* [LTP] [PATCH 1/3] lib: Add SAFE_CHROOT(path) macro
@ 2018-06-20 7:59 Petr Vorel
2018-06-20 7:59 ` [LTP] [PATCH 2/3] lib: Introduce TESTPTR() Petr Vorel
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Petr Vorel @ 2018-06-20 7:59 UTC (permalink / raw)
To: ltp
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
include/safe_macros_fn.h | 3 +++
include/tst_safe_macros.h | 5 ++++-
lib/safe_macros.c | 15 +++++++++++++++
3 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/include/safe_macros_fn.h b/include/safe_macros_fn.h
index 3df952811..9b11801a4 100644
--- a/include/safe_macros_fn.h
+++ b/include/safe_macros_fn.h
@@ -30,6 +30,9 @@ char* safe_basename(const char *file, const int lineno,
int safe_chdir(const char *file, const int lineno,
void (*cleanup_fn)(void), const char *path);
+int safe_chroot(const char *file, const int lineno,
+ void (*cleanup_fn)(void), const char *path);
+
int safe_close(const char *file, const int lineno,
void (*cleanup_fn)(void), int fildes);
diff --git a/include/tst_safe_macros.h b/include/tst_safe_macros.h
index 75c2a0803..0cf560b98 100644
--- a/include/tst_safe_macros.h
+++ b/include/tst_safe_macros.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010-2015 Linux Test Project
+ * Copyright (c) 2010-2018 Linux Test Project
* Copyright (c) 2011-2015 Cyril Hrubis <chrubis@suse.cz>
*
* This program is free software: you can redistribute it and/or modify
@@ -37,6 +37,9 @@
#define SAFE_BASENAME(path) \
safe_basename(__FILE__, __LINE__, NULL, (path))
+#define SAFE_CHROOT(path) \
+ safe_chroot(__FILE__, __LINE__, NULL, (path))
+
#define SAFE_CHDIR(path) \
safe_chdir(__FILE__, __LINE__, NULL, (path))
diff --git a/lib/safe_macros.c b/lib/safe_macros.c
index abdeca013..2fc14f709 100644
--- a/lib/safe_macros.c
+++ b/lib/safe_macros.c
@@ -33,6 +33,21 @@ char *safe_basename(const char *file, const int lineno,
return rval;
}
+int safe_chroot(const char *file, const int lineno, void (*cleanup_fn) (void),
+ const char *path)
+{
+ int rval;
+
+ rval = chroot(path);
+ if (rval == -1) {
+ tst_brkm(TBROK | TERRNO, cleanup_fn,
+ "%s:%d: chroot(%s) failed",
+ file, lineno, path);
+ }
+
+ return rval;
+}
+
int
safe_chdir(const char *file, const int lineno, void (*cleanup_fn) (void),
const char *path)
--
2.17.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [LTP] [PATCH 2/3] lib: Introduce TESTPTR()
2018-06-20 7:59 [LTP] [PATCH 1/3] lib: Add SAFE_CHROOT(path) macro Petr Vorel
@ 2018-06-20 7:59 ` Petr Vorel
2018-06-20 10:08 ` Cyril Hrubis
2018-06-20 7:59 ` [LTP] [PATCH 3/3] cve/cve-2018-1000001: Add Realpath Buffer Underflow test Petr Vorel
2018-06-20 10:04 ` [LTP] [PATCH 1/3] lib: Add SAFE_CHROOT(path) macro Cyril Hrubis
2 siblings, 1 reply; 6+ messages in thread
From: Petr Vorel @ 2018-06-20 7:59 UTC (permalink / raw)
To: ltp
for testing with pointers
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
include/tst_test.h | 9 +++++++++
lib/tst_res.c | 1 +
2 files changed, 10 insertions(+)
diff --git a/include/tst_test.h b/include/tst_test.h
index 54ff306d9..ab45e2783 100644
--- a/include/tst_test.h
+++ b/include/tst_test.h
@@ -195,6 +195,15 @@ void tst_reinit(void);
extern long TEST_RETURN;
extern int TEST_ERRNO;
+extern void *TEST_RETURN_PTR;
+
+#define TESTPTR(SCALL) \
+ do { \
+ errno = 0; \
+ TEST_RETURN_PTR = (void*)(TEST_RETURN = (intptr_t)SCALL); \
+ TEST_ERRNO = errno; \
+ } while (0)
+
/*
* Functions to convert ERRNO to its name and SIGNAL to its name.
