[LTP] [PATCH v1] mq_notify03.c: New test CVE-2021-38604

[LTP] [PATCH v1] mq_notify03.c: New test CVE-2021-38604

[Wei Gao via ltp]

This test is come from glibc test mq_notify.c.
Implements following logic:
1) Create POSIX message queue.
   Register a notification with mq_notify (using NULL attributes).
   Then immediately unregister the notification with mq_notify.
   Helper thread in a vulnerable version of glibc
   should cause NULL pointer dereference after these steps.
2) Once again, register the same notification.
   Try to send a dummy message.
   Test is considered successfulif the dummy message
   is successfully received by the callback function.

Signed-off-by: Wei Gao <wegao@suse.com>
---
 runtest/cve                                   |   1 +
 runtest/syscalls                              |   1 +
 .../kernel/syscalls/mq_notify/.gitignore      |   1 +
 .../kernel/syscalls/mq_notify/mq_notify03.c   | 105 ++++++++++++++++++
 4 files changed, 108 insertions(+)
 create mode 100644 testcases/kernel/syscalls/mq_notify/mq_notify03.c

diff --git a/runtest/cve b/runtest/cve
index 1ba63c2a7..07bcac0b0 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -74,6 +74,7 @@ cve-2021-26708 vsock01
 cve-2021-22600 setsockopt09
 cve-2022-0847 dirtypipe
 cve-2022-2590 dirtyc0w_shmem
+cve-2021-38604 mq_notify03
 # Tests below may cause kernel memory leak
 cve-2020-25704 perf_event_open03
 cve-2022-4378 cve-2022-4378
diff --git a/runtest/syscalls b/runtest/syscalls
index 81c30402b..536140a3e 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -832,6 +832,7 @@ pkey01 pkey01
 
 mq_notify01 mq_notify01
 mq_notify02 mq_notify02
+mq_notify03 mq_notify03
 mq_open01 mq_open01
 mq_timedreceive01 mq_timedreceive01
 mq_timedsend01 mq_timedsend01
diff --git a/testcases/kernel/syscalls/mq_notify/.gitignore b/testcases/kernel/syscalls/mq_notify/.gitignore
index cca05a7fa..3f9403c05 100644
--- a/testcases/kernel/syscalls/mq_notify/.gitignore
+++ b/testcases/kernel/syscalls/mq_notify/.gitignore
@@ -1,2 +1,3 @@
 /mq_notify01
 /mq_notify02
+/mq_notify03
diff --git a/testcases/kernel/syscalls/mq_notify/mq_notify03.c b/testcases/kernel/syscalls/mq_notify/mq_notify03.c
new file mode 100644
index 000000000..6b31e1df1
--- /dev/null
+++ b/testcases/kernel/syscalls/mq_notify/mq_notify03.c
@@ -0,0 +1,105 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (c) The GNU Toolchain Authors.
+ * Copyright (c) 2023 Wei Gao <wegao@suse.com>
+ *
+ */
+
+/*\
+ * [Description]
+ *
+ * Test for NULL pointer dereference in mq_notify(CVE-2021-38604)
+ *
+ * References links:
+ * - https://sourceware.org/bugzilla/show_bug.cgi?id=28213
+ */
+
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <mqueue.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <string.h>
+#include "tst_test.h"
+#include "tst_safe_posix_ipc.h"
+
+static mqd_t m = -1;
+static const char msg[] = "hello";
+
+static void check_bz28213_cb(union sigval sv)
+{
+	char buf[sizeof(msg)];
+
+	(void)sv;
+
+	TST_EXP_PASS(!((size_t) mq_receive(m, buf, sizeof(buf), NULL)
+				== sizeof(buf)));
+	TST_EXP_PASS(!(memcmp(buf, msg, sizeof(buf)) == 0));
+
+	exit(0);
+}
+
+static void check_bz28213(void)
+{
+	struct sigevent sev;
+
+	memset(&sev, '\0', sizeof(sev));
+	sev.sigev_notify = SIGEV_THREAD;
+	sev.sigev_notify_function = check_bz28213_cb;
+
+	/* Step 1: Register & unregister notifier.
+	 * Helper thread should receive NOTIFY_REMOVED notification.
+	 * In a vulnerable version of glibc, NULL pointer dereference follows.
+	 */
+	TST_EXP_PASS(!(mq_notify(m, &sev) == 0));
+	TST_EXP_PASS(!(mq_notify(m, NULL) == 0));
+
+	/* Step 2: Once again, register notification.
+	 * Try to send one message.
+	 * Test is considered successful, if the callback does exit (0).
+	 */
+	TST_EXP_PASS(!(mq_notify(m, &sev) == 0));
+	TST_EXP_PASS(!(mq_send(m, msg, sizeof(msg), 1) == 0));
+
+	/* Wait... */
+	pause();
+}
+
+static void do_test(void)
+{
+	static const char m_name[] = "/bz28213_queue";
+	struct mq_attr m_attr;
+
+	memset(&m_attr, '\0', sizeof(m_attr));
+	m_attr.mq_maxmsg = 1;
+	m_attr.mq_msgsize = sizeof(msg);
+
+	m = SAFE_MQ_OPEN(m_name,
+			O_RDWR | O_CREAT | O_EXCL,
+			0600,
+			&m_attr);
+
+	if (m < 0) {
+		if (errno == ENOSYS)
+			tst_brk(TCONF, "POSIX message queues are not implemented");
+		tst_brk(TFAIL | TTERRNO, "mq_open failed");
+	}
+
+	TST_EXP_PASS(!(mq_unlink(m_name) == 0));
+
+	check_bz28213();
+}
+
+
+static struct tst_test test = {
+	.test_all = do_test,
+	.tags = (const struct tst_tag[]) {
+		{"glibc-git", "b805aebd42"},
+		{"CVE", "2021-38604"},
+		{}
+	},
+	.needs_root = 1,
+};
-- 
2.35.3


