From patchwork Tue Mar 6 11:57:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kodanev X-Patchwork-Id: 882015 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=oracle.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=oracle.com header.i=@oracle.com header.b="ppy6de6g"; dkim-atps=neutral Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zwZmF40wjz9sY5 for ; Tue, 6 Mar 2018 22:48:28 +1100 (AEDT) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 12CA43E6B11 for ; Tue, 6 Mar 2018 12:48:26 +0100 (CET) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-4.smtp.seeweb.it (in-4.smtp.seeweb.it [217.194.8.4]) by picard.linux.it (Postfix) with ESMTP id 24ACB3E6B11 for ; Tue, 6 Mar 2018 12:48:23 +0100 (CET) Received: from aserp2120.oracle.com (aserp2120.oracle.com [141.146.126.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by in-4.smtp.seeweb.it (Postfix) with ESMTPS id BDAC11000A9B for ; Tue, 6 Mar 2018 12:48:22 +0100 (CET) Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w26BlXlK108686 for ; Tue, 6 Mar 2018 11:48:20 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id; s=corp-2017-10-26; bh=JBtnjLdBuo9N9YWbJsVKDoN4ZgT+EgZkO+2nfNin7eo=; b=ppy6de6g/DSN2sRt59361XzeehN7XXivoJHypH9n6UasYQ8Abicr8MFCfueK6/LsOvP3 oixVLTPlxidD+cDX2y1zRxnK3yPh+79eIIfscq/FQd7iQx2HoGKRL/JR7zHgys7X88pz 0Fsn8TYPd+maAtDr1yXJEwpAsyrla4ZS+Kv5YkrDpcn4eq5RImwPonbxJDwlGZrqjRdS 8tHaPZ7XYKGOXf11Xs3T0OdaiOQlp2FBEkxLPqLQcdpnAvgpcL5UITAJNEGQQ4zzAWlZ lI0IUpJR3861qUY2tgamJm5Q4THlJ5/MnN1Mo6FF/vggWmQnSTBxrw1y89BySLV3wqZn UQ== Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp2120.oracle.com with ESMTP id 2ght00844m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 06 Mar 2018 11:48:20 +0000 Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w26BmJAA023451 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 6 Mar 2018 11:48:19 GMT Received: from abhmp0013.oracle.com (abhmp0013.oracle.com [141.146.116.19]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w26BmI34014026 for ; Tue, 6 Mar 2018 11:48:18 GMT Received: from ak.ru.oracle.com (/10.162.80.29) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 06 Mar 2018 03:48:18 -0800 From: Alexey Kodanev To: ltp@lists.linux.it Date: Tue, 6 Mar 2018 14:57:32 +0300 Message-Id: <1520337452-10137-1-git-send-email-alexey.kodanev@oracle.com> X-Mailer: git-send-email 1.7.1 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8823 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=758 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803060135 X-Virus-Scanned: clamav-milter 0.99.2 at in-4.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU, SPF_PASS, T_RP_MATCHES_RCVD autolearn=disabled version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on in-4.smtp.seeweb.it Subject: [LTP] [PATCH] network: new regression test for over-sized chunks in SCTP X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.18 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Fixed by upstream commit 07f2c7ab6f8d ("sctp: verify size of a new chunk in _sctp_make_chunk()") CVE-2018-5803 Signed-off-by: Alexey Kodanev --- runtest/net.features | 1 + testcases/network/sctp/Makefile | 2 +- testcases/network/sctp/sctp02.sh | 66 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 68 insertions(+), 1 deletions(-) create mode 100755 testcases/network/sctp/sctp02.sh diff --git a/runtest/net.features b/runtest/net.features index b9250dc..81e9a43 100644 --- a/runtest/net.features +++ b/runtest/net.features @@ -19,6 +19,7 @@ dccp01_ipv6 dccp01.sh -6 sctp01 sctp01.sh sctp01_ipv6 sctp01.sh -6 +sctp02 sctp02.sh -6 tcp_fastopen tcp_fastopen_run.sh tcp_fastopen6 tcp_fastopen_run.sh -6 diff --git a/testcases/network/sctp/Makefile b/testcases/network/sctp/Makefile index 914e389..5f014d8 100644 --- a/testcases/network/sctp/Makefile +++ b/testcases/network/sctp/Makefile @@ -17,6 +17,6 @@ top_srcdir ?= ../../.. include $(top_srcdir)/include/mk/env_pre.mk -INSTALL_TARGETS := sctp01.sh +INSTALL_TARGETS := *.sh include $(top_srcdir)/include/mk/generic_leaf_target.mk diff --git a/testcases/network/sctp/sctp02.sh b/testcases/network/sctp/sctp02.sh new file mode 100755 index 0000000..f8386dd --- /dev/null +++ b/testcases/network/sctp/sctp02.sh @@ -0,0 +1,66 @@ +#!/bin/sh +# Copyright (c) 2018 Oracle and/or its affiliates. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it would be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# Regression test for the crash caused by over-sized SCTP chunk, fixed by +# commit 07f2c7ab6f8d ("sctp: verify size of a new chunk in _sctp_make_chunk()") +# +# CVE-2018-5803 + +TCID=sctp02 +TST_TOTAL=1 +TST_CLEANUP="cleanup" +TST_NEEDS_TMPDIR=1 + +. test_net.sh + +cleanup() +{ + for i in $(seq 1 16); do + tst_rhost_run -s -c "ip a del $(tst_ipaddr_un -c $i rhost) \ + dev $(tst_iface rhost)" + done + for i in $(seq 17 3260); do + ROD ip a del $(tst_ipaddr_un -c $i lhost) dev $(tst_iface) + done +} + +setup() +{ + tst_require_root + + tst_resm TINFO "adding several addresses to remote host" + for i in $(seq 1 16); do + tst_rhost_run -s -c "ip a add $(tst_ipaddr_un -c $i rhost) \ + dev $(tst_iface rhost) nodad" + done + + tst_resm TINFO "adding addresses to local host to make big INIT packet" + for i in $(seq 17 3260); do + ROD ip a add $(tst_ipaddr_un -c $i lhost) dev $(tst_iface) nodad + done +} + +test_run() +{ + tst_resm TINFO "sending almost over-sized INIT packet to remote host" + tst_netload -H $(tst_ipaddr rhost) -T sctp + tst_resm TPASS "test doesn't cause the crash" +} + +setup +test_run + +tst_exit