*/
diff --git a/lib/tst_res.c b/lib/tst_res.c
index 8ff7ee425..84becbef4 100644
--- a/lib/tst_res.c
+++ b/lib/tst_res.c
@@ -55,6 +55,7 @@
long TEST_RETURN;
int TEST_ERRNO;
+void *TEST_RETURN_PTR;
#define VERBOSE 1
#define NOPASS 3
--
2.17.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [LTP] [PATCH 3/3] cve/cve-2018-1000001: Add Realpath Buffer Underflow test
2018-06-20 7:59 [LTP] [PATCH 1/3] lib: Add SAFE_CHROOT(path) macro Petr Vorel
2018-06-20 7:59 ` [LTP] [PATCH 2/3] lib: Introduce TESTPTR() Petr Vorel
@ 2018-06-20 7:59 ` Petr Vorel
2018-06-20 10:04 ` [LTP] [PATCH 1/3] lib: Add SAFE_CHROOT(path) macro Cyril Hrubis
2 siblings, 0 replies; 6+ messages in thread
From: Petr Vorel @ 2018-06-20 7:59 UTC (permalink / raw)
To: ltp
Idea based on glibc source io/tst-getcwd-abspath.c, contributed by
Dmitry V. Levin [1]
[1] https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94;hp=249a5895f120b13290a372a49bb4b499e749806f
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
Hi,
I put it into it's own subdirectory under testcases/cve/ (according to [1]),
but maybe Eric meant directory testcases/libc.
Not sure if binary or test case name should be descriptive (so far we
use description for binaries).
Kind regards,
Petr
[1] http://lists.linux.it/pipermail/ltp/2018-March/007388.html
---
runtest/cve | 1 +
testcases/cve/Makefile | 2 +-
testcases/cve/libc/Makefile | 8 ++++
testcases/cve/libc/cve-2018-1000001.c | 60 +++++++++++++++++++++++++++
4 files changed, 70 insertions(+), 1 deletion(-)
create mode 100644 testcases/cve/libc/Makefile
create mode 100644 testcases/cve/libc/cve-2018-1000001.c
diff --git a/runtest/cve b/runtest/cve
index 2f4171c84..c7031281a 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -33,3 +33,4 @@ cve-2017-17052 cve-2017-17052
cve-2017-16939 cve-2017-16939
cve-2017-17053 cve-2017-17053
cve-2018-5803 sctp_big_chunk
+cve-2018-1000001_libc_realpath_buffer_underflow cve-2018-1000001
diff --git a/testcases/cve/Makefile b/testcases/cve/Makefile
index 3a05dd4fe..e5fc8d44f 100644
--- a/testcases/cve/Makefile
+++ b/testcases/cve/Makefile
@@ -41,4 +41,4 @@ cve-2017-17053: CFLAGS += -pthread
cve-2015-3290: CFLAGS += -pthread
-include $(top_srcdir)/include/mk/generic_leaf_target.mk
+include $(top_srcdir)/include/mk/generic_trunk_target.mk
diff --git a/testcases/cve/libc/Makefile b/testcases/cve/libc/Makefile
new file mode 100644
index 000000000..e23dc473c
--- /dev/null
+++ b/testcases/cve/libc/Makefile
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+# Copyright (c) 2018 Linux Test Project
+
+top_srcdir ?= ../../..
+
+include $(top_srcdir)/include/mk/testcases.mk
+
+include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/cve/libc/cve-2018-1000001.c b/testcases/cve/libc/cve-2018-1000001.c
new file mode 100644
index 000000000..5cb618bc7
--- /dev/null
+++ b/testcases/cve/libc/cve-2018-1000001.c
@@ -0,0 +1,60 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2018 Petr Vorel <pvorel@suse.cz>
+ * Based on the reproducer posted upstream so other copyrights may apply.
+ *
+ * Author: Dmitry V. Levin <ldv@altlinux.org>
+ * LTP conversion from glibc source: Petr Vorel <pvorel@suse.cz>
+ */
+
+#include "tst_test.h"
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#define CHROOT_DIR "cve-2018-1000001"
+
+static void setup(void)
+{
+ SAFE_MKDIR(CHROOT_DIR, 0755);
+ SAFE_CHROOT(CHROOT_DIR);
+}
+
+static void run(unsigned int i)
+{
+ int fail = 0;
+
+ errno = 0;
+
+ if (!i) {
+ tst_res(TINFO, "testing getcwd()");
+ TESTPTR(getcwd(NULL, 0));
+ } else {
+ tst_res(TINFO, "testing realpath()");
+ TESTPTR(realpath(".", NULL));
+ }
+
+ if (errno != ENOENT) {
+ tst_res(TFAIL | TERRNO, "returned unexpected errno");
+ fail = 1;
+ }
+
+ if (TEST_RETURN_PTR != NULL) {
+ tst_res(TFAIL, "syscall didn't return NULL: '%s'",
+ (char *)TEST_RETURN_PTR);
+ fail = 1;
+ }
+
+ if (!fail)
+ tst_res(TPASS, "bug not reproduced");
+}
+
+static struct tst_test test = {
+ .test = run,
+ .tcnt = 2,
+ .setup = setup,
+ .needs_root = 1,
+ .needs_tmpdir = 1,
+};
--
2.17.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [LTP] [PATCH 1/3] lib: Add SAFE_CHROOT(path) macro
2018-06-20 7:59 [LTP] [PATCH 1/3] lib: Add SAFE_CHROOT(path) macro Petr Vorel
2018-06-20 7:59 ` [LTP] [PATCH 2/3] lib: Introduce TESTPTR() Petr Vorel
2018-06-20 7:59 ` [LTP] [PATCH 3/3] cve/cve-2018-1000001: Add Realpath Buffer Underflow test Petr Vorel
@ 2018-06-20 10:04 ` Cyril Hrubis
2018-06-20 12:26 ` Petr Vorel
2 siblings, 1 reply; 6+ messages in thread
From: Cyril Hrubis @ 2018-06-20 10:04 UTC (permalink / raw)
To: ltp
Hi!
