From patchwork Wed Jun 20 07:59:15 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Petr Vorel <pvorel@suse.cz>
X-Patchwork-Id: 932011
X-Patchwork-Delegate: petr.vorel@gmail.com
Return-Path: <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=lists.linux.it
	(client-ip=213.254.12.146; helo=picard.linux.it;
	envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=suse.cz
Received: from picard.linux.it (picard.linux.it [213.254.12.146])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 419cgT2Sppz9s4n
	for <incoming@patchwork.ozlabs.org>;
	Wed, 20 Jun 2018 17:59:49 +1000 (AEST)
Received: from picard.linux.it (localhost [IPv6:::1])
	by picard.linux.it (Postfix) with ESMTP id 40DF13E65F4
	for <incoming@patchwork.ozlabs.org>;
	Wed, 20 Jun 2018 09:59:46 +0200 (CEST)
X-Original-To: ltp@lists.linux.it
Delivered-To: ltp@picard.linux.it
Received: from in-6.smtp.seeweb.it (in-6.smtp.seeweb.it [217.194.8.6])
	by picard.linux.it (Postfix) with ESMTP id 0220D3E6560
	for <ltp@lists.linux.it>; Wed, 20 Jun 2018 09:59:44 +0200 (CEST)
Received: from mx2.suse.de (mx2.suse.de [195.135.220.15])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by in-6.smtp.seeweb.it (Postfix) with ESMTPS id 627A81401857
	for <ltp@lists.linux.it>; Wed, 20 Jun 2018 09:59:40 +0200 (CEST)
Received: from relay2.suse.de (charybdis-ext-too.suse.de [195.135.220.254])
	by mx2.suse.de (Postfix) with ESMTP id 7B35FAC7F
	for <ltp@lists.linux.it>; Wed, 20 Jun 2018 07:59:40 +0000 (UTC)
From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Date: Wed, 20 Jun 2018 09:59:15 +0200
Message-Id: <20180620075917.21056-1-pvorel@suse.cz>
X-Mailer: git-send-email 2.17.1
X-Virus-Scanned: clamav-milter 0.99.2 at in-6.smtp.seeweb.it
X-Virus-Status: Clean
X-Spam-Status: No, score=-0.0 required=7.0 tests=SPF_PASS autolearn=disabled
	version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	in-6.smtp.seeweb.it
Subject: [LTP] [PATCH 1/3] lib: Add SAFE_CHROOT(path) macro
X-BeenThere: ltp@lists.linux.it
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Linux Test Project <ltp.lists.linux.it>
List-Unsubscribe: <https://lists.linux.it/options/ltp>,
	<mailto:ltp-request@lists.linux.it?subject=unsubscribe>
List-Archive: <http://lists.linux.it/pipermail/ltp/>
List-Post: <mailto:ltp@lists.linux.it>
List-Help: <mailto:ltp-request@lists.linux.it?subject=help>
List-Subscribe: <https://lists.linux.it/listinfo/ltp>,
	<mailto:ltp-request@lists.linux.it?subject=subscribe>
MIME-Version: 1.0
Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it
Sender: "ltp" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
 include/safe_macros_fn.h  |  3 +++
 include/tst_safe_macros.h |  5 ++++-
 lib/safe_macros.c         | 15 +++++++++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/include/safe_macros_fn.h b/include/safe_macros_fn.h
index 3df952811..9b11801a4 100644
--- a/include/safe_macros_fn.h
+++ b/include/safe_macros_fn.h
@@ -30,6 +30,9 @@ char* safe_basename(const char *file, const int lineno,
 int safe_chdir(const char *file, const int lineno,
                void (*cleanup_fn)(void), const char *path);
 
+int safe_chroot(const char *file, const int lineno,
+               void (*cleanup_fn)(void), const char *path);
+
 int safe_close(const char *file, const int lineno,
                void (*cleanup_fn)(void), int fildes);
 
diff --git a/include/tst_safe_macros.h b/include/tst_safe_macros.h
index 75c2a0803..0cf560b98 100644
--- a/include/tst_safe_macros.h
+++ b/include/tst_safe_macros.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2015 Linux Test Project
+ * Copyright (c) 2010-2018 Linux Test Project
  * Copyright (c) 2011-2015 Cyril Hrubis <chrubis@suse.cz>
  *
  * This program is free software: you can redistribute it and/or modify
@@ -37,6 +37,9 @@
 #define SAFE_BASENAME(path) \
 	safe_basename(__FILE__, __LINE__, NULL, (path))
 
