From: Petr Vorel <pvorel@suse.cz>
To: Wei Gao <wegao@suse.com>
Cc: Richard Palethorpe <rpalethorpe@suse.com>, ltp@lists.linux.it
Subject: Re: [LTP] [PATCH v4] fsconfig03: New test CVE-2022-0185
Date: Fri, 17 Feb 2023 08:48:03 +0100 [thread overview]
Message-ID: <Y+8xM+n6OTP5oCuj@pevik> (raw)
In-Reply-To: <20230216235218.25757-1-wegao@suse.com>
Hi all,
...
> +/*\
> + * [Description]
> + *
> + * Test for CVE-2022-0185.
> + *
> + * References links:
Here needs to be empty blank line (can be fixed before merge).
> + * - https://www.openwall.com/lists/oss-security/2022/01/25/14
> + * - https://github.com/Crusaders-of-Rust/CVE-2022-0185
> + */
Otherwise the final formatting will be without list:
References links: - https://www.openwall.com/lists/oss-security/2022/01/25/14 - https://github.com/Crusaders-of-Rust/CVE-2022-0185
We need some checker which reports that, because nobody knows it.
I also forget on it when putting example for v2.
> +
> +#include "tst_test.h"
> +#include "lapi/fsmount.h"
> +
> +#define MNTPOINT "mntpoint"
> +
> +static int fd = -1;
> +
> +static void setup(void)
> +{
> + fsopen_supported_by_kernel();
> +}
> +
> +static void run(void)
> +{
> + char *val = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
> + long pagesize;
> +
> + TEST(fd = fsopen(tst_device->fs_type, 0));
> + if (fd == -1)
> + tst_brk(TBROK | TTERRNO, "fsopen() failed");
Yes, this is needed to be in test function (it's not enough to be in the
setup()).
> +
> + pagesize = sysconf(_SC_PAGESIZE);
> + if (pagesize == -1)
> + tst_brk(TBROK, "sysconf(_SC_PAGESIZE) failed");
> +
> + for (size_t i = 0; i < 5000; i++) {
> + /* use same logic in kernel legacy_parse_param function */
> + const size_t len = i * (strlen(val) + 2) + (strlen(val) + 1) + 2;
> +
> + if (!strcmp(tst_device->fs_type, "btrfs") && len <= (size_t)pagesize) {
> + TST_EXP_PASS_SILENT(fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0));
> + if (TST_ERR)
> + return;
> + } else {
> + TST_EXP_FAIL_SILENT(fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0),
> + EINVAL);
> + if (!TST_PASS)
> + return;
> + }
> + }
> +
> + if (fd != -1)
> + SAFE_CLOSE(fd);
Very good to catch open file descriptor leak (which would leak if this was in
cleanup()).
> +
> + tst_res(TPASS, "fsconfig() overflow on %s haven't triggerred crash",
> + tst_device->fs_type);
> +}
It looks to be ready from my site, I'll test it on various kernels to double
check any problem.
Kind regards,
Petr
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2023-02-17 7:48 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-29 11:50 [LTP] [PATCH v1] fsconfig: New case cover CVE-2022-0185 Wei Gao via ltp
2023-02-01 12:49 ` Petr Vorel
2023-02-06 10:38 ` Wei Gao via ltp
2023-02-06 16:19 ` Petr Vorel
2023-02-08 9:01 ` Wei Gao via ltp
2023-02-08 15:48 ` Petr Vorel
2023-02-09 2:25 ` Wei Gao via ltp
2023-02-09 10:10 ` Cyril Hrubis
2023-02-09 11:37 ` Wei Gao via ltp
2023-02-06 16:42 ` Wei Gao via ltp
2023-02-09 13:19 ` [LTP] [PATCH v2] " Wei Gao via ltp
2023-02-09 14:15 ` Petr Vorel
2023-02-09 14:27 ` Cyril Hrubis
2023-02-09 14:40 ` Petr Vorel
2023-02-09 14:53 ` Cyril Hrubis
2023-02-09 14:35 ` Petr Vorel
2023-02-09 14:52 ` Cyril Hrubis
2023-02-09 15:18 ` Petr Vorel
2023-02-10 8:22 ` Wei Gao via ltp
2023-02-10 9:00 ` Wei Gao via ltp
2023-02-13 1:09 ` [LTP] [PATCH v3] fsconfig03: New test CVE-2022-0185 Wei Gao via ltp
2023-02-14 11:05 ` Richard Palethorpe
2023-02-16 9:42 ` Wei Gao via ltp
2023-02-16 12:09 ` Richard Palethorpe
2023-02-16 12:54 ` Wei Gao via ltp
2023-02-16 23:52 ` [LTP] [PATCH v4] " Wei Gao via ltp
2023-02-17 7:48 ` Petr Vorel [this message]
2023-02-17 8:47 ` Petr Vorel
2023-02-17 9:19 ` Wei Gao via ltp
2023-02-27 16:20 ` Richard Palethorpe
2023-02-28 3:22 ` [LTP] [PATCH v5] " Wei Gao via ltp
2023-02-28 3:27 ` [LTP] [PATCH v6] " Wei Gao via ltp
2023-02-28 8:49 ` Richard Palethorpe
2023-03-01 13:46 ` Martin Doucha
2023-03-01 14:12 ` Wei Gao via ltp
2023-03-02 1:45 ` [LTP] [PATCH v7] fsconfig03: SKIP check return value for old kernel Wei Gao via ltp
2023-03-02 10:00 ` Petr Vorel
2023-03-02 10:45 ` Wei Gao via ltp
2023-03-02 10:03 ` Petr Vorel
2023-03-04 2:03 ` [LTP] [PATCH v8] " Wei Gao via ltp
2023-03-07 9:23 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y+8xM+n6OTP5oCuj@pevik \
--to=pvorel@suse.cz \
--cc=ltp@lists.linux.it \
--cc=rpalethorpe@suse.com \
--cc=wegao@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.