[LTP] [PATCH v2 4/4] ioctl_sg01: Loop data leak check 100 times
Petr Vorel
pvorel@suse.cz
Thu Sep 3 16:03:29 CEST 2020
> On 02. 09. 20 19:17, Petr Vorel wrote:
> > BTW do I understand the test correctly: we expect ioctl() return -1 because we
> > use uninitialized command[CMD_SIZE] in query.cmdp (as the requirement for empty
> > command in kernel commit message)?
> command[CMD_SIZE] is initialized to 0 which is the SCSI command TEST
> UNIT READY. We expect ioctl() to return 0 but also ignore -1 because the
> only thing we really care about are the contents of query.dxferp buffer.
> If ioctl() fails for some legitimate reason but kernel still fills the
> buffer with private data, we need to report that the CVE is present.
Thanks for info, Martin.
Kind regards,
Petr
> https://en.wikipedia.org/wiki/SCSI_command
More information about the ltp
mailing list