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v1] mq_notify03.c: New test CVE-2021-38604

[Cyril Hrubis]

Hi!
> +/*\
> + * [Description]
> + *
> + * Test for NULL pointer dereference in mq_notify(CVE-2021-38604)
> + *
> + * References links:
> + * - https://sourceware.org/bugzilla/show_bug.cgi?id=28213
> + */
> +
> +#include <errno.h>
> +#include <sys/types.h>
> +#include <sys/stat.h>
> +#include <fcntl.h>
> +#include <unistd.h>
> +#include <mqueue.h>
> +#include <signal.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include "tst_test.h"
> +#include "tst_safe_posix_ipc.h"
> +
> +static mqd_t m = -1;
> +static const char msg[] = "hello";
> +
> +static void check_bz28213_cb(union sigval sv)
> +{
> +	char buf[sizeof(msg)];
> +
> +	(void)sv;
> +
> +	TST_EXP_PASS(!((size_t) mq_receive(m, buf, sizeof(buf), NULL)

Does this line of code even compile?

> +	TST_EXP_PASS(!(memcmp(buf, msg, sizeof(buf)) == 0));
> +
> +	exit(0);
> +}
> +
> +static void check_bz28213(void)
> +{
> +	struct sigevent sev;
> +
> +	memset(&sev, '\0', sizeof(sev));
> +	sev.sigev_notify = SIGEV_THREAD;
> +	sev.sigev_notify_function = check_bz28213_cb;
> +
> +	/* Step 1: Register & unregister notifier.
> +	 * Helper thread should receive NOTIFY_REMOVED notification.
> +	 * In a vulnerable version of glibc, NULL pointer dereference follows.
> +	 */
> +	TST_EXP_PASS(!(mq_notify(m, &sev) == 0));
> +	TST_EXP_PASS(!(mq_notify(m, NULL) == 0));

That's not how use use the TST_EXP_PASS() macro, the bare mq_notify()
call should be inside.

> +	/* Step 2: Once again, register notification.
> +	 * Try to send one message.
> +	 * Test is considered successful, if the callback does exit (0).
> +	 */
> +	TST_EXP_PASS(!(mq_notify(m, &sev) == 0));
> +	TST_EXP_PASS(!(mq_send(m, msg, sizeof(msg), 1) == 0));

Here as well.

