Tree - source-git/glibc - CentOS Git server

source-git / glibc

Blame nss/bug17079.c

Blob History Raw

Packit Service	82fcde	`/* Test for bug 17079: heap overflow in NSS with small buffers.`
Packit Service	82fcde	`Copyright (C) 2015-2018 Free Software Foundation, Inc.`
Packit Service	82fcde	`This file is part of the GNU C Library.`
Packit Service	82fcde
Packit Service	82fcde	`The GNU C Library is free software; you can redistribute it and/or`
Packit Service	82fcde	`modify it under the terms of the GNU Lesser General Public`
Packit Service	82fcde	`License as published by the Free Software Foundation; either`
Packit Service	82fcde	`version 2.1 of the License, or (at your option) any later version.`
Packit Service	82fcde
Packit Service	82fcde	`The GNU C Library is distributed in the hope that it will be useful,`
Packit Service	82fcde	`but WITHOUT ANY WARRANTY; without even the implied warranty of`
Packit Service	82fcde	`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
Packit Service	82fcde	`Lesser General Public License for more details.`
Packit Service	82fcde
Packit Service	82fcde	`You should have received a copy of the GNU Lesser General Public`
Packit Service	82fcde	`License along with the GNU C Library; if not, see`
Packit Service	82fcde	`<http://www.gnu.org/licenses/>. */`
Packit Service	82fcde
Packit Service	82fcde	`#include <errno.h>`
Packit Service	82fcde	`#include <nss.h>`
Packit Service	82fcde	`#include <pwd.h>`
Packit Service	82fcde	`#include <stdbool.h>`
Packit Service	82fcde	`#include <stdio.h>`
Packit Service	82fcde	`#include <stdlib.h>`
Packit Service	82fcde	`#include <string.h>`
Packit Service	82fcde
Packit Service	82fcde	`#include <support/support.h>`
Packit Service	82fcde
Packit Service	82fcde	`/* Check if two passwd structs contain the same data. */`
Packit Service	82fcde	`static bool`
Packit Service	82fcde	`equal (const struct passwd a, const struct passwd b)`
Packit Service	82fcde	`{`
Packit Service	82fcde	`return strcmp (a->pw_name, b->pw_name) == 0`
Packit Service	82fcde	`&& strcmp (a->pw_passwd, b->pw_passwd) == 0`
Packit Service	82fcde	`&& a->pw_uid == b->pw_uid`
Packit Service	82fcde	`&& a->pw_gid == b->pw_gid`
Packit Service	82fcde	`&& strcmp (a->pw_gecos, b->pw_gecos) == 0`
Packit Service	82fcde	`&& strcmp (a->pw_dir, b->pw_dir) == 0`
Packit Service	82fcde	`&& strcmp (a->pw_shell, b->pw_shell) == 0;`
Packit Service	82fcde	`}`
Packit Service	82fcde
Packit Service	82fcde	`enum { MAX_TEST_ITEMS = 10 };`
Packit Service	82fcde	`static struct passwd test_items[MAX_TEST_ITEMS];`
Packit Service	82fcde	`static int test_count;`
Packit Service	82fcde
Packit Service	82fcde	`/* Initialize test_items and test_count above, with data from the`
Packit Service	82fcde	`passwd database. */`
Packit Service	82fcde	`static bool`
Packit Service	82fcde	`init_test_items (void)`
Packit Service	82fcde	`{`
Packit Service	82fcde	`setpwent ();`
Packit Service	82fcde	`do`
Packit Service	82fcde	`{`
Packit Service	82fcde	`struct passwd *pwd = getpwent ();`
Packit Service	82fcde	`if (pwd == NULL)`
Packit Service	82fcde	`break;`
Packit Service	82fcde	`struct passwd *target = test_items + test_count;`
Packit Service	82fcde	`target->pw_name = xstrdup (pwd->pw_name);`
Packit Service	82fcde	`target->pw_passwd = xstrdup (pwd->pw_passwd);`
Packit Service	82fcde	`target->pw_uid = pwd->pw_uid;`
Packit Service	82fcde	`target->pw_gid = pwd->pw_gid;`
Packit Service	82fcde	`target->pw_gecos = xstrdup (pwd->pw_gecos);`
Packit Service	82fcde	`target->pw_dir = xstrdup (pwd->pw_dir);`
Packit Service	82fcde	`target->pw_shell = xstrdup (pwd->pw_shell);`
Packit Service	82fcde	`}`
Packit Service	82fcde	`while (++test_count < MAX_TEST_ITEMS);`
Packit Service	82fcde	`endpwent ();`
Packit Service	82fcde
Packit Service	82fcde	`/* Filter out those test items which cannot be looked up by name or`
Packit Service	82fcde	`UID. */`
Packit Service	82fcde	`bool found = false;`
Packit Service	82fcde	`for (int i = 0; i < test_count; ++i)`
Packit Service	82fcde	`{`
Packit Service	82fcde	`struct passwd *pwd1 = getpwnam (test_items[i].pw_name);`
