[LTP] [PATCH] syscalls/execve06: Add test for argv[0] = NULL
Cyril Hrubis
chrubis@suse.cz
Tue Jun 14 14:17:29 CEST 2022
Hi!
> > in order to fix all potential CVEs where userspace programs attempt to
> > blindly process the argv[] list starting at argv[1]. There was at least
> > one example of this caught in the wild CVE-2021-4034 in polkit but there
> > are likely more.
>
> Great, thanks for addressing this.
>
> > Fixes: #911
>
> > testcases/kernel/syscalls/execve/.gitignore | 2 +
> > testcases/kernel/syscalls/execve/execve06.c | 49 +++++++++++++++++++
> > .../kernel/syscalls/execve/execve06_child.c | 27 ++++++++++
> > 3 files changed, 78 insertions(+)
> > create mode 100644 testcases/kernel/syscalls/execve/execve06.c
> > create mode 100644 testcases/kernel/syscalls/execve/execve06_child.c
>
> This should go to runtest/syscalls and runtest/cve, right?
> (can be fixed before merge).
Sigh, sorry, I did forget about these.
--
Cyril Hrubis
chrubis@suse.cz
More information about the ltp
mailing list