[LTP] [PATCH] Add test for CVE 2022-4378

Richard Palethorpe rpalethorpe@suse.de
Mon Dec 19 15:31:27 CET 2022


Hello,

pvorel <pvorel@suse.de> writes:

> On 2022-12-19 11:07, pvorel wrote:
>> Hi Martin,
>> 
>>> diff --git a/testcases/cve/cve-2022-4378.c
>>> b/testcases/cve/cve-2022-4378.c
>>> new file mode 100644
>>> index 000000000..e1c5df325
>>> --- /dev/null
>>> +++ b/testcases/cve/cve-2022-4378.c
>>> @@ -0,0 +1,108 @@
>>> +// SPDX-License-Identifier: GPL-2.0-or-later
>>> +/*
>>> + * Copyright (C) 2022 SUSE LLC <mdoucha@suse.cz>
>>> + */
>>> +
>>> +/*\
>> nit: you used /*\ docparse start comment, but without any [...] mark,
>> thus nothing shows in generated docs.
>> There should have been either normal C comment /* or docparse [...]
>> mark.
>
> I'm sorry, I was wrong, the text *appear* in generated docs, just
> without any header.

Perhaps make-check could validate the docparse string?

> Just the text contains too much details (given we have link to git
> commit in the table below):
>
> ... fixed in:
>
> commit bce9332220bd677d83b19d21502776ad555a0e73 Author: Linus Torvalds
> <torvalds@linux-foundation.org> Date: Mon Dec 5 12:09:06 2022 -0800

I think it is fine to even copy and paste the whole commit message. If
we list the wrong Git commit this may make it easier to see as well.

>
> Kind regards,
> Petr
>
>> Kind regards,
>> Petr
>> 
>>> + * CVE 2022-4378
>>> + *
>>> + * Check that writing several pages worth of whitespace into
>>> /proc/sys files
>>> + * does not cause kernel stack overflow. Kernel bug fixed in:
>>> + *
>>> + * commit bce9332220bd677d83b19d21502776ad555a0e73
>>> + * Author: Linus Torvalds <torvalds@linux-foundation.org>
>>> + * Date:   Mon Dec 5 12:09:06 2022 -0800
>>> + *
>>> + * proc: proc_skip_spaces() shouldn't think it is working on C
>>> strings
>>> + */
>> ...


-- 
Thank you,
Richard.


More information about the ltp mailing list