> +	/* Wait... */
> +	pause();
> +}
> +
> +static void do_test(void)
> +{
> +	static const char m_name[] = "/bz28213_queue";
                                       ^
				       We tend to prefix globaly visible
				       object with ltp_ and use the test
				       name in there, so in this case
				       this would be "/ltp_mq_notify03"
> +	struct mq_attr m_attr;
> +
> +	memset(&m_attr, '\0', sizeof(m_attr));
> +	m_attr.mq_maxmsg = 1;
> +	m_attr.mq_msgsize = sizeof(msg);
> +
> +	m = SAFE_MQ_OPEN(m_name,
> +			O_RDWR | O_CREAT | O_EXCL,
> +			0600,
> +			&m_attr);
> +
> +	if (m < 0) {
> +		if (errno == ENOSYS)
> +			tst_brk(TCONF, "POSIX message queues are not implemented");
> +		tst_brk(TFAIL | TTERRNO, "mq_open failed");
> +	}

This will never work, the SAFE_MQ_OPEN() will exit the test if the call
fails with ENOSYS. You have to check for the support in a test setup
instead.

Also I think that unlike the SysV IPC the POSIX IPC cannot be disabled
in kernel .config, so ENOSYS handling may not be needed after all.

> +	TST_EXP_PASS(!(mq_unlink(m_name) == 0));

Here as well.

> +	check_bz28213();
               ^
	       This is poorly choosen name for a function, can we please
	       call this more descriptive name? What about
	       try_null_dereference() ?
> +}
> +
> +
> +static struct tst_test test = {
> +	.test_all = do_test,
> +	.tags = (const struct tst_tag[]) {
> +		{"glibc-git", "b805aebd42"},
> +		{"CVE", "2021-38604"},
> +		{}
> +	},
> +	.needs_root = 1,
> +};
> -- 
> 2.35.3
> 
> 
> -- 
> Mailing list info: https://lists.linux.it/listinfo/ltp

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v1] mq_notify03.c: New test CVE-2021-38604

[Wei Gao via ltp]

On Fri, Feb 17, 2023 at 05:05:06PM +0100, Cyril Hrubis wrote:
> Hi!
> > +/*\
> > + * [Description]
> > + *
> > + * Test for NULL pointer dereference in mq_notify(CVE-2021-38604)
> > + *
> > + * References links:
> > + * - https://sourceware.org/bugzilla/show_bug.cgi?id=28213
> > + */
> > +
> > +#include <errno.h>
> > +#include <sys/types.h>
> > +#include <sys/stat.h>
> > +#include <fcntl.h>
> > +#include <unistd.h>
> > +#include <mqueue.h>
> > +#include <signal.h>
> > +#include <stdlib.h>
> > +#include <string.h>
> > +#include "tst_test.h"
> > +#include "tst_safe_posix_ipc.h"
> > +
> > +static mqd_t m = -1;
> > +static const char msg[] = "hello";
> > +
> > +static void check_bz28213_cb(union sigval sv)
> > +{
> > +	char buf[sizeof(msg)];
> > +
> > +	(void)sv;
> > +
> > +	TST_EXP_PASS(!((size_t) mq_receive(m, buf, sizeof(buf), NULL)
> 
> Does this line of code even compile?
Yes, this wrong code can pass complie : )

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v2] mq_notify03.c: New test CVE-2021-38604

[Wei Gao via ltp]

This test is come from glibc test mq_notify.c.
Implements following logic:
1) Create POSIX message queue.
   Register a notification with mq_notify (using NULL attributes).
   Then immediately unregister the notification with mq_notify.
   Helper thread in a vulnerable version of glibc
   should cause NULL pointer dereference after these steps.
2) Once again, register the same notification.
   Try to send a dummy message.
   Test is considered successfulif the dummy message
   is successfully received by the callback function.

