From patchwork Thu Jun 21 14:16:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 932754 X-Patchwork-Delegate: petr.vorel@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.cz Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41BP0G6qkjz9s2R for ; Fri, 22 Jun 2018 00:17:02 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id 1DC793E7469 for ; Thu, 21 Jun 2018 16:17:00 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-5.smtp.seeweb.it (in-5.smtp.seeweb.it [217.194.8.5]) by picard.linux.it (Postfix) with ESMTP id B240C3E62C3 for ; Thu, 21 Jun 2018 16:16:58 +0200 (CEST) Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by in-5.smtp.seeweb.it (Postfix) with ESMTPS id 4DAE160CB90 for ; Thu, 21 Jun 2018 16:16:57 +0200 (CEST) Received: from relay1.suse.de (charybdis-ext-too.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 9BB5EAECD for ; Thu, 21 Jun 2018 14:16:57 +0000 (UTC) From: Petr Vorel To: ltp@lists.linux.it Date: Thu, 21 Jun 2018 16:16:46 +0200 Message-Id: <20180621141648.11430-1-pvorel@suse.cz> X-Mailer: git-send-email 2.17.1 X-Virus-Scanned: clamav-milter 0.99.2 at in-5.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=-0.0 required=7.0 tests=SPF_PASS autolearn=disabled version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on in-5.smtp.seeweb.it Subject: [LTP] [PATCH v3 1/3] lib: Add SAFE_CHROOT(path) macro X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.18 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Signed-off-by: Petr Vorel --- include/tst_safe_macros.h | 6 +++++- lib/tst_safe_macros.c | 13 +++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/include/tst_safe_macros.h b/include/tst_safe_macros.h index 75c2a0803..1ad9c71b2 100644 --- a/include/tst_safe_macros.h +++ b/include/tst_safe_macros.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2015 Linux Test Project + * Copyright (c) 2010-2018 Linux Test Project * Copyright (c) 2011-2015 Cyril Hrubis * * This program is free software: you can redistribute it and/or modify @@ -48,6 +48,10 @@ #define SAFE_CREAT(pathname, mode) \ safe_creat(__FILE__, __LINE__, NULL, (pathname), (mode)) +#define SAFE_CHROOT(path) \ + safe_chroot(__FILE__, __LINE__, (path)) +int safe_chroot(const char *file, const int lineno, const char *path); + #define SAFE_DIRNAME(path) \ safe_dirname(__FILE__, __LINE__, NULL, (path)) diff --git a/lib/tst_safe_macros.c b/lib/tst_safe_macros.c index e152bff7f..17384f32c 100644 --- a/lib/tst_safe_macros.c +++ b/lib/tst_safe_macros.c @@ -152,3 +152,16 @@ struct group *safe_getgrnam(const char *file, const int lineno, return rval; } + +int safe_chroot(const char *file, const int lineno, const char *path) +{ + int rval; + + rval = chroot(path); + if (rval == -1) { + tst_brk_(file, lineno, TBROK | TERRNO, + "chroot(%s) failed", path); + } + + return rval; +} From patchwork Thu Jun 21 14:16:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 932755 X-Patchwork-Delegate: petr.vorel@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.cz Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41BP0L3WxZz9s31 for ; Fri, 22 Jun 2018 00:17:06 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id B52633E7533 for ; Thu, 21 Jun 2018 16:17:03 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-7.smtp.seeweb.it (in-7.smtp.seeweb.it [217.194.8.7]) by picard.linux.it (Postfix) with ESMTP id 6F1913E62C3 for ; Thu, 21 Jun 2018 16:16:59 +0200 (CEST) Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by in-7.smtp.seeweb.it (Postfix) with ESMTPS id 33793201699 for ; Thu, 21 Jun 2018 16:16:59 +0200 (CEST) Received: from relay2.suse.de (charybdis-ext-too.