Packit Service	82fcde	`struct passwd *pwd2 = getpwuid (test_items[i].pw_uid);`
Packit Service	82fcde	`if (pwd1 == NULL \|\| !equal (pwd1, test_items + i)`
Packit Service	82fcde	`\|\| pwd2 == NULL \|\| !equal (pwd2, test_items + i))`
Packit Service	82fcde	`{`
Packit Service	82fcde	`printf ("info: skipping user \"%s\", UID %ld due to inconsistency\n",`
Packit Service	82fcde	`test_items[i].pw_name, (long) test_items[i].pw_uid);`
Packit Service	82fcde	`test_items[i].pw_name = NULL;`
Packit Service	82fcde	`}`
Packit Service	82fcde	`else`
Packit Service	82fcde	`found = true;`
Packit Service	82fcde	`}`
Packit Service	82fcde
Packit Service	82fcde	`if (!found)`
Packit Service	82fcde	`puts ("error: no accounts found which can be looked up by name and UID.");`
Packit Service	82fcde	`return found;`
Packit Service	82fcde	`}`
Packit Service	82fcde
Packit Service	82fcde	`/* Set to true if an error is encountered. */`
Packit Service	82fcde	`static bool errors;`
Packit Service	82fcde
Packit Service	82fcde	`/* Return true if the padding has not been tampered with. */`
Packit Service	82fcde	`static bool`
Packit Service	82fcde	`check_padding (char *buffer, size_t size, char pad)`
Packit Service	82fcde	`{`
Packit Service	82fcde	`char *end = buffer + size;`
Packit Service	82fcde	`while (buffer < end)`
Packit Service	82fcde	`{`
Packit Service	82fcde	`if (*buffer != pad)`
Packit Service	82fcde	`return false;`
Packit Service	82fcde	`++buffer;`
Packit Service	82fcde	`}`
Packit Service	82fcde	`return true;`
Packit Service	82fcde	`}`
Packit Service	82fcde
Packit Service	82fcde	`/* Test one buffer size and padding combination. */`
Packit Service	82fcde	`static void`
Packit Service	82fcde	`test_one (const struct passwd *item, size_t buffer_size,`
Packit Service	82fcde	`char pad, size_t padding_size)`
Packit Service	82fcde	`{`
Packit Service	82fcde	`char *buffer = xmalloc (buffer_size + padding_size);`
Packit Service	82fcde
Packit Service	82fcde	`struct passwd pwd;`
Packit Service	82fcde	`struct passwd *result;`
Packit Service	82fcde	`int ret;`
Packit Service	82fcde
Packit Service	82fcde	`/* Test getpwname_r. */`
Packit Service	82fcde	`memset (buffer, pad, buffer_size + padding_size);`
Packit Service	82fcde	`pwd = (struct passwd) {};`
Packit Service	82fcde	`ret = getpwnam_r (item->pw_name, &pwd, buffer, buffer_size, &result);`
Packit Service	82fcde	`if (!check_padding (buffer + buffer_size, padding_size, pad))`
Packit Service	82fcde	`{`
Packit Service	82fcde	`printf ("error: padding change: "`
Packit Service	82fcde	`"name \"%s\", buffer size %zu, padding size %zu, pad 0x%02x\n",`
Packit Service	82fcde	`item->pw_name, buffer_size, padding_size, (unsigned char) pad);`
Packit Service	82fcde	`errors = true;`
Packit Service	82fcde	`}`
Packit Service	82fcde	`if (ret == 0)`
Packit Service	82fcde	`{`
Packit Service	82fcde	`if (result == NULL)`
Packit Service	82fcde	`{`
Packit Service	82fcde	`printf ("error: no data: name \"%s\", buffer size %zu\n",`
Packit Service	82fcde	`item->pw_name, buffer_size);`
Packit Service	82fcde	`errors = true;`
Packit Service	82fcde	`}`
Packit Service	82fcde	`else if (!equal (item, result))`
Packit Service	82fcde	`{`
Packit Service	82fcde	`printf ("error: lookup mismatch: name \"%s\", buffer size %zu\n",`
Packit Service	82fcde	`item->pw_name, buffer_size);`
Packit Service	82fcde	`errors = true;`
Packit Service	82fcde	`}`
Packit Service	82fcde	`}`
Packit Service	82fcde	`else if (ret != ERANGE)`
Packit Service	82fcde	`{`
Packit Service	82fcde	`errno = ret;`
Packit Service	82fcde	`printf ("error: lookup failure for name \"%s\": %m (%d)\n",`
Packit Service	82fcde	`item->pw_name, ret);`
Packit Service	82fcde	`errors = true;`
Packit Service	82fcde	`}`
Packit Service	82fcde
Packit Service	82fcde	`/* Test getpwuid_r. */`
Packit Service	82fcde	`memset (buffer, pad, buffer_size + padding_size);`
Packit Service	82fcde	`pwd = (struct passwd) {};`
Packit Service	82fcde	`ret = getpwuid_r (item->pw_uid, &pwd, buffer, buffer_size, &result);`
