1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright (c) 2017 Fujitsu Ltd.
* Author: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
*/
/*
* Test for CVE-2016-7042, this regression test can crash the buggy kernel
* when the stack-protector is enabled, and the bug was fixed in:
*
* commit 03dab869b7b239c4e013ec82aea22e181e441cfc
* Author: David Howells <dhowells@redhat.com>
* Date: Wed Oct 26 15:01:54 2016 +0100
*
* KEYS: Fix short sprintf buffer in /proc/keys show function
*/
#include <errno.h>
#include <stdio.h>
#include "tst_test.h"
#include "lapi/keyctl.h"
#define PATH_KEYS "/proc/keys"
static key_serial_t key;
static int fd;
static void do_test(void)
{
char buf[BUFSIZ];
key = add_key("user", "ltptestkey", "a", 1, KEY_SPEC_SESSION_KEYRING);
if (key == -1)
tst_brk(TBROK, "Failed to add key");
if (keyctl(KEYCTL_UPDATE, key, "b", 1))
tst_brk(TBROK, "Failed to update key");
fd = SAFE_OPEN(PATH_KEYS, O_RDONLY);
tst_res(TINFO, "Attempting to crash the system");
SAFE_READ(0, fd, buf, BUFSIZ);
tst_res(TPASS, "Bug not reproduced");
SAFE_CLOSE(fd);
if (keyctl(KEYCTL_UNLINK, key, KEY_SPEC_SESSION_KEYRING))
tst_brk(TBROK, "Failed to unlink key");
key = 0;
}
static void setup(void)
{
if (access(PATH_KEYS, F_OK))
tst_brk(TCONF, "%s does not exist", PATH_KEYS);
}
static void cleanup(void)
{
if (key > 0 && keyctl(KEYCTL_UNLINK, key, KEY_SPEC_SESSION_KEYRING))
tst_res(TWARN, "Failed to unlink key");
if (fd > 0)
SAFE_CLOSE(fd);
}
static struct tst_test test = {
.setup = setup,
.cleanup = cleanup,
.test_all = do_test,
.tags = (const struct tst_tag[]) {
{"linux-git", "03dab869b7b2"},
{"CVE", "2016-7042"},
{}
}
};
|
