87 lines
3.0 KiB
Diff
87 lines
3.0 KiB
Diff
|
commit 899478c2bfa00c5df8d8bedb52effbb065700278
|
||
|
Author: Florian Weimer <fweimer@redhat.com>
|
||
|
Date: Thu Dec 6 15:39:50 2018 +0100
|
||
|
|
||
|
inet/tst-if_index-long: New test case for CVE-2018-19591 [BZ #23927]
|
||
|
|
||
|
diff --git a/inet/Makefile b/inet/Makefile
|
||
|
index 09f5ba78fc5f3120..7782913b4c06f057 100644
|
||
|
--- a/inet/Makefile
|
||
|
+++ b/inet/Makefile
|
||
|
@@ -52,7 +52,7 @@ aux := check_pf check_native ifreq
|
||
|
tests := htontest test_ifindex tst-ntoa tst-ether_aton tst-network \
|
||
|
tst-gethnm test-ifaddrs bug-if1 test-inet6_opt tst-ether_line \
|
||
|
tst-getni1 tst-getni2 tst-inet6_rth tst-checks tst-checks-posix \
|
||
|
- tst-sockaddr test-hnto-types
|
||
|
+ tst-sockaddr test-hnto-types tst-if_index-long
|
||
|
|
||
|
# tst-deadline must be linked statically so that we can access
|
||
|
# internal functions.
|
||
|
diff --git a/inet/tst-if_index-long.c b/inet/tst-if_index-long.c
|
||
|
new file mode 100644
|
||
|
index 0000000000000000..3dc74874e5310945
|
||
|
--- /dev/null
|
||
|
+++ b/inet/tst-if_index-long.c
|
||
|
@@ -0,0 +1,61 @@
|
||
|
+/* Check for descriptor leak in if_nametoindex with a long interface name.
|
||
|
+ Copyright (C) 2018 Free Software Foundation, Inc.
|
||
|
+ This file is part of the GNU C Library.
|
||
|
+
|
||
|
+ The GNU C Library is free software; you can redistribute it and/or
|
||
|
+ modify it under the terms of the GNU Lesser General Public
|
||
|
+ License as published by the Free Software Foundation; either
|
||
|
+ version 2.1 of the License, or (at your option) any later version.
|
||
|
+
|
||
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
||
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||
|
+ Lesser General Public License for more details.
|
||
|
+
|
||
|
+ You should have received a copy of the GNU Lesser General Public
|
||
|
+ License along with the GNU C Library; if not, see
|
||
|
+ <http://www.gnu.org/licenses/>. */
|
||
|
+
|
||
|
+/* This test checks for a descriptor leak in case of a long interface
|
||
|
+ name (CVE-2018-19591, bug 23927). */
|
||
|
+
|
||
|
+#include <errno.h>
|
||
|
+#include <net/if.h>
|
||
|
+#include <netdb.h>
|
||
|
+#include <string.h>
|
||
|
+#include <support/check.h>
|
||
|
+#include <support/descriptors.h>
|
||
|
+#include <support/support.h>
|
||
|
+
|
||
|
+static int
|
||
|
+do_test (void)
|
||
|
+{
|
||
|
+ struct support_descriptors *descrs = support_descriptors_list ();
|
||
|
+
|
||
|
+ /* Prepare a name which is just as long as required for trigging the
|
||
|
+ bug. */
|
||
|
+ char name[IFNAMSIZ + 1];
|
||
|
+ memset (name, 'A', IFNAMSIZ);
|
||
|
+ name[IFNAMSIZ] = '\0';
|
||
|
+ TEST_COMPARE (strlen (name), IFNAMSIZ);
|
||
|
+ struct ifreq ifr;
|
||
|
+ TEST_COMPARE (strlen (name), sizeof (ifr.ifr_name));
|
||
|
+
|
||
|
+ /* Test directly via if_nametoindex. */
|
||
|
+ TEST_COMPARE (if_nametoindex (name), 0);
|
||
|
+ TEST_COMPARE (errno, ENODEV);
|
||
|
+ support_descriptors_check (descrs);
|
||
|
+
|
||
|
+ /* Same test via getaddrinfo. */
|
||
|
+ char *host = xasprintf ("fea0::%%%s", name);
|
||
|
+ struct addrinfo hints = { .ai_flags = AI_NUMERICHOST, };
|
||
|
+ struct addrinfo *ai;
|
||
|
+ TEST_COMPARE (getaddrinfo (host, NULL, &hints, &ai), EAI_NONAME);
|
||
|
+ support_descriptors_check (descrs);
|
||
|
+
|
||
|
+ support_descriptors_free (descrs);
|
||
|
+
|
||
|
+ return 0;
|
||
|
+}
|
||
|
+
|
||
|
+#include <support/test-driver.c>
|