[LTP] [PATCH v3] fsconfig03: New test CVE-2022-0185

[Wei Gao]

On Tue, Feb 14, 2023 at 11:05:24AM +0000, Richard Palethorpe wrote:
> Hello,
> 
> > +static void run(void)
> > +{
> > +	char *val = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
> > +	long pagesize;
> > +
> > +	pagesize = sysconf(_SC_PAGESIZE);
> > +	if (pagesize == -1)
> > +		tst_brk(TBROK, "sysconf(_SC_PAGESIZE) failed");
> > +
> > +	for (size_t i = 0; i < 5000; i++) {
> > +		if (!strcmp(tst_device->fs_type, "btrfs")) {
> > +			/* use same logic in kernel legacy_parse_param function */
> > +			if (i * (strlen(val) + 2) + (strlen(val) + 1) + 2 > (size_t)pagesize) {
> > +				TST_EXP_FAIL_SILENT(fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0),
> > +									EINVAL);
> > +				if (!TST_PASS)
> > +					return;
> > +			} else {
> > +				TST_EXP_PASS_SILENT(fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0));
> > +				if (TST_ERR)
> > +					return;
> 
> We need to close and reopen the FD inside run() otherwise the test fails
> on BTRFS with -i2 because we have already filled the buffer.
Thanks for your feedback, i have some quesiton on this comments:
The error will happen when buffer is full filled on btrfs(means buffer len > pagesize), this is normal 
and current logic verfiy this logic for btrfs.
Are you mean we need create another fd and continue do fsconfig on new fd once first fsconfig fails happen ? Correct 
me if i have misunderstanding.

> 
> > +			}
> > +		} else {
> > +			TST_EXP_FAIL_SILENT(fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0),
> > +								EINVAL);
> > +			if (!TST_PASS)
> > +				return;
> > +		}
> > +	}
> 
> This loop can be rewritten so that there are less branches and
> indentation. This makes it easier to read.
> 
> 	for (size_t i = 0; i < 5000; i++) {
> 		/* use same logic in kernel legacy_parse_param function */
> 		const size_t len = i * (strlen(val) + 2) + (strlen(val) + 1) + 2;
> 
> 		if (!strcmp(tst_device->fs_type, "btrfs") && len <= (size_t)pagesize) {
> 			TST_EXP_PASS_SILENT(fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0));
> 			if (TST_ERR)
> 				return;
> 		} else {
> 			TST_EXP_FAIL_SILENT(fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0),
> 					    EINVAL);
> 			if (!TST_PASS)
> 				return;
> 		}
> 	}
> 
> 
> > -- 
> > 2.35.3
> 
> 
> -- 
> Thank you,
> Richard.