From: Florian Weimer <fweimer@redhat.com>
To: libc-stable@sourceware.org
Subject: [2.28 COMMITTED] inet/tst-if_index-long: New test case for CVE-2018-19591 [BZ #23927]
Date: Mon, 01 Jan 2018 00:00:00 -0000 [thread overview]
Message-ID: <20181212113400.D2B6483149B6@oldenburg2.str.redhat.com> (raw)
(cherry picked from commit 899478c2bfa00c5df8d8bedb52effbb065700278)
2018-12-07 Florian Weimer <fweimer@redhat.com>
[BZ #23927]
CVE-2018-19591
* inet/tst-if_index-long.c: New file.
* inet/Makefile (tests): Add tst-if_index-long.
diff --git a/inet/Makefile b/inet/Makefile
index 09f5ba78fc..7782913b4c 100644
--- a/inet/Makefile
+++ b/inet/Makefile
@@ -52,7 +52,7 @@ aux := check_pf check_native ifreq
tests := htontest test_ifindex tst-ntoa tst-ether_aton tst-network \
tst-gethnm test-ifaddrs bug-if1 test-inet6_opt tst-ether_line \
tst-getni1 tst-getni2 tst-inet6_rth tst-checks tst-checks-posix \
- tst-sockaddr test-hnto-types
+ tst-sockaddr test-hnto-types tst-if_index-long
# tst-deadline must be linked statically so that we can access
# internal functions.
diff --git a/inet/tst-if_index-long.c b/inet/tst-if_index-long.c
new file mode 100644
index 0000000000..3dc74874e5
--- /dev/null
+++ b/inet/tst-if_index-long.c
@@ -0,0 +1,61 @@
+/* Check for descriptor leak in if_nametoindex with a long interface name.
+ Copyright (C) 2018 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+/* This test checks for a descriptor leak in case of a long interface
+ name (CVE-2018-19591, bug 23927). */
+
+#include <errno.h>
+#include <net/if.h>
+#include <netdb.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/descriptors.h>
+#include <support/support.h>
+
+static int
+do_test (void)
+{
+ struct support_descriptors *descrs = support_descriptors_list ();
+
+ /* Prepare a name which is just as long as required for trigging the
+ bug. */
+ char name[IFNAMSIZ + 1];
+ memset (name, 'A', IFNAMSIZ);
+ name[IFNAMSIZ] = '\0';
+ TEST_COMPARE (strlen (name), IFNAMSIZ);
+ struct ifreq ifr;
+ TEST_COMPARE (strlen (name), sizeof (ifr.ifr_name));
+
+ /* Test directly via if_nametoindex. */
+ TEST_COMPARE (if_nametoindex (name), 0);
+ TEST_COMPARE (errno, ENODEV);
+ support_descriptors_check (descrs);
+
+ /* Same test via getaddrinfo. */
+ char *host = xasprintf ("fea0::%%%s", name);
+ struct addrinfo hints = { .ai_flags = AI_NUMERICHOST, };
+ struct addrinfo *ai;
+ TEST_COMPARE (getaddrinfo (host, NULL, &hints, &ai), EAI_NONAME);
+ support_descriptors_check (descrs);
+
+ support_descriptors_free (descrs);
+
+ return 0;
+}
+
+#include <support/test-driver.c>
reply other threads:[~2018-12-12 11:34 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181212113400.D2B6483149B6@oldenburg2.str.redhat.com \
--to=fweimer@redhat.com \
--cc=libc-stable@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).