From: Cyril Hrubis <chrubis@suse.cz>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v4] Test for CVE-2017-5669 in shmat
Date: Thu, 20 Jul 2017 13:13:50 +0200 [thread overview]
Message-ID: <20170720111349.GA32092@rei> (raw)
In-Reply-To: <20170720100927.996-1-rpalethorpe@suse.com>
Hi!
> +static int shm_id;
> +static void *shm_addr;
> +
> +static void setup(void)
> +{
> + shm_id = SAFE_SHMGET(IPC_PRIVATE, getpagesize(), 0777);
> +}
> +
> +static void cleanup(void)
> +{
> + if (shm_addr)
> + SAFE_SHMDT(shm_addr);
> + shm_addr = 0;
> +
> + if (shm_id)
> + SAFE_SHMCTL(shm_id, IPC_RMID, 0);
> + shm_id = 0;
> +}
I've removed the assignments from here, since these were useless.
> +static void run(void)
> +{
> + tst_res(TINFO, "Attempting to attach shared memory to null page");
> + shm_addr = shmat(shm_id, ((void *)1), SHM_RND);
> + if (shm_addr == (void *)-1) {
> + shm_addr = 0;
> + if (errno == EINVAL) {
> + tst_res(TPASS, "shmat returned EINVAL");
> + return;
> + }
> + tst_brk(TBROK | TERRNO,
> + "The bug was not triggered, but the shmat error is unexpected");
> + }
> +
> + tst_res(TINFO, "Mapped shared memory to %p", shm_addr);
> +
> + if (!((size_t)shm_addr & (~0U << 16)))
> + tst_res(TFAIL,
> + "We have mapped a VM address within the first 64Kb");
> + else
> + tst_res(TPASS,
> + "The kernel assigned a different VM address");
> +
> + tst_res(TINFO,
> + "Touching shared memory to see if anything strange happens");
> + ((char *)shm_addr)[0] = 'P';
> +
> + SAFE_SHMDT(shm_addr);
> + shm_addr = 0;
> +}
And used NULL for shm_addr ones and pushed, thanks.
--
Cyril Hrubis
chrubis@suse.cz
next prev parent reply other threads:[~2017-07-20 11:13 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-23 12:22 [LTP] [PATCH v3 0/9] CVE Tests Richard Palethorpe
2017-06-23 12:22 ` [LTP] [PATCH v3 1/9] Add fuzzy synchronisation library for triggering races Richard Palethorpe
2017-07-19 9:13 ` Cyril Hrubis
2017-07-25 12:22 ` Richard Palethorpe
2017-06-23 12:22 ` [LTP] [PATCH v3 2/9] Test for vulnerability CVE-2016-7117 in recvmmsg error return path Richard Palethorpe
2017-07-19 9:39 ` Cyril Hrubis
2017-06-23 12:22 ` [LTP] [PATCH v3 3/9] Test for CVE-2016-4997 on setsockopt Richard Palethorpe
2017-07-19 10:35 ` Cyril Hrubis
2019-06-11 9:14 ` Petr Vorel
2017-06-23 12:22 ` [LTP] [PATCH v3 4/9] Test for uname26 exploit CVE-2012-0957 Richard Palethorpe
2017-07-19 10:44 ` Cyril Hrubis
2017-06-23 12:22 ` [LTP] [PATCH v3 5/9] Add CVE .gitignore, Makefile and runtest files Richard Palethorpe
2017-07-19 11:51 ` Cyril Hrubis
2017-06-23 12:22 ` [LTP] [PATCH v3 6/9] Test for CVE-2014-0196 PTY echo race Richard Palethorpe
2017-07-19 13:01 ` Cyril Hrubis
2017-06-23 12:22 ` [LTP] [PATCH v3 7/9] Test for CVE-2017-5669 in shmat Richard Palethorpe
2017-07-19 13:19 ` Cyril Hrubis
2017-07-19 14:02 ` Richard Palethorpe
2017-07-19 14:50 ` Cyril Hrubis
2017-07-20 10:09 ` [LTP] [PATCH v4] " Richard Palethorpe
2017-07-20 11:13 ` Cyril Hrubis [this message]
2017-06-23 12:22 ` [LTP] [PATCH v3 8/9] Test for CVE-2017-6951 in request_key Richard Palethorpe
2017-07-19 13:23 ` Cyril Hrubis
2017-06-23 12:22 ` [LTP] [PATCH v3 9/9] Test for CVE-2017-2671 on ping sockets Richard Palethorpe
2017-07-20 12:08 ` Cyril Hrubis
2017-07-24 8:53 ` [LTP] [PATCH v4] " Richard Palethorpe
2017-07-27 13:25 ` Cyril Hrubis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170720111349.GA32092@rei \
--to=chrubis@suse.cz \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.