[LTP] [PATCH v2 4/4] ioctl_sg01: Loop data leak check 100 times
Martin Doucha
mdoucha@suse.cz
Thu Sep 3 15:19:13 CEST 2020
On 02. 09. 20 19:17, Petr Vorel wrote:
> BTW do I understand the test correctly: we expect ioctl() return -1 because we
> use uninitialized command[CMD_SIZE] in query.cmdp (as the requirement for empty
> command in kernel commit message)?
command[CMD_SIZE] is initialized to 0 which is the SCSI command TEST
UNIT READY. We expect ioctl() to return 0 but also ignore -1 because the
only thing we really care about are the contents of query.dxferp buffer.
If ioctl() fails for some legitimate reason but kernel still fills the
buffer with private data, we need to report that the CVE is present.
https://en.wikipedia.org/wiki/SCSI_command
--
Martin Doucha mdoucha@suse.cz
QA Engineer for Software Maintenance
SUSE LINUX, s.r.o.
CORSO IIa
Krizikova 148/34
186 00 Prague 8
Czech Republic
More information about the ltp
mailing list