[LTP] [PATCH v1 1/1] runtest/cve: Add some existing CVE tests to runtest file

河原颯太 souta.kawahara@miraclelinux.com
Wed Jun 21 02:19:16 CEST 2023 

Hi all.

Thankyou for all your review!

2023年6月21日(水) 6:08 Petr Vorel <pvorel@suse.cz>:
>
> Hi Li, all,
>
> ...
> > > +cve-2017-5669 shmat03
>
> > This one looks like being dropped from the CVE list purposely,
> > according to:
>
> > commit 2588dafd4651706ed7ae34ae3b744b0ee8cd6384
> > Author: Cyril Hrubis <chrubis@suse.cz>
> > Date:   Wed Aug 14 14:13:28 2019 +0200
>
> >     syscalls/shmat03: Remove it from runtest/cve
>
> >     The original POC[1] and CVE-2017-5669 are not tested by this test
> >     anymore as it turned out that the CVE was bogus. See:
>
> >     https://marc.info/?l=linux-mm&m=152510978123755&w=2
>
> >     And the test became regression test for:
>
> >     commit 8f89c007b6dec16a1793cb88de88fcc02117bbbc
> >     Author: Davidlohr Bueso <dave@stgolabs.net>
> >     Date:   Fri May 25 14:47:30 2018 -0700
>
> >         ipc/shm: fix shmat() nil address after round-down when remapping
>
> >     Hence we will keep the test but remove it from the CVE runtest file and
>
> Good catch, Li. I'm for merging this without "cve-2017-5669 shmat03" line.
> With this change:
> Reviewed-by: Petr Vorel <pvorel@suse.cz>
>
> > adjust
> >     the top level comment in the test code.
> Do you plan to do this?

This seems to have already been done.

according to the diff part of "2588dafd4651706ed7ae34ae3b744b0ee8cd6384":

diff --git a/testcases/kernel/syscalls/ipc/shmat/shmat03.c
b/testcases/kernel/syscalls/ipc/shmat/shmat03.c
index 13ea39c63..18d3db028 100644
--- a/testcases/kernel/syscalls/ipc/shmat/shmat03.c
+++ b/testcases/kernel/syscalls/ipc/shmat/shmat03.c
@@ -4,26 +4,28 @@
  * Copyright (c) 2017 Fujitsu Ltd. (Xiao Yang <yangx.jy@cn.fujitsu.com>)
  */
 /*
- * Test for CVE-2017-5669 which allows us to map the nil page using shmat.
+ * Originated as a test for CVE-2017-5669 but as it turns out the CVE was bogus
+ * to begin with and the test was changed into a regression test for commit:
  *

Regards,
Souta Kawahara <souta.kawahara@miraclelinux.com>

More information about the ltp mailing list