ 2017-08-04 1:21 UTC (permalink / raw)
To: ltp
socket() does not support IPPROTO_ICMP, and where the ping_group_range
file is missing in older kernels(e.g. RHEL5.11GA). these supports are
introduced by:
'c319b4d("net: ipv4: add IPPROTO_ICMP socket kind")'
This case should get TCONF if the ping_group_range is missing, so we
add check to fix it.
Signed-off-by: Xiao Yang <yangx.jy@cn.fujitsu.com>
---
testcases/cve/cve-2017-2671.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/testcases/cve/cve-2017-2671.c b/testcases/cve/cve-2017-2671.c
index 2148512..77744db 100644
--- a/testcases/cve/cve-2017-2671.c
+++ b/testcases/cve/cve-2017-2671.c
@@ -37,6 +37,7 @@
* enabled by default, root privileges are not required.
*/
+#include <unistd.h>
#include <stdio.h>
#include <sys/socket.h>
#include <arpa/inet.h>
@@ -52,7 +53,7 @@
#define PING_SYSCTL_PATH "/proc/sys/net/ipv4/ping_group_range"
static int sockfd;
-static unsigned int ping_min_grp = 1, ping_max_grp;
+static unsigned int ping_min_grp, ping_max_grp;
static struct tst_fzsync_pair fzsync_pair = TST_FZSYNC_PAIR_INIT;
static struct sockaddr_in iaddr, uaddr;
@@ -64,6 +65,9 @@ static void setup(void)
uaddr.sin_family = AF_UNSPEC;
fzsync_pair.delay_inc = 1;
+ if (access(PING_SYSCTL_PATH, F_OK))
+ tst_brk(TCONF, "socket() does not support IPPROTO_ICMP");
+
SAFE_FILE_SCANF(PING_SYSCTL_PATH, "%u %u",
&ping_min_grp, &ping_max_grp);
SAFE_FILE_PRINTF(PING_SYSCTL_PATH, "0 0");
@@ -74,7 +78,8 @@ static void setup(void)
static void cleanup(void)
{
- SAFE_CLOSE(sockfd);
+ if (sockfd > 0)
+ SAFE_CLOSE(sockfd);
if (ping_min_grp | ping_max_grp)
SAFE_FILE_PRINTF(PING_SYSCTL_PATH, "%u %u",
ping_min_grp, ping_max_grp);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [LTP] [PATCH v2] cve/cve-2017-2671.c: check if socket() supports IPPROTO_ICMP
2017-08-04 1:21 ` [LTP] [PATCH v2] " Xiao Yang
@ 2017-08-04 10:33 ` Cyril Hrubis
0 siblings, 0 replies; 5+ messages in thread
From: Cyril Hrubis @ 2017-08-04 10:33 UTC (permalink / raw)
To: ltp
Hi!
Pushed, thanks.
--
Cyril Hrubis
chrubis@suse.cz
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-08-04 10:33 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-08-03 9:12 [LTP] [PATCH] cve/cve-2017-2671.c: check if socket() supports IPPROTO_ICMP Xiao Yang
2017-08-03 15:52 ` Cyril Hrubis
2017-08-04 1:00 ` Xiao Yang
2017-08-04 1:21 ` [LTP] [PATCH v2] " Xiao Yang
2017-08-04 10:33 ` Cyril Hrubis
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.