From patchwork Tue Nov 27 17:26:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 30321 Received: (qmail 33944 invoked by alias); 27 Nov 2018 17:26:24 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 33759 invoked by uid 89); 27 Nov 2018 17:26:22 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_PASS autolearn=ham version=3.3.2 spammy= X-HELO: mx1.redhat.com From: Florian Weimer To: libc-alpha@sourceware.org Subject: [PATCH] inet/tst-if_index-long: New test case for CVE-2018-19591 [BZ #23927] Date: Tue, 27 Nov 2018 18:26:08 +0100 Message-ID: <871s76fn4f.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 2018-11-27 Florian Weimer [BZ #23927] CVE-2018-19591 * inet/tst-if_index-long.c: New file. * inet/Makefile (tests): Add tst-if_index-long. Reviewed-by: Carlos O'Donell diff --git a/inet/Makefile b/inet/Makefile index 09f5ba78fc..7782913b4c 100644 --- a/inet/Makefile +++ b/inet/Makefile @@ -52,7 +52,7 @@ aux := check_pf check_native ifreq tests := htontest test_ifindex tst-ntoa tst-ether_aton tst-network \ tst-gethnm test-ifaddrs bug-if1 test-inet6_opt tst-ether_line \ tst-getni1 tst-getni2 tst-inet6_rth tst-checks tst-checks-posix \ - tst-sockaddr test-hnto-types + tst-sockaddr test-hnto-types tst-if_index-long # tst-deadline must be linked statically so that we can access # internal functions. diff --git a/inet/tst-if_index-long.c b/inet/tst-if_index-long.c new file mode 100644 index 0000000000..3dc74874e5 --- /dev/null +++ b/inet/tst-if_index-long.c @@ -0,0 +1,61 @@ +/* Check for descriptor leak in if_nametoindex with a long interface name. + Copyright (C) 2018 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* This test checks for a descriptor leak in case of a long interface + name (CVE-2018-19591, bug 23927). */ + +#include +#include +#include +#include +#include +#include +#include + +static int +do_test (void) +{ + struct support_descriptors *descrs = support_descriptors_list (); + + /* Prepare a name which is just as long as required for trigging the + bug. */ + char name[IFNAMSIZ + 1]; + memset (name, 'A', IFNAMSIZ); + name[IFNAMSIZ] = '\0'; + TEST_COMPARE (strlen (name), IFNAMSIZ); + struct ifreq ifr; + TEST_COMPARE (strlen (name), sizeof (ifr.ifr_name)); + + /* Test directly via if_nametoindex. */ + TEST_COMPARE (if_nametoindex (name), 0); + TEST_COMPARE (errno, ENODEV); + support_descriptors_check (descrs); + + /* Same test via getaddrinfo. */ + char *host = xasprintf ("fea0::%%%s", name); + struct addrinfo hints = { .ai_flags = AI_NUMERICHOST, }; + struct addrinfo *ai; + TEST_COMPARE (getaddrinfo (host, NULL, &hints, &ai), EAI_NONAME); + support_descriptors_check (descrs); + + support_descriptors_free (descrs); + + return 0; +} + +#include