From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 1804) id 64F73382F9B0; Fri, 7 Oct 2022 08:20:48 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 64F73382F9B0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1665130848; bh=BKH2tt0LhZ9KHQ4CZzowQ4plLU26OBqktfqwwFxUE3I=; h=From:To:Subject:Date:From; b=N5bC9F6gSjoAu6uFLwLKPoHEicGTpDk32HZFoXBXyGWlYerFUU+4X0WPhxpMPw34O I9UUbl3a/AgfLiiKNYv6ieYQZtkVCJnhdvOSMHxE1B6c6afZxQKxxlgtedm0dGOyVP 8hOI4xi+vThukJrWUA83meTehVBUkD5rXeE0cmGI= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Dmitry Levin To: glibc-cvs@sourceware.org Subject: [glibc/release/2.32/master] sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542) X-Act-Checkin: glibc X-Git-Author: Martin Sebor X-Git-Refname: refs/heads/release/2.32/master X-Git-Oldrev: 52d57fc76d7df2a39236a782399fb3efff87895d X-Git-Newrev: 76e807f5f1d264fdb3de4e6ee985ab3cf662f6f9 Message-Id: <20221007082048.64F73382F9B0@sourceware.org> Date: Fri, 7 Oct 2022 08:20:48 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=76e807f5f1d264fdb3de4e6ee985ab3cf662f6f9 commit 76e807f5f1d264fdb3de4e6ee985ab3cf662f6f9 Author: Martin Sebor Date: Mon Jan 17 10:21:34 2022 +0100 sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542) Reviewed-by: Siddhesh Poyarekar (cherry picked from commit ef972a4c50014a16132b5c75571cfb6b30bef136) Diff: --- sunrpc/Makefile | 5 ++++- sunrpc/tst-bug22542.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 1 deletion(-) diff --git a/sunrpc/Makefile b/sunrpc/Makefile index 82710b379a..cea958608e 100644 --- a/sunrpc/Makefile +++ b/sunrpc/Makefile @@ -65,7 +65,8 @@ shared-only-routines = $(routines) endif tests = tst-xdrmem tst-xdrmem2 test-rpcent tst-udp-error tst-udp-timeout \ - tst-udp-nonblocking + tst-udp-nonblocking tst-bug22542 + xtests := tst-getmyaddr ifeq ($(have-thread-library),yes) @@ -111,6 +112,8 @@ $(objpfx)tst-udp-nonblocking: $(common-objpfx)linkobj/libc.so $(objpfx)tst-udp-garbage: \ $(common-objpfx)linkobj/libc.so $(shared-thread-library) +$(objpfx)tst-bug22542: $(common-objpfx)linkobj/libc.so + else # !have-GLIBC_2.31 routines = $(routines-for-nss) diff --git a/sunrpc/tst-bug22542.c b/sunrpc/tst-bug22542.c new file mode 100644 index 0000000000..d6cd79787b --- /dev/null +++ b/sunrpc/tst-bug22542.c @@ -0,0 +1,44 @@ +/* Test to verify that overlong hostname is rejected by clnt_create + and doesn't cause a buffer overflow (bug 22542). + + Copyright (C) 2022 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include + +static int +do_test (void) +{ + /* Create an arbitrary hostname that's longer than fits in sun_path. */ + char name [sizeof ((struct sockaddr_un*)0)->sun_path * 2]; + memset (name, 'x', sizeof name - 1); + name [sizeof name - 1] = '\0'; + + errno = 0; + CLIENT *clnt = clnt_create (name, 0, 0, "unix"); + + TEST_VERIFY (clnt == NULL); + TEST_COMPARE (errno, EINVAL); + return 0; +} + +#include