* [LTP] [PATCH] Test for CVE-2017-2618 in setprocattr
@ 2017-08-31 7:44 Guangwen Feng
2017-10-12 13:27 ` Richard Palethorpe
0 siblings, 1 reply; 3+ messages in thread
From: Guangwen Feng @ 2017-08-31 7:44 UTC (permalink / raw)
To: ltp
Signed-off-by: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
---
runtest/cve | 1 +
testcases/cve/.gitignore | 1 +
testcases/cve/cve-2017-2618.c | 59 +++++++++++++++++++++++++++++++++++++++++++
3 files changed, 61 insertions(+)
create mode 100644 testcases/cve/cve-2017-2618.c
diff --git a/runtest/cve b/runtest/cve
index 5b16e9e..e789b66 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -11,6 +11,7 @@ cve-2016-4997 cve-2016-4997
cve-2016-5195 dirtyc0w
cve-2016-7042 cve-2016-7042
cve-2016-7117 cve-2016-7117
+cve-2017-2618 cve-2017-2618
cve-2017-2671 cve-2017-2671
cve-2017-5669 cve-2017-5669
cve-2017-6951 cve-2017-6951
diff --git a/testcases/cve/.gitignore b/testcases/cve/.gitignore
index ea9036d..24036bc 100644
--- a/testcases/cve/.gitignore
+++ b/testcases/cve/.gitignore
@@ -3,6 +3,7 @@ cve-2014-0196
cve-2016-4997
cve-2016-7042
cve-2016-7117
+cve-2017-2618
cve-2017-2671
cve-2017-6951
cve-2017-5669
diff --git a/testcases/cve/cve-2017-2618.c b/testcases/cve/cve-2017-2618.c
new file mode 100644
index 0000000..e6b30e8
--- /dev/null
+++ b/testcases/cve/cve-2017-2618.c
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2017 Fujitsu Ltd.
+ * Author: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program, if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * Test for CVE-2017-2618, this regression test can crash
+ * the buggy kernel, and the bug was fixed in:
+ *
+ * commit 0c461cb727d146c9ef2d3e86214f498b78b7d125
+ * Author: Stephen Smalley <sds@tycho.nsa.gov>
+ * Date: Tue Jan 31 11:54:04 2017 -0500
+ *
+ * selinux: fix off-by-one in setprocattr
+ */
+
+#include <errno.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include "tst_test.h"
+
+#define LOOPS 100
+#define PATH_ATTRFS "/proc/self/attr/fscreate"
+
+static void do_test(void)
+{
+ int i, fd;
+
+ for (i = 0; i < LOOPS; i++) {
+ if (!SAFE_FORK()) {
+ fd = SAFE_OPEN(PATH_ATTRFS, O_WRONLY);
+ write(fd, "\n", 1);
+ SAFE_CLOSE(fd);
+ exit(0);
+ }
+
+ tst_reap_children();
+ }
+
+ tst_res(TPASS, "Bug not reproduced");
+}
+
+static struct tst_test test = {
+ .forks_child = 1,
+ .test_all = do_test,
+};
--
2.9.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [LTP] [PATCH] Test for CVE-2017-2618 in setprocattr
2017-08-31 7:44 [LTP] [PATCH] Test for CVE-2017-2618 in setprocattr Guangwen Feng
@ 2017-10-12 13:27 ` Richard Palethorpe
2017-10-16 5:09 ` Guangwen Feng
0 siblings, 1 reply; 3+ messages in thread
From: Richard Palethorpe @ 2017-10-12 13:27 UTC (permalink / raw)
To: ltp
Hello,
Guangwen Feng writes:
> +
> +#include <errno.h>
> +#include <stdlib.h>
> +#include <unistd.h>
> +#include "tst_test.h"
> +
> +#define LOOPS 100
> +#define PATH_ATTRFS "/proc/self/attr/fscreate"
Will this exist on all systems? I am guessing that if SELINUX is not
configured in the kernel then this won't exist. So it is probably best
to exit with TCONF if we can not find it.
> +
> +static void do_test(void)
> +{
> + int i, fd;
> +
> + for (i = 0; i < LOOPS; i++) {
> + if (!SAFE_FORK()) {
> + fd = SAFE_OPEN(PATH_ATTRFS, O_WRONLY);
> + write(fd, "\n", 1);
> + SAFE_CLOSE(fd);
> + exit(0);
> + }
> +
> + tst_reap_children();
> + }
> +
> + tst_res(TPASS, "Bug not reproduced");
> +}
> +
> +static struct tst_test test = {
> + .forks_child = 1,
> + .test_all = do_test,
> +};
> --
> 2.9.4
Otherwise this looks good.
--
Thank you,
Richard.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [LTP] [PATCH] Test for CVE-2017-2618 in setprocattr
2017-10-12 13:27 ` Richard Palethorpe
@ 2017-10-16 5:09 ` Guangwen Feng
0 siblings, 0 replies; 3+ messages in thread
From: Guangwen Feng @ 2017-10-16 5:09 UTC (permalink / raw)
To: ltp
Hi, Richard
Thanks for your review, but it looks like this patch has been pushed.
I will send a new patch to add the check.
Best Regards,
Guangwen Feng
在 10/12/2017 09:27 PM, Richard Palethorpe 写道:
> Hello,
>
> Guangwen Feng writes:
>
>> +
>> +#include <errno.h>
>> +#include <stdlib.h>
>> +#include <unistd.h>
>> +#include "tst_test.h"
>> +
>> +#define LOOPS 100
>> +#define PATH_ATTRFS "/proc/self/attr/fscreate"
>
> Will this exist on all systems? I am guessing that if SELINUX is not
> configured in the kernel then this won't exist. So it is probably best
> to exit with TCONF if we can not find it.
>
>> +
>> +static void do_test(void)
>> +{
>> + int i, fd;
>> +
>> + for (i = 0; i < LOOPS; i++) {
>> + if (!SAFE_FORK()) {
>> + fd = SAFE_OPEN(PATH_ATTRFS, O_WRONLY);
>> + write(fd, "\n", 1);
>> + SAFE_CLOSE(fd);
>> + exit(0);
>> + }
>> +
>> + tst_reap_children();
>> + }
>> +
>> + tst_res(TPASS, "Bug not reproduced");
>> +}
>> +
>> +static struct tst_test test = {
>> + .forks_child = 1,
>> + .test_all = do_test,
>> +};
>> --
>> 2.9.4
>
> Otherwise this looks good.
>
> --
> Thank you,
> Richard.
>
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-10-16 5:09 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-08-31 7:44 [LTP] [PATCH] Test for CVE-2017-2618 in setprocattr Guangwen Feng
2017-10-12 13:27 ` Richard Palethorpe
2017-10-16 5:09 ` Guangwen Feng
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox