[LTP] [PATCH v6] fsconfig03: New test CVE-2022-0185
Martin Doucha
mdoucha@suse.cz
Wed Mar 1 14:46:16 CET 2023
Hi,
On 28. 02. 23 4:27, Wei Gao via ltp wrote:
> + for (size_t i = 0; i < 5000; i++) {
> + /* use same logic in kernel legacy_parse_param function */
> + const size_t len = i * (strlen(val) + 2) + (strlen(val) + 1) + 2;
> +
> + if (!strcmp(tst_device->fs_type, "btrfs") && len <= (size_t)pagesize)
> + TST_EXP_PASS_SILENT(fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0));
> + else
> + TST_EXP_FAIL_SILENT(fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0),
> + EINVAL);
> + }
This special case for Btrfs is wrong. Btrfs is just the last major
filesystem which does not implement its own fsconfig() handlers in the
latest kernel release. But on older kernels, the same applies to other
filesystems as well.
Any other filesystem that still uses legacy_parse_param() and has the
CVE fix applied will fail this test with exactly 117 error messages on
x86. That's how many iterations it takes to fill 4KB buffer with the
test string.
--
Martin Doucha mdoucha@suse.cz
QA Engineer for Software Maintenance
SUSE LINUX, s.r.o.
CORSO IIa
Krizikova 148/34
186 00 Prague 8
Czech Republic
More information about the ltp
mailing list