[LTP] [PATCH v1] mq_notify03.c: New test CVE-2021-38604

Wei Gao wegao@suse.com
Tue Feb 21 03:04:42 CET 2023


On Fri, Feb 17, 2023 at 05:05:06PM +0100, Cyril Hrubis wrote:
> Hi!
> > +/*\
> > + * [Description]
> > + *
> > + * Test for NULL pointer dereference in mq_notify(CVE-2021-38604)
> > + *
> > + * References links:
> > + * - https://sourceware.org/bugzilla/show_bug.cgi?id=28213
> > + */
> > +
> > +#include <errno.h>
> > +#include <sys/types.h>
> > +#include <sys/stat.h>
> > +#include <fcntl.h>
> > +#include <unistd.h>
> > +#include <mqueue.h>
> > +#include <signal.h>
> > +#include <stdlib.h>
> > +#include <string.h>
> > +#include "tst_test.h"
> > +#include "tst_safe_posix_ipc.h"
> > +
> > +static mqd_t m = -1;
> > +static const char msg[] = "hello";
> > +
> > +static void check_bz28213_cb(union sigval sv)
> > +{
> > +	char buf[sizeof(msg)];
> > +
> > +	(void)sv;
> > +
> > +	TST_EXP_PASS(!((size_t) mq_receive(m, buf, sizeof(buf), NULL)
> 
> Does this line of code even compile?
Yes, this wrong code can pass complie : )


More information about the ltp mailing list