Signed-off-by: Wei Gao <wegao@suse.com>
---
 runtest/cve                                   |  1 +
 runtest/syscalls                              |  1 +
 .../kernel/syscalls/mq_notify/.gitignore      |  1 +
 .../kernel/syscalls/mq_notify/mq_notify03.c   | 99 +++++++++++++++++++
 4 files changed, 102 insertions(+)
 create mode 100644 testcases/kernel/syscalls/mq_notify/mq_notify03.c

diff --git a/runtest/cve b/runtest/cve
index 1ba63c2a7..07bcac0b0 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -74,6 +74,7 @@ cve-2021-26708 vsock01
 cve-2021-22600 setsockopt09
 cve-2022-0847 dirtypipe
 cve-2022-2590 dirtyc0w_shmem
+cve-2021-38604 mq_notify03
 # Tests below may cause kernel memory leak
 cve-2020-25704 perf_event_open03
 cve-2022-4378 cve-2022-4378
diff --git a/runtest/syscalls b/runtest/syscalls
index 81c30402b..536140a3e 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -832,6 +832,7 @@ pkey01 pkey01
 
 mq_notify01 mq_notify01
 mq_notify02 mq_notify02
+mq_notify03 mq_notify03
 mq_open01 mq_open01
 mq_timedreceive01 mq_timedreceive01
 mq_timedsend01 mq_timedsend01
diff --git a/testcases/kernel/syscalls/mq_notify/.gitignore b/testcases/kernel/syscalls/mq_notify/.gitignore
index cca05a7fa..3f9403c05 100644
--- a/testcases/kernel/syscalls/mq_notify/.gitignore
+++ b/testcases/kernel/syscalls/mq_notify/.gitignore
@@ -1,2 +1,3 @@
 /mq_notify01
 /mq_notify02
+/mq_notify03
diff --git a/testcases/kernel/syscalls/mq_notify/mq_notify03.c b/testcases/kernel/syscalls/mq_notify/mq_notify03.c
new file mode 100644
index 000000000..5c322ef0e
--- /dev/null
+++ b/testcases/kernel/syscalls/mq_notify/mq_notify03.c
@@ -0,0 +1,99 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (c) The GNU Toolchain Authors.
+ * Copyright (c) 2023 Wei Gao <wegao@suse.com>
+ *
+ */
+
+/*\
+ * [Description]
+ *
+ * Test for NULL pointer dereference in mq_notify(CVE-2021-38604)
+ *
+ * References links:
+ * - https://sourceware.org/bugzilla/show_bug.cgi?id=28213
+ */
+
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <mqueue.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <string.h>
+#include "tst_test.h"
+#include "tst_safe_posix_ipc.h"
+
+static mqd_t m = -1;
+static const char msg[] = "hello";
+
+static void try_null_dereference_cb(union sigval sv)
+{
+	char buf[sizeof(msg)];
+
+	(void)sv;
+
+	TST_EXP_VAL((size_t) mq_receive(m, buf, sizeof(buf), NULL)
+				, sizeof(buf));
+	TST_EXP_PASS(memcmp(buf, msg, sizeof(buf)));
+
+	exit(0);
+}
+
+static void try_null_dereference(void)
+{
+	struct sigevent sev;
+
+	memset(&sev, '\0', sizeof(sev));
+	sev.sigev_notify = SIGEV_THREAD;
+	sev.sigev_notify_function = try_null_dereference_cb;
+
+	/* Step 1: Register & unregister notifier.
+	 * Helper thread should receive NOTIFY_REMOVED notification.
+	 * In a vulnerable version of glibc, NULL pointer dereference follows.
+	 */
+	TST_EXP_PASS(mq_notify(m, &sev));
+	TST_EXP_PASS(mq_notify(m, NULL));
+
+	/* Step 2: Once again, register notification.
+	 * Try to send one message.
+	 * Test is considered successful, if the callback does exit (0).
+	 */
+	TST_EXP_PASS(mq_notify(m, &sev));
+	TST_EXP_PASS(mq_send(m, msg, sizeof(msg), 1));
+
+	/* Wait... */
+	pause();
+}
+
+static void do_test(void)
+{
+	static const char m_name[] = "/ltp_mq_notify03";
+	struct mq_attr m_attr;
+
+	memset(&m_attr, '\0', sizeof(m_attr));
+	m_attr.mq_maxmsg = 1;
+	m_attr.mq_msgsize = sizeof(msg);
+
+	m = SAFE_MQ_OPEN(m_name,
+			O_RDWR | O_CREAT | O_EXCL,
+			0600,
+			&m_attr);
+
+	TST_EXP_PASS(mq_unlink(m_name));
+
+	try_null_dereference();
+}
+
+
+static struct tst_test test = {
+	.test_all = do_test,
+	.tags = (const struct tst_tag[]) {
+		{"glibc-git", "b805aebd42"},
+		{"CVE", "2021-38604"},
+		{}
+	},
+	.needs_root = 1,
+};
-- 
2.35.3


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v2] mq_notify03.c: New test CVE-2021-38604

[Souta Kawahara]

Hi!

I tried this test on several environments and got the expected results. 
and no problems were encountered.
env1) Test PASSED on glibc2.23-21.fc34 after vulnerability fix.
env2) Test PASSED on glibc2.23-5.fc34 before the regression.
env3) Test FAILED as expected on glibc2.23-16.fc34 after the regression, 
before vulnerability fix.

It looks good from my site.
If there is anything else I should check, please let me know.

Thank you!

On 2023/02/21 11:08, Wei Gao via ltp wrote:
> This test is come from glibc test mq_notify.c.
> Implements following logic:
> 1) Create POSIX message queue.
>     Register a notification with mq_notify (using NULL attributes).
>     Then immediately unregister the notification with mq_notify.
>     Helper thread in a vulnerable version of glibc
>     should cause NULL pointer dereference after these steps.
> 2) Once again, register the same notification.
>     Try to send a dummy message.
>     Test is considered successfulif the dummy message
>     is successfully received by the callback function.
> 
> Signed-off-by: Wei Gao <wegao@suse.com>
> ---
>   runtest/cve                                   |  1 +
>   runtest/syscalls                              |  1 +
>   .../kernel/syscalls/mq_notify/.gitignore      |  1 +
>   .../kernel/syscalls/mq_notify/mq_notify03.c   | 99 +++++++++++++++++++
>   4 files changed, 102 insertions(+)
>   create mode 100644 testcases/kernel/syscalls/mq_notify/mq_notify03.c
> 
> diff --git a/runtest/cve b/runtest/cve
> index 1ba63c2a7..07bcac0b0 100644
> --- a/runtest/cve
> +++ b/runtest/cve
> @@ -74,6 +74,7 @@ cve-2021-26708 vsock01
>   cve-2021-22600 setsockopt09
>   cve-2022-0847 dirtypipe
>   cve-2022-2590 dirtyc0w_shmem
> +cve-2021-38604 mq_notify03
>   # Tests below may cause kernel memory leak
>   cve-2020-25704 perf_event_open03
>   cve-2022-4378 cve-2022-4378
> diff --git a/runtest/syscalls b/runtest/syscalls
> index 81c30402b..536140a3e 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -832,6 +832,7 @@ pkey01 pkey01
>   
>   mq_notify01 mq_notify01
>   mq_notify02 mq_notify02
> +mq_notify03 mq_notify03
>   mq_open01 mq_open01
>   mq_timedreceive01 mq_timedreceive01
>   mq_timedsend01 mq_timedsend01
> diff --git a/testcases/kernel/syscalls/mq_notify/.gitignore b/testcases/kernel/syscalls/mq_notify/.gitignore
> index cca05a7fa..3f9403c05 100644
> --- a/testcases/kernel/syscalls/mq_notify/.gitignore
> +++ b/testcases/kernel/syscalls/mq_notify/.gitignore
> @@ -1,2 +1,3 @@
>   /mq_notify01
>   /mq_notify02
> +/mq_notify03
> diff --git a/testcases/kernel/syscalls/mq_notify/mq_notify03.c b/testcases/kernel/syscalls/mq_notify/mq_notify03.c
> new file mode 100644
> index 000000000..5c322ef0e
> --- /dev/null
> +++ b/testcases/kernel/syscalls/mq_notify/mq_notify03.c
> @@ -0,0 +1,99 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (c) The GNU Toolchain Authors.
> + * Copyright (c) 2023 Wei Gao <wegao@suse.com>
> + *
> + */
> +
> +/*\
> + * [Description]
> + *
