Re: [LTP] [PATCH] gethostbyname_r01: check whether a system is vulnerable or not.

public inbox for ltp@lists.linux.it
 help / color / mirror / Atom feed

From: Cyril Hrubis <chrubis@suse.cz>
To: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
Cc: ltp-list <ltp-list@lists.sourceforge.net>
Subject: Re: [LTP] [PATCH] gethostbyname_r01: check whether a system is vulnerable or not.
Date: Thu, 26 Feb 2015 10:00:27 +0100	[thread overview]
Message-ID: <20150226090012.GA12353@rei.suse.de> (raw)
In-Reply-To: <1424764001.2546.15.camel@G08JYZSD130126.localdomain>

> +/*
> + *   Copyright (c) 2015 Fujitsu Ltd.
> + *   Author: Zeng Linggang <zenglg.jy@cn.fujitsu.com>
> + *
> + *   This program is free software;  you can redistribute it and/or modify
> + *   it under the terms of the GNU General Public License as published by
> + *   the Free Software Foundation; either version 2 of the License, or
> + *   (at your option) any later version.
> + *
> + *   This program is distributed in the hope that it will be useful,
> + *   but WITHOUT ANY WARRANTY;  without even the implied warranty of
> + *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
> + *   the GNU General Public License for more details.
> + */
> +
> +/*
> + * This is a test for glibc bug:
> + * https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
> + */
> +
> +#include <netdb.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <errno.h>
> +#include "test.h"
> +
> +#define CANARY "in_the_coal_mine"
> +
> +static void setup(void);
> +static void cleanup(void);
> +static void check_vulnerable(void);
> +
> +static struct {
> +	char buffer[1024];
> +	char canary[sizeof(CANARY)];
> +} temp = {
> +	"buffer",
> +	CANARY,
> +};
> +
> +char *TCID = "gethostbyname_r01";
> +int TST_TOTAL = 1;
> +
> +int main(int ac, char **av)
> +{
> +	int lc;
> +	const char *msg;
> +
> +	msg = parse_opts(ac, av, NULL, NULL);
> +	if (msg != NULL)
> +		tst_brkm(TBROK, NULL, "OPTION PARSING ERROR - %s", msg);
> +
> +	setup();
> +
> +	for (lc = 0; TEST_LOOPING(lc); lc++) {
> +		tst_count = 0;
> +		check_vulnerable();
> +	}
> +
> +	cleanup();
> +	tst_exit();
> +}
> +
> +static void setup(void)
> +{
> +	tst_sig(NOFORK, DEF_HANDLER, NULL);
> +	TEST_PAUSE;
> +}
> +
> +static void cleanup(void)
> +{
> +}

What is the point of empty cleanup()? If cleanup is not needed we do not
have to define an empty function and call it at the end of the test.

> +static void check_vulnerable(void)
> +{
> +	struct hostent resbuf;
> +	struct hostent *result;
> +	int herrno;
> +	int retval;
> +	char name[sizeof(temp.buffer)];
> +	size_t len;
> +
> +	len = sizeof(temp.buffer) - 16 - 2 * sizeof(char *) - 1;

What is the point of this complicated arithemtic?

> +	memset(name, '0', len);
> +	name[len] = '\0';
> +
> +	retval = gethostbyname_r(name, &resbuf, temp.buffer,
> +				 sizeof(temp.buffer), &result, &herrno);
> +
> +	if (strcmp(temp.canary, CANARY) != 0) {
> +		tst_resm(TFAIL, "vulnerable");
> +		return;
> +	}
> +
> +	if (retval == ERANGE) {
> +		tst_resm(TPASS, "not vulnerable");
> +		return;
> +	}
> +
> +	tst_resm(TFAIL, "should not happen");

Better failure message here please. I guess from the code that
gethostbyname_r returns errno then something like:

tst_resm(TFAIL,
         "gethostbyname_r() returned %s, expected ERANGE",
         tst_strerrno(retval));

-- 
Cyril Hrubis
chrubis@suse.cz

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

next prev parent reply	other threads:[~2015-02-26  9:01 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-02-24  7:46 [LTP] [PATCH] gethostbyname_r01: check whether a system is vulnerable or not Zeng Linggang
2015-02-26  9:00 ` Cyril Hrubis [this message]
     [not found]   ` <1449902344.19156887.1424942209488.JavaMail.zimbra@redhat.com>
2015-02-26  9:23     ` Cyril Hrubis
2015-02-26  9:26       ` Cyril Hrubis
     [not found]         ` <1152905776.19309335.1424957443988.JavaMail.zimbra@redhat.com>
2015-02-26 13:39           ` Cyril Hrubis
     [not found]   ` <1425016398.11179.22.camel@G08JYZSD130126.localdomain>
2015-03-02 15:13     ` [LTP] [PATCH v2] " Cyril Hrubis
     [not found]       ` <741733497.21023393.1425309844772.JavaMail.zimbra@redhat.com>
2015-03-02 15:41         ` Cyril Hrubis

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150226090012.GA12353@rei.suse.de \
    --to=chrubis@suse.cz \
    --cc=ltp-list@lists.sourceforge.net \
    --cc=zenglg.jy@cn.fujitsu.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox