[LTP] [RFC PATCH 2/2] cve/cve-2018-1000001: Add Realpath Buffer Underflow test

Petr Vorel pvorel@suse.cz
Thu Jan 18 14:11:34 CET 2018


Idea based on test from glibc , contributed by Dmitry V. Levin:
52a713fdd0 ("linux: make getcwd(3) fail if it cannot obtain an absolute
path [BZ #22679]")

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
NOTE: I didn't use TEST() macro due warning assignment makes integer
from pointer without a cast. Am I blind not to see how to use it?
---
 testcases/cve/cve-2018-1000001.c | 66 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 testcases/cve/cve-2018-1000001.c

diff --git a/testcases/cve/cve-2018-1000001.c b/testcases/cve/cve-2018-1000001.c
new file mode 100644
index 000000000..ae41c786f
--- /dev/null
+++ b/testcases/cve/cve-2018-1000001.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2018 Petr Vorel <pvorel@suse.cz>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "tst_test.h"
+
+#include <errno.h>
+#include <stdlib.h>
+
+#define CHROOT_DIR "cve-2018-1000001"
+
+static void setup(void)
+{
+	SAFE_MKDIR(CHROOT_DIR, 0755);
+	SAFE_CHROOT(CHROOT_DIR);
+}
+
+static void run(unsigned int i)
+{
+	char *cwd;
+
+	int fail = 0;
+
+	errno = 0;
+	if (!i) {
+		tst_res(TINFO, "testing getcwd()");
+		cwd = getcwd(NULL, 0);
+	} else {
+		tst_res(TINFO, "testing realpath()");
+		cwd = realpath(".", NULL);
+	}
+
+	if (errno != ENOENT) {
+		tst_res(TFAIL | TERRNO, "returned unexpected errno");
+		fail = 1;
+	}
+
+	if (cwd != NULL) {
+		tst_res(TFAIL, "getcwd() not returned NULL path: '%s'", cwd);
+		fail = 1;
+	}
+
+	if (!fail)
+		tst_res(TPASS, "bug not reproduced");
+}
+
+static struct tst_test test = {
+	.test = run,
+	.tcnt = 2,
+	.setup = setup,
+	.needs_root = 1,
+	.needs_tmpdir = 1,
+};
-- 
2.15.1



More information about the ltp mailing list