Packit Service	82fcde	`if (!check_padding (buffer + buffer_size, padding_size, pad))`
Packit Service	82fcde	`{`
Packit Service	82fcde	`printf ("error: padding change: "`
Packit Service	82fcde	`"UID %ld, buffer size %zu, padding size %zu, pad 0x%02x\n",`
Packit Service	82fcde	`(long) item->pw_uid, buffer_size, padding_size,`
Packit Service	82fcde	`(unsigned char) pad);`
Packit Service	82fcde	`errors = true;`
Packit Service	82fcde	`}`
Packit Service	82fcde	`if (ret == 0)`
Packit Service	82fcde	`{`
Packit Service	82fcde	`if (result == NULL)`
Packit Service	82fcde	`{`
Packit Service	82fcde	`printf ("error: no data: UID %ld, buffer size %zu\n",`
Packit Service	82fcde	`(long) item->pw_uid, buffer_size);`
Packit Service	82fcde	`errors = true;`
Packit Service	82fcde	`}`
Packit Service	82fcde	`else if (!equal (item, result))`
Packit Service	82fcde	`{`
Packit Service	82fcde	`printf ("error: lookup mismatch: UID %ld, buffer size %zu\n",`
Packit Service	82fcde	`(long) item->pw_uid, buffer_size);`
Packit Service	82fcde	`errors = true;`
Packit Service	82fcde	`}`
Packit Service	82fcde	`}`
Packit Service	82fcde	`else if (ret != ERANGE)`
Packit Service	82fcde	`{`
Packit Service	82fcde	`errno = ret;`
Packit Service	82fcde	`printf ("error: lookup failure for UID \"%ld\": %m (%d)\n",`
Packit Service	82fcde	`(long) item->pw_uid, ret);`
Packit Service	82fcde	`errors = true;`
Packit Service	82fcde	`}`
Packit Service	82fcde
Packit Service	82fcde	`free (buffer);`
Packit Service	82fcde	`}`
Packit Service	82fcde
Packit Service	82fcde	`/* Test one buffer size with different paddings. */`
Packit Service	82fcde	`static void`
Packit Service	82fcde	`test_buffer_size (size_t buffer_size)`
Packit Service	82fcde	`{`
Packit Service	82fcde	`for (int i = 0; i < test_count; ++i)`
Packit Service	82fcde	`for (size_t padding_size = 0; padding_size < 3; ++padding_size)`
Packit Service	82fcde	`{`
Packit Service	82fcde	`/* Skip entries with inconsistent name/UID lookups. */`
Packit Service	82fcde	`if (test_items[i].pw_name == NULL)`
Packit Service	82fcde	`continue;`
Packit Service	82fcde
Packit Service	82fcde	`test_one (test_items + i, buffer_size, '\0', padding_size);`
Packit Service	82fcde	`if (padding_size > 0)`
Packit Service	82fcde	`{`
Packit Service	82fcde	`test_one (test_items + i, buffer_size, ':', padding_size);`
Packit Service	82fcde	`test_one (test_items + i, buffer_size, '\n', padding_size);`
Packit Service	82fcde	`test_one (test_items + i, buffer_size, '\xff', padding_size);`
Packit Service	82fcde	`test_one (test_items + i, buffer_size, '@', padding_size);`
Packit Service	82fcde	`}`
Packit Service	82fcde	`}`
Packit Service	82fcde	`}`
Packit Service	82fcde
Packit Service	82fcde	`int`
Packit Service	82fcde	`do_test (void)`
Packit Service	82fcde	`{`
Packit Service	82fcde	`__nss_configure_lookup ("passwd", "files");`
Packit Service	82fcde
Packit Service	82fcde	`if (!init_test_items ())`
Packit Service	82fcde	`return 1;`
Packit Service	82fcde	`printf ("info: %d test items\n", test_count);`
Packit Service	82fcde
Packit Service	82fcde	`for (size_t buffer_size = 0; buffer_size <= 65; ++buffer_size)`
Packit Service	82fcde	`test_buffer_size (buffer_size);`
Packit Service	82fcde	`for (size_t buffer_size = 64 + 4; buffer_size < 256; buffer_size += 4)`
Packit Service	82fcde	`test_buffer_size (buffer_size);`
Packit Service	82fcde	`test_buffer_size (255);`
Packit Service	82fcde	`test_buffer_size (257);`
Packit Service	82fcde	`for (size_t buffer_size = 256; buffer_size < 512; buffer_size += 8)`
Packit Service	82fcde	`test_buffer_size (buffer_size);`
Packit Service	82fcde	`test_buffer_size (511);`
Packit Service	82fcde	`test_buffer_size (513);`
Packit Service	82fcde	`test_buffer_size (1024);`
Packit Service	82fcde	`test_buffer_size (2048);`
Packit Service	82fcde
Packit Service	82fcde	`if (errors)`
Packit Service	82fcde	`return 1;`
Packit Service	82fcde	`else`
Packit Service	82fcde	`return 0;`
Packit Service	82fcde	`}`
Packit Service	82fcde
Packit Service	82fcde	`#include <support/test-driver.c>`

source-git / glibc

Source Code

Blame nss/bug17079.c