Merge changes I2e3eb0b3,I2f7bd13e am: cb698c387c

am: b5dfec665a * commit 'b5dfec665a8bb3d995c4e3285649b2f6a236441d': Delete FixupDiagMsg and cite the commit that makes it unnecessary. Add a test for a port comparison bytecode validation bug.
author: Lorenzo Colitti <lorenzo@google.com> 2016-01-22 18:44:10 +0000
committer: android-build-merger <android-build-merger@google.com> 2016-01-22 18:44:10 +0000
commit: 0d77c5522ff18e70585347d2fab7719b95d8a9af (patch)
tree: 70c0b6219e870746ffbda7632f174e5a871f7365 /tests
parent: 322453f269ac0b736f20e4619b900be155a65d2e (diff)
parent: b5dfec665a8bb3d995c4e3285649b2f6a236441d (diff)
download: extras-0d77c5522ff18e70585347d2fab7719b95d8a9af.tar.gz
2 files changed, 20 insertions, 35 deletions
diff --git a/tests/net_test/sock_diag.py b/tests/net_test/sock_diag.py
index 58a1781a..6979877f 100755
--- a/tests/net_test/sock_diag.py
+++ b/tests/net_test/sock_diag.py
@@ -286,15 +286,6 @@ class SockDiag(netlink.NetlinkSocket):
       padded += "\x00" * (16 - len(padded))
     return padded
 
-  # For IPv4 addresses, the kernel seems only to fill in the first 4 bytes of
-  # src and dst, leaving the others unspecified. This seems like a bug because
-  # it might leak kernel memory contents, but regardless, work around it.
-  @staticmethod
-  def FixupDiagMsg(d):
-    if d.family == AF_INET:
-      d.id.src = d.id.src[:4] + "\x00" * 12
-      d.id.dst = d.id.dst[:4] + "\x00" * 12
-
   @staticmethod
   def DiagReqFromSocket(s):
     """Creates an InetDiagReqV2 that matches the specified socket."""
diff --git a/tests/net_test/sock_diag_test.py b/tests/net_test/sock_diag_test.py
index d4a721ea..35301a72 100755
--- a/tests/net_test/sock_diag_test.py
+++ b/tests/net_test/sock_diag_test.py
@@ -73,36 +73,10 @@ class SockDiagTest(SockDiagBaseTest):
     [s.close() for socketpair in self.socketpairs.values() for s in socketpair]
     super(SockDiagTest, self).tearDown()
 
-  def testFixupDiagMsg(self):
-    src = "0a00fa02303030312030312038302031"
-    dst = "0808080841414141414141416f0a3230"
-    cookie = "4078678100000000"
-    sockid = sock_diag.InetDiagSockId((47436, 32069,
-                                       src.decode("hex"), dst.decode("hex"), 0,
-                                       cookie.decode("hex")))
-    msg4 = sock_diag.InetDiagMsg((AF_INET, IPPROTO_TCP, 0,
-                                  sock_diag.TCP_SYN_RECV, sockid,
-                                  980, 123, 456, 789, 5555))
-    # Make a copy, cstructs are mutable.
-    msg6 = sock_diag.InetDiagMsg(msg4.Pack())
-    msg6.family = AF_INET6
-
-    fixed6 = sock_diag.InetDiagMsg(msg6.Pack())
-    self.sock_diag.FixupDiagMsg(fixed6)
-    self.assertEquals(msg6.Pack(), fixed6.Pack())
-
-    fixed4 = sock_diag.InetDiagMsg(msg4.Pack())
-    self.sock_diag.FixupDiagMsg(fixed4)
-    msg4.id.src = src.decode("hex")[:4] + 12 * "\x00"
-    msg4.id.dst = dst.decode("hex")[:4] + 12 * "\x00"
-    self.assertEquals(msg4.Pack(), fixed4.Pack())
-
   def assertSockDiagMatchesSocket(self, s, diag_msg):
     family = s.getsockopt(net_test.SOL_SOCKET, net_test.SO_DOMAIN)
     self.assertEqual(diag_msg.family, family)
 
-    self.sock_diag.FixupDiagMsg(diag_msg)
-
     src, sport = s.getsockname()[0:2]
     self.assertEqual(diag_msg.id.src, self.sock_diag.PaddedAddress(src))
     self.assertEqual(diag_msg.id.sport, sport)
@@ -115,6 +89,14 @@ class SockDiagTest(SockDiagBaseTest):
       assertRaisesErrno(ENOTCONN, s.getpeername)
 
   def testFindsAllMySockets(self):
+    """Tests that basic socket dumping works.
+
+    Relevant commits:
+      android-3.4:
+        ab4a727 net: inet_diag: zero out uninitialized idiag_{src,dst} fields
+      android-3.10
+        3eb409b net: inet_diag: zero out uninitialized idiag_{src,dst} fields
+    """
     self.socketpairs = self._CreateLotsOfSockets()
     sockets = self.sock_diag.DumpAllInetSockets(IPPROTO_TCP, NO_BYTECODE)
     self.assertGreaterEqual(len(sockets), NUM_SOCKETS)
@@ -238,6 +220,18 @@ class SockDiagTest(SockDiagBaseTest):
     self.assertTrue(all(d in v4sockets for d in diag_msgs))
     self.assertTrue(all(d in v6sockets for d in diag_msgs))
 
+  def testPortComparisonValidation(self):
+    """Checks for a bug in validating port comparison bytecode.
+
+    Relevant kernel commits:
+      android-3.4:
+        5e1f542 inet_diag: validate port comparison byte code to prevent unsafe reads
+    """
+    bytecode = sock_diag.InetDiagBcOp((sock_diag.INET_DIAG_BC_D_GE, 4, 8))
+    self.assertRaisesErrno(
+        EINVAL,
+        self.sock_diag.DumpAllInetSockets, IPPROTO_TCP, bytecode.Pack())
+
   @unittest.skipUnless(HAVE_SOCK_DESTROY, "SOCK_DESTROY not supported")
   def testClosesSockets(self):
     self.socketpairs = self._CreateLotsOfSockets()
author	Lorenzo Colitti <lorenzo@google.com>	2016-01-22 18:44:10 +0000
committer	android-build-merger <android-build-merger@google.com>	2016-01-22 18:44:10 +0000
commit	0d77c5522ff18e70585347d2fab7719b95d8a9af (patch)
tree	70c0b6219e870746ffbda7632f174e5a871f7365 /tests
parent	322453f269ac0b736f20e4619b900be155a65d2e (diff)
parent	b5dfec665a8bb3d995c4e3285649b2f6a236441d (diff)
download	extras-0d77c5522ff18e70585347d2fab7719b95d8a9af.tar.gz