From: Richard Palethorpe <rpalethorpe@suse.de>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH] kill13, CVE-2018-10124: Reproduce INT_MIN negation
Date: Wed, 07 Jul 2021 08:52:43 +0100 [thread overview]
Message-ID: <87fswq7e7o.fsf@suse.de> (raw)
In-Reply-To: <20210707071838.27834-1-rpalethorpe@suse.com>
Richard Palethorpe <rpalethorpe@suse.com> writes:
> Signed-off-by: Richard Palethorpe <rpalethorpe@suse.com>
Fixes: https://github.com/linux-test-project/ltp/issues/323
> ---
> runtest/cve | 1 +
> runtest/syscalls | 1 +
> testcases/kernel/syscalls/kill/.gitignore | 1 +
> testcases/kernel/syscalls/kill/kill13.c | 35 +++++++++++++++++++++++
> 4 files changed, 38 insertions(+)
> create mode 100644 testcases/kernel/syscalls/kill/kill13.c
>
> diff --git a/runtest/cve b/runtest/cve
> index 5a6ef966d..226b5ea44 100644
> --- a/runtest/cve
> +++ b/runtest/cve
> @@ -49,6 +49,7 @@ cve-2018-5803 sctp_big_chunk
> cve-2018-7566 snd_seq01
> cve-2018-8897 ptrace09
> cve-2018-9568 connect02
> +cve-2018-10124 kill13
> cve-2018-1000001 realpath01
> cve-2018-1000199 ptrace08
> cve-2018-1000204 ioctl_sg01
> diff --git a/runtest/syscalls b/runtest/syscalls
> index 98fe3c02e..0c1e16f9e 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -644,6 +644,7 @@ kill09 kill09
> kill10 kill10
> kill11 kill11
> kill12 kill12
> +kill13 kill13
>
> lchown01 lchown01
> lchown01_16 lchown01_16
> diff --git a/testcases/kernel/syscalls/kill/.gitignore b/testcases/kernel/syscalls/kill/.gitignore
> index 75fdaa561..810ed0200 100644
> --- a/testcases/kernel/syscalls/kill/.gitignore
> +++ b/testcases/kernel/syscalls/kill/.gitignore
> @@ -8,3 +8,4 @@
> /kill10
> /kill11
> /kill12
> +/kill13
> diff --git a/testcases/kernel/syscalls/kill/kill13.c b/testcases/kernel/syscalls/kill/kill13.c
> new file mode 100644
> index 000000000..b5afb653f
> --- /dev/null
> +++ b/testcases/kernel/syscalls/kill/kill13.c
> @@ -0,0 +1,35 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2021 SUSE LLC <rpalethorpe@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * Reproducer of CVE-2018-10124; INT_MIN negation.
> + *
> + * Most likely this test will always pass without UBSAN
> + * enabled. Perhaps unless negating INT_MIN results in -1 or
> + * 0. However on my computer it just results in INT_MIN.
> + *
> + */
> +
> +#include <limits.h>
> +#include <signal.h>
> +#include "tst_test.h"
> +
> +static void run(void)
> +{
> + TST_EXP_FAIL2(kill(INT_MIN, 1000), ESRCH,
> + "kill(INT_MIN, ...) fails with ESRCH");
> +}
> +
> +static struct tst_test test = {
> + .test_all = run,
> + .taint_check = TST_TAINT_W | TST_TAINT_D,
> + .tags = (const struct tst_tag[]) {
> + {"linux-git", "4ea77014af0d"},
> + {"CVE", "CVE-2018-10124"},
> + {}
> + }
> +};
--
Thank you,
Richard.
next prev parent reply other threads:[~2021-07-07 7:52 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-07 7:18 [LTP] [PATCH] kill13, CVE-2018-10124: Reproduce INT_MIN negation Richard Palethorpe
2021-07-07 7:52 ` Richard Palethorpe [this message]
2021-07-07 8:35 ` Joerg Vehlow
2021-07-07 8:48 ` Joerg Vehlow
2021-07-07 10:01 ` Richard Palethorpe
2021-07-07 10:16 ` Joerg Vehlow
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fswq7e7o.fsf@suse.de \
--to=rpalethorpe@suse.de \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.