> include/safe_macros_fn.h | 3 +++
> include/tst_safe_macros.h | 5 ++++-
> lib/safe_macros.c | 15 +++++++++++++++
> 3 files changed, 22 insertions(+), 1 deletion(-)
>
> diff --git a/include/safe_macros_fn.h b/include/safe_macros_fn.h
> index 3df952811..9b11801a4 100644
> --- a/include/safe_macros_fn.h
> +++ b/include/safe_macros_fn.h
> @@ -30,6 +30,9 @@ char* safe_basename(const char *file, const int lineno,
> int safe_chdir(const char *file, const int lineno,
> void (*cleanup_fn)(void), const char *path);
>
> +int safe_chroot(const char *file, const int lineno,
> + void (*cleanup_fn)(void), const char *path);
Can we pretty please avoid adding the function prototypes with the
unused cleanup pointer?
The safe_macros_fn.h file exists only for a historical reasons, new safe
macros should be added to the tst_safe_macros.h file only, both macro
and function prototype should go there.
--
Cyril Hrubis
chrubis@suse.cz
^ permalink raw reply [flat|nested] 6+ messages in thread
* [LTP] [PATCH 2/3] lib: Introduce TESTPTR()
2018-06-20 7:59 ` [LTP] [PATCH 2/3] lib: Introduce TESTPTR() Petr Vorel
@ 2018-06-20 10:08 ` Cyril Hrubis
0 siblings, 0 replies; 6+ messages in thread
From: Cyril Hrubis @ 2018-06-20 10:08 UTC (permalink / raw)
To: ltp
Hi!
> +extern void *TEST_RETURN_PTR;
> +
> +#define TESTPTR(SCALL) \
> + do { \
> + errno = 0; \
> + TEST_RETURN_PTR = (void*)(TEST_RETURN = (intptr_t)SCALL); \
I guess that this expression is safe enough, since TEST_RETURN is long,
so the assigment will not overflow, but that also begs a question why do
we assign it in the first place?
> + TEST_ERRNO = errno; \
> + } while (0)
> +
> /*
> * Functions to convert ERRNO to its name and SIGNAL to its name.
> */
> diff --git a/lib/tst_res.c b/lib/tst_res.c
> index 8ff7ee425..84becbef4 100644
> --- a/lib/tst_res.c
> +++ b/lib/tst_res.c
> @@ -55,6 +55,7 @@
>
> long TEST_RETURN;
> int TEST_ERRNO;
> +void *TEST_RETURN_PTR;
Can we please name it a bit better so that we avoid renaming it later
on? What about TST_RET_PTR so that it's consistent with the planned
rename of TEST_RETURN to just TST_RET?
> #define VERBOSE 1
> #define NOPASS 3
> --
> 2.17.1
>
--
Cyril Hrubis
chrubis@suse.cz
^ permalink raw reply [flat|nested] 6+ messages in thread
* [LTP] [PATCH 1/3] lib: Add SAFE_CHROOT(path) macro
2018-06-20 10:04 ` [LTP] [PATCH 1/3] lib: Add SAFE_CHROOT(path) macro Cyril Hrubis
@ 2018-06-20 12:26 ` Petr Vorel
0 siblings, 0 replies; 6+ messages in thread
From: Petr Vorel @ 2018-06-20 12:26 UTC (permalink / raw)
To: ltp
Hi Cyril,
> > +++ b/include/safe_macros_fn.h
> > @@ -30,6 +30,9 @@ char* safe_basename(const char *file, const int lineno,
> > int safe_chdir(const char *file, const int lineno,
> > void (*cleanup_fn)(void), const char *path);
> > +int safe_chroot(const char *file, const int lineno,
> > + void (*cleanup_fn)(void), const char *path);
> Can we pretty please avoid adding the function prototypes with the
> unused cleanup pointer?
> The safe_macros_fn.h file exists only for a historical reasons, new safe
> macros should be added to the tst_safe_macros.h file only, both macro
> and function prototype should go there.
Sure. I'm sorry, for not carefully checking my patches.
I created this part long time ago and I this is exactly what I fixed in Jinhui
Huang's SAFE_GETGRNAM patchset.
Kind regards,
Petr
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-06-20 12:26 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-20 7:59 [LTP] [PATCH 1/3] lib: Add SAFE_CHROOT(path) macro Petr Vorel
2018-06-20 7:59 ` [LTP] [PATCH 2/3] lib: Introduce TESTPTR() Petr Vorel
2018-06-20 10:08 ` Cyril Hrubis
2018-06-20 7:59 ` [LTP] [PATCH 3/3] cve/cve-2018-1000001: Add Realpath Buffer Underflow test Petr Vorel
2018-06-20 10:04 ` [LTP] [PATCH 1/3] lib: Add SAFE_CHROOT(path) macro Cyril Hrubis
2018-06-20 12:26 ` Petr Vorel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.