From: Richard Palethorpe <rpalethorpe@suse.de>
To: Martin Doucha <mdoucha@suse.cz>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH] Add test for CVE 2022-4378
Date: Mon, 19 Dec 2022 09:30:00 +0000 [thread overview]
Message-ID: <87r0wvu42q.fsf@suse.de> (raw)
In-Reply-To: <20221216170922.21752-1-mdoucha@suse.cz>
Hello,
Martin Doucha <mdoucha@suse.cz> writes:
> Signed-off-by: Martin Doucha <mdoucha@suse.cz>
> ---
> runtest/cve | 1 +
> testcases/cve/.gitignore | 1 +
> testcases/cve/cve-2022-4378.c | 108 ++++++++++++++++++++++++++++++++++
> 3 files changed, 110 insertions(+)
> create mode 100644 testcases/cve/cve-2022-4378.c
>
> diff --git a/runtest/cve b/runtest/cve
> index fd0305aa3..1ba63c2a7 100644
> --- a/runtest/cve
> +++ b/runtest/cve
> @@ -76,3 +76,4 @@ cve-2022-0847 dirtypipe
> cve-2022-2590 dirtyc0w_shmem
> # Tests below may cause kernel memory leak
> cve-2020-25704 perf_event_open03
> +cve-2022-4378 cve-2022-4378
> diff --git a/testcases/cve/.gitignore b/testcases/cve/.gitignore
> index eb0a8b37d..90e8b191c 100644
> --- a/testcases/cve/.gitignore
> +++ b/testcases/cve/.gitignore
> @@ -10,4 +10,5 @@ stack_clash
> cve-2017-17052
> cve-2017-16939
> cve-2017-17053
> +cve-2022-4378
> icmp_rate_limit01
> diff --git a/testcases/cve/cve-2022-4378.c b/testcases/cve/cve-2022-4378.c
> new file mode 100644
> index 000000000..e1c5df325
> --- /dev/null
> +++ b/testcases/cve/cve-2022-4378.c
> @@ -0,0 +1,108 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2022 SUSE LLC <mdoucha@suse.cz>
> + */
> +
> +/*\
> + * CVE 2022-4378
> + *
> + * Check that writing several pages worth of whitespace into /proc/sys files
> + * does not cause kernel stack overflow. Kernel bug fixed in:
> + *
> + * commit bce9332220bd677d83b19d21502776ad555a0e73
> + * Author: Linus Torvalds <torvalds@linux-foundation.org>
> + * Date: Mon Dec 5 12:09:06 2022 -0800
> + *
> + * proc: proc_skip_spaces() shouldn't think it is working on C strings
> + */
Haha, OK, merged with minor fix to null terminate tags array (detected
by make check).
--
Thank you,
Richard.
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2022-12-19 9:37 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-16 17:09 [LTP] [PATCH] Add test for CVE 2022-4378 Martin Doucha
2022-12-19 9:30 ` Richard Palethorpe [this message]
2022-12-19 10:07 ` pvorel
2022-12-19 10:12 ` pvorel
2022-12-19 14:31 ` Richard Palethorpe
2022-12-19 23:58 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r0wvu42q.fsf@suse.de \
--to=rpalethorpe@suse.de \
--cc=ltp@lists.linux.it \
--cc=mdoucha@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.