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id D72FFAECD for ; Thu, 21 Jun 2018 14:16:58 +0000 (UTC) From: Petr Vorel To: ltp@lists.linux.it Date: Thu, 21 Jun 2018 16:16:47 +0200 Message-Id: <20180621141648.11430-2-pvorel@suse.cz> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180621141648.11430-1-pvorel@suse.cz> References: <20180621141648.11430-1-pvorel@suse.cz> X-Virus-Scanned: clamav-milter 0.99.2 at in-7.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=-0.0 required=7.0 tests=SPF_PASS autolearn=disabled version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on in-7.smtp.seeweb.it Subject: [LTP] [PATCH v3 2/3] lib: Introduce TESTPTR() X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.18 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" useful for testing with pointers. NOTE: variable TST_RET_PTR has new format (TST_*), to confirm gh#336. Signed-off-by: Petr Vorel --- include/tst_test.h | 9 +++++++++ lib/tst_res.c | 1 + 2 files changed, 10 insertions(+) diff --git a/include/tst_test.h b/include/tst_test.h index 54ff306d9..7caf2e174 100644 --- a/include/tst_test.h +++ b/include/tst_test.h @@ -195,6 +195,15 @@ void tst_reinit(void); extern long TEST_RETURN; extern int TEST_ERRNO; +extern void *TST_RET_PTR; + +#define TESTPTR(SCALL) \ + do { \ + errno = 0; \ + TST_RET_PTR = (void*)SCALL; \ + TEST_ERRNO = errno; \ + } while (0) + /* * Functions to convert ERRNO to its name and SIGNAL to its name. */ diff --git a/lib/tst_res.c b/lib/tst_res.c index 8ff7ee425..c35f41b74 100644 --- a/lib/tst_res.c +++ b/lib/tst_res.c @@ -55,6 +55,7 @@ long TEST_RETURN; int TEST_ERRNO; +void *TST_RET_PTR; #define VERBOSE 1 #define NOPASS 3 From patchwork Thu Jun 21 14:16:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Vorel X-Patchwork-Id: 932756 X-Patchwork-Delegate: petr.vorel@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.linux.it (client-ip=2001:1418:10:5::2; helo=picard.linux.it; envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=suse.cz Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41BP0P5Fh6z9s2R for ; Fri, 22 Jun 2018 00:17:09 +1000 (AEST) Received: from picard.linux.it (localhost [IPv6:::1]) by picard.linux.it (Postfix) with ESMTP id EA52B3E74A1 for ; Thu, 21 Jun 2018 16:17:06 +0200 (CEST) X-Original-To: ltp@lists.linux.it Delivered-To: ltp@picard.linux.it Received: from in-2.smtp.seeweb.it (in-2.smtp.seeweb.it [217.194.8.2]) by picard.linux.it (Postfix) with ESMTP id 316AB3E7536 for ; Thu, 21 Jun 2018 16:17:01 +0200 (CEST) Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by in-2.smtp.seeweb.it (Postfix) with ESMTPS id 895B2601A23 for ; Thu, 21 Jun 2018 16:17:00 +0200 (CEST) Received: from relay1.suse.de (charybdis-ext-too.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 38EEFAECD for ; Thu, 21 Jun 2018 14:17:00 +0000 (UTC) From: Petr Vorel To: ltp@lists.linux.it Date: Thu, 21 Jun 2018 16:16:48 +0200 Message-Id: <20180621141648.11430-3-pvorel@suse.cz> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180621141648.11430-1-pvorel@suse.cz> References: <20180621141648.11430-1-pvorel@suse.cz> X-Virus-Scanned: clamav-milter 0.99.2 at in-2.smtp.seeweb.it X-Virus-Status: Clean X-Spam-Status: No, score=-0.0 required=7.0 tests=SPF_PASS autolearn=disabled version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on in-2.smtp.seeweb.it Subject: [LTP] [PATCH v3 3/3] cve/cve-2018-1000001: Add Realpath Buffer Underflow test X-BeenThere: ltp@lists.linux.it X-Mailman-Version: 2.1.18 Precedence: list List-Id: Linux Test Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it Sender: "ltp" Idea based on glibc source io/tst-getcwd-abspath.c, contributed by Dmitry V. Levin [1] [1] https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94;hp=249a5895f120b13290a372a49bb4b499e749806f Signed-off-by: Petr Vorel --- Changes v2->v3: * Put source into testcases/kernel/syscalls/getcwd/getcwd05.c. * Put record in several runtest files. * Minor code simplification. Kind regards, Petr --- runtest/cve | 1 + runtest/ltplite | 1 + runtest/stress.part3 | 1 + runtest/syscalls | 1 + testcases/cve/Makefile | 2 +- testcases/kernel/syscalls/getcwd/.gitignore | 1 + testcases/kernel/syscalls/getcwd/getcwd05.c | 56 +++++++++++++++++++++ 7 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 testcases/kernel/syscalls/getcwd/getcwd05.c diff --git a/runtest/cve b/runtest/cve index 2f4171c84..c7f438be2 100644 --- a/runtest/cve +++ b/runtest/cve @@ -33,3 +33,4 @@ cve-2017-17052 cve-2017-17052 cve-2017-16939 cve-2017-16939 cve-2017-17053 cve-2017-17053 cve-2018-5803 sctp_big_chunk +cve-2018-1000001 getcwd05 diff --git a/runtest/ltplite b/runtest/ltplite index 249262674..9d4af2da6 100644 --- a/runtest/ltplite +++ b/runtest/ltplite @@ -281,6 +281,7 @@ getcwd01 getcwd01 getcwd02 getcwd02 getcwd03 getcwd03 getcwd04 getcwd04 +getcwd05 getcwd05 getdents01 getdents01 getdents02 getdents02 diff --git a/runtest/stress.part3 b/runtest/stress.part3 index d9287197b..8eb02d8b3 100644 --- a/runtest/stress.part3 +++ b/runtest/stress.part3 @@ -220,6 +220,7 @@ getcwd01 getcwd01 getcwd02 getcwd02 getcwd03 getcwd03 getcwd04 getcwd04 +getcwd05 getcwd05 getdents01 getdents01 getdents02 getdents02 diff --git a/runtest/syscalls b/runtest/syscalls index 65c96edab..edec76f13 100644 --- a/runtest/syscalls +++ b/runtest/syscalls @@ -348,6 +348,7 @@ getcwd01 getcwd01 getcwd02 getcwd02 getcwd03 getcwd03 getcwd04 getcwd04 +getcwd05 getcwd05 getdents01 getdents01 getdents02 getdents02 diff --git a/testcases/cve/Makefile b/testcases/cve/Makefile index 3a05dd4fe..e5fc8d44f 100644 --- a/testcases/cve/Makefile +++ b/testcases/cve/Makefile @@ -41,4 +41,4 @@ cve-2017-17053: CFLAGS += -pthread cve-2015-3290: CFLAGS += -pthread -include $(top_srcdir)/include/mk/generic_leaf_target.mk +include $(top_srcdir)/include/mk/generic_trunk_target.mk diff --git a/testcases/kernel/syscalls/getcwd/.gitignore b/testcases/kernel/syscalls/getcwd/.gitignore index 338852b62..99b2ba19f 100644 --- a/testcases/kernel/syscalls/getcwd/.gitignore +++ b/testcases/kernel/syscalls/getcwd/.gitignore @@ -2,3 +2,4 @@ /getcwd02 /getcwd03 /getcwd04 +/getcwd05 diff --git a/testcases/kernel/syscalls/getcwd/getcwd05.c b/testcases/kernel/syscalls/getcwd/getcwd05.c new file mode 100644 index 000000000..182f6b56f --- /dev/null +++ b/testcases/kernel/syscalls/getcwd/getcwd05.c @@ -0,0 +1,56 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * Copyright (C) 2018 Petr Vorel + * Based on the reproducer posted upstream so other copyrights may apply. + * + * Author: Dmitry V. Levin + * LTP conversion from glibc source: Petr Vorel + */ + +#include "tst_test.h" + +#include +#include + +#define CHROOT_DIR "cve-2018-1000001" + +static void setup(void) +{ + SAFE_MKDIR(CHROOT_DIR, 0755); + SAFE_CHROOT(CHROOT_DIR); +} + +static void run(unsigned int i) +{ + int fail = 0; + + if (i) { + tst_res(TINFO, "testing realpath()"); + TESTPTR(realpath(".", NULL)); + } else { + tst_res(TINFO, "testing getcwd()"); + TESTPTR(getcwd(NULL, 0)); + } + + if (TEST_ERRNO != ENOENT) { + tst_res(TFAIL | TTERRNO, "returned unexpected errno"); + fail = 1; + } + + if (TST_RET_PTR != NULL) { + tst_res(TFAIL, "syscall didn't return NULL: '%s'", + (char *)TST_RET_PTR); + fail = 1; + } + + if (!fail) + tst_res(TPASS, "bug not reproduced"); +} + +static struct tst_test test = { + .test = run, + .tcnt = 2, + .setup = setup, + .needs_root = 1, + .needs_tmpdir = 1, +};