+#define SAFE_CHROOT(path) \
+	safe_chroot(__FILE__, __LINE__, NULL, (path))
+
 #define SAFE_CHDIR(path) \
 	safe_chdir(__FILE__, __LINE__, NULL, (path))
 
diff --git a/lib/safe_macros.c b/lib/safe_macros.c
index abdeca013..2fc14f709 100644
--- a/lib/safe_macros.c
+++ b/lib/safe_macros.c
@@ -33,6 +33,21 @@ char *safe_basename(const char *file, const int lineno,
 	return rval;
 }
 
+int safe_chroot(const char *file, const int lineno, void (*cleanup_fn) (void),
+               const char *path)
+{
+	int rval;
+
+	rval = chroot(path);
+	if (rval == -1) {
+		tst_brkm(TBROK | TERRNO, cleanup_fn,
+			 "%s:%d: chroot(%s) failed",
+			 file, lineno, path);
+	}
+
+	return rval;
+}
+
 int
 safe_chdir(const char *file, const int lineno, void (*cleanup_fn) (void),
 	   const char *path)

From patchwork Wed Jun 20 07:59:16 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Petr Vorel <pvorel@suse.cz>
X-Patchwork-Id: 932012
X-Patchwork-Delegate: petr.vorel@gmail.com
Return-Path: <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=lists.linux.it
	(client-ip=213.254.12.146; helo=picard.linux.it;
	envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=suse.cz
Received: from picard.linux.it (picard.linux.it [213.254.12.146])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 419cgW6wG3z9s4n
	for <incoming@patchwork.ozlabs.org>;
	Wed, 20 Jun 2018 17:59:51 +1000 (AEST)
Received: from picard.linux.it (localhost [IPv6:::1])
	by picard.linux.it (Postfix) with ESMTP id 67F4A3E6CAF
	for <incoming@patchwork.ozlabs.org>;
	Wed, 20 Jun 2018 09:59:49 +0200 (CEST)
X-Original-To: ltp@lists.linux.it
Delivered-To: ltp@picard.linux.it
Received: from in-2.smtp.seeweb.it (in-2.smtp.seeweb.it
	[IPv6:2001:4b78:1:20::2])
	by picard.linux.it (Postfix) with ESMTP id AB4A93E6560
	for <ltp@lists.linux.it>; Wed, 20 Jun 2018 09:59:45 +0200 (CEST)
Received: from mx2.suse.de (mx2.suse.de [195.135.220.15])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by in-2.smtp.seeweb.it (Postfix) with ESMTPS id 52947601A62
	for <ltp@lists.linux.it>; Wed, 20 Jun 2018 09:59:45 +0200 (CEST)
Received: from relay1.suse.de (charybdis-ext-too.suse.de [195.135.220.254])
	by mx2.suse.de (Postfix) with ESMTP id AF0D0ADE7
	for <ltp@lists.linux.it>; Wed, 20 Jun 2018 07:59:44 +0000 (UTC)
From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Date: Wed, 20 Jun 2018 09:59:16 +0200
Message-Id: <20180620075917.21056-2-pvorel@suse.cz>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180620075917.21056-1-pvorel@suse.cz>
References: <20180620075917.21056-1-pvorel@suse.cz>
X-Virus-Scanned: clamav-milter 0.99.2 at in-2.smtp.seeweb.it
X-Virus-Status: Clean
X-Spam-Status: No, score=-0.0 required=7.0 tests=SPF_PASS autolearn=disabled
	version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	in-2.smtp.seeweb.it
Subject: [LTP] [PATCH 2/3] lib: Introduce TESTPTR()
X-BeenThere: ltp@lists.linux.it
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Linux Test Project <ltp.lists.linux.it>
List-Unsubscribe: <https://lists.linux.it/options/ltp>,
	<mailto:ltp-request@lists.linux.it?subject=unsubscribe>
List-Archive: <http://lists.linux.it/pipermail/ltp/>
List-Post: <mailto:ltp@lists.linux.it>
List-Help: <mailto:ltp-request@lists.linux.it?subject=help>
List-Subscribe: <https://lists.linux.it/listinfo/ltp>,
	<mailto:ltp-request@lists.linux.it?subject=subscribe>
MIME-Version: 1.0
Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it
Sender: "ltp" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>

for testing with pointers

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
 include/tst_test.h | 9 +++++++++
 lib/tst_res.c      | 1 +
 2 files changed, 10 insertions(+)

diff --git a/include/tst_test.h b/include/tst_test.h
index 54ff306d9..ab45e2783 100644
--- a/include/tst_test.h
+++ b/include/tst_test.h
@@ -195,6 +195,15 @@ void tst_reinit(void);
 extern long TEST_RETURN;
 extern int TEST_ERRNO;
 
+extern void *TEST_RETURN_PTR;
+
+#define TESTPTR(SCALL) \
+	do { \
+		errno = 0; \
+		TEST_RETURN_PTR = (void*)(TEST_RETURN = (intptr_t)SCALL); \
+		TEST_ERRNO = errno; \
+	} while (0)
+
 /*
  * Functions to convert ERRNO to its name and SIGNAL to its name.
  */
diff --git a/lib/tst_res.c b/lib/tst_res.c
index 8ff7ee425..84becbef4 100644
--- a/lib/tst_res.c
+++ b/lib/tst_res.c
@@ -55,6 +55,7 @@
 
 long TEST_RETURN;
 int TEST_ERRNO;
+void *TEST_RETURN_PTR;
 
 #define VERBOSE      1
 #define NOPASS       3

From patchwork Wed Jun 20 07:59:17 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Petr Vorel <pvorel@suse.cz>
X-Patchwork-Id: 932013
X-Patchwork-Delegate: petr.vorel@gmail.com
Return-Path: <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=lists.linux.it
	(client-ip=213.254.12.146; helo=picard.linux.it;
	envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=suse.cz
Received: from picard.linux.it (picard.linux.it [213.254.12.146])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 419cgd4dM3z9s4n
	for <incoming@patchwork.ozlabs.org>;
	Wed, 20 Jun 2018 17:59:57 +1000 (AEST)
Received: from picard.linux.it (localhost [IPv6:::1])
	by picard.linux.it (Postfix) with ESMTP id AB74F3E6C2D
	for <incoming@patchwork.ozlabs.org>;
	Wed, 20 Jun 2018 09:59:54 +0200 (CEST)
X-Original-To: ltp@lists.linux.it
Delivered-To: ltp@picard.linux.it
Received: from in-6.smtp.seeweb.it (in-6.smtp.seeweb.it
	[IPv6:2001:4b78:1:20::6])
	by picard.linux.it (Postfix) with ESMTP id 57F213E6606
	for <ltp@lists.linux.it>; Wed, 20 Jun 2018 09:59:52 +0200 (CEST)
Received: from mx2.suse.de (mx2.suse.de [195.135.220.15])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by in-6.smtp.seeweb.it (Postfix) with ESMTPS id C4EBF1401858
	for <ltp@lists.linux.it>; Wed, 20 Jun 2018 09:59:51 +0200 (CEST)
Received: from relay2.suse.de (charybdis-ext-too.suse.de [195.135.220.254])
	by mx2.suse.de (Postfix) with ESMTP id 1B766ADE7;
	Wed, 20 Jun 2018 07:59:51 +0000 (UTC)
From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Date: Wed, 20 Jun 2018 09:59:17 +0200
Message-Id: <20180620075917.21056-3-pvorel@suse.cz>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180620075917.21056-1-pvorel@suse.cz>
References: <20180620075917.21056-1-pvorel@suse.cz>
X-Virus-Scanned: clamav-milter 0.99.2 at in-6.smtp.seeweb.it
X-Virus-Status: Clean
X-Spam-Status: No, score=-0.0 required=7.0 tests=SPF_PASS autolearn=disabled
	version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	in-6.smtp.seeweb.it
Cc: "Dmitry V . Levin" <ldv@altlinux.org>, Eric Biggers <ebiggers@google.com>
Subject: [LTP] [PATCH 3/3] cve/cve-2018-1000001: Add Realpath Buffer
	Underflow test
X-BeenThere: ltp@lists.linux.it
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Linux Test Project <ltp.lists.linux.it>
List-Unsubscribe: <https://lists.linux.it/options/ltp>,
	<mailto:ltp-request@lists.linux.it?subject=unsubscribe>
List-Archive: <http://lists.linux.it/pipermail/ltp/>
List-Post: <mailto:ltp@lists.linux.it>
List-Help: <mailto:ltp-request@lists.linux.it?subject=help>
List-Subscribe: <https://lists.linux.it/listinfo/ltp>,
	<mailto:ltp-request@lists.linux.it?subject=subscribe>
MIME-Version: 1.0
Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it
Sender: "ltp" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>

Idea based on glibc source io/tst-getcwd-abspath.c, contributed by
Dmitry V. Levin [1]

[1] https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94;hp=249a5895f120b13290a372a49bb4b499e749806f

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
Hi,

I put it into it's own subdirectory under testcases/cve/ (according to [1]),
but maybe Eric meant directory testcases/libc.
Not sure if binary or test case name should be descriptive (so far we
use description for binaries).


Kind regards,
Petr

[1] http://lists.linux.it/pipermail/ltp/2018-March/007388.html
---
 runtest/cve                           |  1 +
 testcases/cve/Makefile                |  2 +-
 testcases/cve/libc/Makefile           |  8 ++++
 testcases/cve/libc/cve-2018-1000001.c | 60 +++++++++++++++++++++++++++
 4 files changed, 70 insertions(+), 1 deletion(-)
 create mode 100644 testcases/cve/libc/Makefile
 create mode 100644 testcases/cve/libc/cve-2018-1000001.c

diff --git a/runtest/cve b/runtest/cve
index 2f4171c84..c7031281a 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -33,3 +33,4 @@ cve-2017-17052 cve-2017-17052
 cve-2017-16939 cve-2017-16939
 cve-2017-17053 cve-2017-17053
 cve-2018-5803 sctp_big_chunk
+cve-2018-1000001_libc_realpath_buffer_underflow cve-2018-1000001
diff --git a/testcases/cve/Makefile b/testcases/cve/Makefile
index 3a05dd4fe..e5fc8d44f 100644
--- a/testcases/cve/Makefile
+++ b/testcases/cve/Makefile
@@ -41,4 +41,4 @@ cve-2017-17053:	CFLAGS += -pthread
 
 cve-2015-3290:	CFLAGS += -pthread
 
-include $(top_srcdir)/include/mk/generic_leaf_target.mk
+include $(top_srcdir)/include/mk/generic_trunk_target.mk
diff --git a/testcases/cve/libc/Makefile b/testcases/cve/libc/Makefile
new file mode 100644
index 000000000..e23dc473c
--- /dev/null
+++ b/testcases/cve/libc/Makefile
@@ -0,0 +1,8 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+# Copyright (c) 2018 Linux Test Project
+
+top_srcdir		?= ../../..
+
+include $(top_srcdir)/include/mk/testcases.mk
+
+include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/cve/libc/cve-2018-1000001.c b/testcases/cve/libc/cve-2018-1000001.c
new file mode 100644
index 000000000..5cb618bc7
--- /dev/null
+++ b/testcases/cve/libc/cve-2018-1000001.c
@@ -0,0 +1,60 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2018 Petr Vorel <pvorel@suse.cz>
+ * Based on the reproducer posted upstream so other copyrights may apply.
+ *
+ * Author: Dmitry V. Levin <ldv@altlinux.org>
+ * LTP conversion from glibc source: Petr Vorel <pvorel@suse.cz>
+ */
+
+#include "tst_test.h"
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#define CHROOT_DIR "cve-2018-1000001"
+
+static void setup(void)
+{
+	SAFE_MKDIR(CHROOT_DIR, 0755);
+	SAFE_CHROOT(CHROOT_DIR);
+}
+
+static void run(unsigned int i)
+{
+	int fail = 0;
+
+	errno = 0;
+
+	if (!i) {
+		tst_res(TINFO, "testing getcwd()");
+		TESTPTR(getcwd(NULL, 0));
+	} else {
+		tst_res(TINFO, "testing realpath()");
+		TESTPTR(realpath(".", NULL));
+	}
+
+	if (errno != ENOENT) {
+		tst_res(TFAIL | TERRNO, "returned unexpected errno");
+		fail = 1;
+	}
+
+	if (TEST_RETURN_PTR != NULL) {
+		tst_res(TFAIL, "syscall didn't return NULL: '%s'",
+				(char *)TEST_RETURN_PTR);
+		fail = 1;
+	}
+
+	if (!fail)
+		tst_res(TPASS, "bug not reproduced");
+}
+
+static struct tst_test test = {
+	.test = run,
+	.tcnt = 2,
+	.setup = setup,
+	.needs_root = 1,
+	.needs_tmpdir = 1,
+};