> + * Test for NULL pointer dereference in mq_notify(CVE-2021-38604)
> + *
> + * References links:
> + * - https://sourceware.org/bugzilla/show_bug.cgi?id=28213
> + */
> +
> +#include <errno.h>
> +#include <sys/types.h>
> +#include <sys/stat.h>
> +#include <fcntl.h>
> +#include <unistd.h>
> +#include <mqueue.h>
> +#include <signal.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include "tst_test.h"
> +#include "tst_safe_posix_ipc.h"
> +
> +static mqd_t m = -1;
> +static const char msg[] = "hello";
> +
> +static void try_null_dereference_cb(union sigval sv)
> +{
> +	char buf[sizeof(msg)];
> +
> +	(void)sv;
> +
> +	TST_EXP_VAL((size_t) mq_receive(m, buf, sizeof(buf), NULL)
> +				, sizeof(buf));
> +	TST_EXP_PASS(memcmp(buf, msg, sizeof(buf)));
> +
> +	exit(0);
> +}
> +
> +static void try_null_dereference(void)
> +{
> +	struct sigevent sev;
> +
> +	memset(&sev, '\0', sizeof(sev));
> +	sev.sigev_notify = SIGEV_THREAD;
> +	sev.sigev_notify_function = try_null_dereference_cb;
> +
> +	/* Step 1: Register & unregister notifier.
> +	 * Helper thread should receive NOTIFY_REMOVED notification.
> +	 * In a vulnerable version of glibc, NULL pointer dereference follows.
> +	 */
> +	TST_EXP_PASS(mq_notify(m, &sev));
> +	TST_EXP_PASS(mq_notify(m, NULL));
> +
> +	/* Step 2: Once again, register notification.
> +	 * Try to send one message.
> +	 * Test is considered successful, if the callback does exit (0).
> +	 */
> +	TST_EXP_PASS(mq_notify(m, &sev));
> +	TST_EXP_PASS(mq_send(m, msg, sizeof(msg), 1));
> +
> +	/* Wait... */
> +	pause();
> +}
> +
> +static void do_test(void)
> +{
> +	static const char m_name[] = "/ltp_mq_notify03";
> +	struct mq_attr m_attr;
> +
> +	memset(&m_attr, '\0', sizeof(m_attr));
> +	m_attr.mq_maxmsg = 1;
> +	m_attr.mq_msgsize = sizeof(msg);
> +
> +	m = SAFE_MQ_OPEN(m_name,
> +			O_RDWR | O_CREAT | O_EXCL,
> +			0600,
> +			&m_attr);
> +
> +	TST_EXP_PASS(mq_unlink(m_name));
> +
> +	try_null_dereference();
> +}
> +
> +
> +static struct tst_test test = {
> +	.test_all = do_test,
> +	.tags = (const struct tst_tag[]) {
> +		{"glibc-git", "b805aebd42"},
> +		{"CVE", "2021-38604"},
> +		{}
> +	},
> +	.needs_root = 1,
> +};

--
Souta Kawahara <souta.kawahara@miraclelinux.com>

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v2] mq_notify03.c: New test CVE-2021-38604

[Wei Gao via ltp]

On Fri, Mar 10, 2023 at 03:58:39PM +0900, Souta Kawahara wrote:
> Hi!
> 
> I tried this test on several environments and got the expected results. and
> no problems were encountered.
> env1) Test PASSED on glibc2.23-21.fc34 after vulnerability fix.
> env2) Test PASSED on glibc2.23-5.fc34 before the regression.
> env3) Test FAILED as expected on glibc2.23-16.fc34 after the regression,
> before vulnerability fix.
> 
> It looks good from my site.
> If there is anything else I should check, please let me know.
> 
> Thank you!
Thanks a lot for your verfication :)
> 
> --
> Souta Kawahara <souta.kawahara@miraclelinux.com>

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v2] mq_notify03.c: New test CVE-2021-38604

[Cyril Hrubis]

Hi!
Pushed, thanks.

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp