1 |
From 5ff2eb52b236ca3d77f92272e8711b3c2b98140b Mon Sep 17 00:00:00 2001 |
2 |
From: Florian Weimer <fweimer@redhat.com> |
3 |
Date: Sat, 21 Oct 2017 18:03:30 +0200 |
4 |
Subject: [PATCH 4/8] glob: Add new test tst-glob-tilde |
5 |
|
6 |
The new test checks for memory leaks (see bug 22325) and attempts |
7 |
to trigger the buffer overflow in bug 22320. |
8 |
|
9 |
(cherry picked from commit e80fc1fc98bf614eb01cf8325503df3a1451a99c) |
10 |
--- |
11 |
ChangeLog | 8 +++ |
12 |
posix/Makefile | 11 +++- |
13 |
posix/tst-glob-tilde.c | 136 +++++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
3 files changed, 153 insertions(+), 2 deletions(-) |
15 |
create mode 100644 posix/tst-glob-tilde.c |
16 |
|
17 |
#diff --git a/ChangeLog b/ChangeLog |
18 |
#index 5229661ab1..756a3cc0f0 100644 |
19 |
#--- a/ChangeLog |
20 |
#+++ b/ChangeLog |
21 |
##@@ -1,3 +1,11 @@ |
22 |
#+2017-10-21 Florian Weimer <fweimer@redhat.com> |
23 |
#+ |
24 |
#+ * posix/Makefile (tests): Add tst-glob-tilde. |
25 |
#+ (tests-special): Add tst-glob-tilde-mem.out |
26 |
#+ (tst-glob-tilde-ENV): Set MALLOC_TRACE. |
27 |
#+ (tst-glob-tilde-mem.out): Add mtrace check. |
28 |
#+ * posix/tst-glob-tilde.c: New file. |
29 |
#+ |
30 |
# 2017-10-20 Paul Eggert <eggert@cs.ucla.edu> |
31 |
# |
32 |
# [BZ #22320] |
33 |
diff --git a/posix/Makefile b/posix/Makefile |
34 |
index 2894af0cb9..82a4020c76 100644 |
35 |
--- a/posix/Makefile |
36 |
+++ b/posix/Makefile |
37 |
@@ -87,7 +87,7 @@ tests := tstgetopt testfnm runtests run |
38 |
bug-getopt1 bug-getopt2 bug-getopt3 bug-getopt4 \ |
39 |
bug-getopt5 tst-getopt_long1 bug-regex34 bug-regex35 \ |
40 |
tst-pathconf tst-getaddrinfo4 tst-rxspencer-no-utf8 \ |
41 |
- tst-fnmatch3 bug-regex36 tst-getaddrinfo5 |
42 |
+ tst-fnmatch3 bug-regex36 tst-getaddrinfo5 tst-glob-tilde |
43 |
xtests := bug-ga2 |
44 |
ifeq (yes,$(build-shared)) |
45 |
test-srcs := globtest |
46 |
[tmb@thunder posix]$ |
47 |
[tmb@thunder glibc-2.20]$ diff -Nurp posix/Makefile.orig posix/Makefile |
48 |
--- posix/Makefile.orig 2017-12-22 13:44:31.728359617 +0200 |
49 |
+++ posix/Makefile 2017-12-22 13:46:49.439389455 +0200 |
50 |
@@ -87,7 +87,7 @@ tests := tstgetopt testfnm runtests run |
51 |
bug-getopt1 bug-getopt2 bug-getopt3 bug-getopt4 \ |
52 |
bug-getopt5 tst-getopt_long1 bug-regex34 bug-regex35 \ |
53 |
tst-pathconf tst-getaddrinfo4 tst-rxspencer-no-utf8 \ |
54 |
- tst-fnmatch3 bug-regex36 |
55 |
+ tst-fnmatch3 bug-regex36 tst-glob-tilde |
56 |
xtests := bug-ga2 |
57 |
ifeq (yes,$(build-shared)) |
58 |
test-srcs := globtest |
59 |
@@ -130,7 +130,8 @@ tests-special += $(objpfx)bug-regex2-mem |
60 |
$(objpfx)tst-rxspencer-no-utf8-mem.out $(objpfx)tst-pcre-mem.out \ |
61 |
$(objpfx)tst-boost-mem.out $(objpfx)tst-getconf.out \ |
62 |
$(objpfx)bug-glob2-mem.out $(objpfx)tst-vfork3-mem.out \ |
63 |
- $(objpfx)tst-fnmatch-mem.out $(objpfx)bug-regex36-mem.out |
64 |
+ $(objpfx)tst-fnmatch-mem.out $(objpfx)bug-regex36-mem.out \ |
65 |
+ $(objpfx)tst-glob-tilde-mem.out |
66 |
xtests-special += $(objpfx)bug-ga2-mem.out |
67 |
endif |
68 |
|
69 |
@@ -307,6 +308,12 @@ $(objpfx)bug-glob2-mem.out: $(objpfx)bug |
70 |
$(common-objpfx)malloc/mtrace $(objpfx)bug-glob2.mtrace > $@; \ |
71 |
$(evaluate-test) |
72 |
|
73 |
+tst-glob-tilde-ENV = MALLOC_TRACE=$(objpfx)tst-glob-tilde.mtrace |
74 |
+ |
75 |
+$(objpfx)tst-glob-tilde-mem.out: $(objpfx)tst-glob-tilde.out |
76 |
+ $(common-objpfx)malloc/mtrace $(objpfx)tst-glob-tilde.mtrace > $@; \ |
77 |
+ $(evaluate-test) |
78 |
+ |
79 |
$(inst_libexecdir)/getconf: $(inst_bindir)/getconf \ |
80 |
$(objpfx)getconf.speclist FORCE |
81 |
$(addprefix $(..)./scripts/mkinstalldirs ,\ |
82 |
diff --git a/posix/tst-glob-tilde.c b/posix/tst-glob-tilde.c |
83 |
new file mode 100644 |
84 |
index 0000000000..9518b4a6f8 |
85 |
--- /dev/null |
86 |
+++ b/posix/tst-glob-tilde.c |
87 |
@@ -0,0 +1,136 @@ |
88 |
+/* Check for GLOB_TIDLE heap allocation issues (bug 22320, bug 22325). |
89 |
+ Copyright (C) 2017 Free Software Foundation, Inc. |
90 |
+ This file is part of the GNU C Library. |
91 |
+ |
92 |
+ The GNU C Library is free software; you can redistribute it and/or |
93 |
+ modify it under the terms of the GNU Lesser General Public |
94 |
+ License as published by the Free Software Foundation; either |
95 |
+ version 2.1 of the License, or (at your option) any later version. |
96 |
+ |
97 |
+ The GNU C Library is distributed in the hope that it will be useful, |
98 |
+ but WITHOUT ANY WARRANTY; without even the implied warranty of |
99 |
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
100 |
+ Lesser General Public License for more details. |
101 |
+ |
102 |
+ You should have received a copy of the GNU Lesser General Public |
103 |
+ License along with the GNU C Library; if not, see |
104 |
+ <http://www.gnu.org/licenses/>. */ |
105 |
+ |
106 |
+#include <glob.h> |
107 |
+#include <mcheck.h> |
108 |
+#include <nss.h> |
109 |
+#include <pwd.h> |
110 |
+#include <stdlib.h> |
111 |
+#include <string.h> |
112 |
+#include <support/check.h> |
113 |
+#include <support/support.h> |
114 |
+ |
115 |
+/* Flag which indicates whether to pass the GLOB_ONLYDIR flag. */ |
116 |
+static int do_onlydir; |
117 |
+ |
118 |
+/* Flag which indicates whether to pass the GLOB_NOCHECK flag. */ |
119 |
+static int do_nocheck; |
120 |
+ |
121 |
+/* Flag which indicates whether to pass the GLOB_MARK flag. */ |
122 |
+static int do_mark; |
123 |
+ |
124 |
+static void |
125 |
+one_test (const char *prefix, const char *middle, const char *suffix) |
126 |
+{ |
127 |
+ char *pattern = xasprintf ("%s%s%s", prefix, middle, suffix); |
128 |
+ int flags = GLOB_TILDE; |
129 |
+ if (do_onlydir) |
130 |
+ flags |= GLOB_ONLYDIR; |
131 |
+ if (do_nocheck) |
132 |
+ flags |= GLOB_NOCHECK; |
133 |
+ if (do_mark) |
134 |
+ flags |= GLOB_MARK; |
135 |
+ glob_t gl; |
136 |
+ /* This glob call might result in crashes or memory leaks. */ |
137 |
+ if (glob (pattern, flags, NULL, &gl) == 0) |
138 |
+ globfree (&gl); |
139 |
+ free (pattern); |
140 |
+} |
141 |
+ |
142 |
+enum |
143 |
+ { |
144 |
+ /* The largest base being tested. */ |
145 |
+ largest_base_size = 500000, |
146 |
+ |
147 |
+ /* The actual size is the base size plus a variable whose absolute |
148 |
+ value is not greater than this. This helps malloc to trigger |
149 |
+ overflows. */ |
150 |
+ max_size_skew = 16, |
151 |
+ |
152 |
+ /* The maximum string length supported by repeating_string |
153 |
+ below. */ |
154 |
+ repeat_size = largest_base_size + max_size_skew, |
155 |
+ }; |
156 |
+ |
157 |
+/* Used to construct strings which repeat a single character 'x'. */ |
158 |
+static char *repeat; |
159 |
+ |
160 |
+/* Return a string of SIZE characters. */ |
161 |
+const char * |
162 |
+repeating_string (int size) |
163 |
+{ |
164 |
+ TEST_VERIFY (size >= 0); |
165 |
+ TEST_VERIFY (size <= repeat_size); |
166 |
+ const char *repeated_shifted = repeat + repeat_size - size; |
167 |
+ TEST_VERIFY (strlen (repeated_shifted) == size); |
168 |
+ return repeated_shifted; |
169 |
+} |
170 |
+ |
171 |
+static int |
172 |
+do_test (void) |
173 |
+{ |
174 |
+ /* Avoid network-based NSS modules and initialize nss_files with a |
175 |
+ dummy lookup. This has to come before mtrace because NSS does |
176 |
+ not free all memory. */ |
177 |
+ __nss_configure_lookup ("passwd", "files"); |
178 |
+ (void) getpwnam ("root"); |
179 |
+ |
180 |
+ mtrace (); |
181 |
+ |
182 |
+ repeat = xmalloc (repeat_size + 1); |
183 |
+ memset (repeat, 'x', repeat_size); |
184 |
+ repeat[repeat_size] = '\0'; |
185 |
+ |
186 |
+ /* These numbers control the size of the user name. The values |
187 |
+ cover the minimum (0), a typical size (8), a large |
188 |
+ stack-allocated size (100000), and a somewhat large |
189 |
+ heap-allocated size (largest_base_size). */ |
190 |
+ static const int base_sizes[] = { 0, 8, 100, 100000, largest_base_size, -1 }; |
191 |
+ |
192 |
+ for (do_onlydir = 0; do_onlydir < 2; ++do_onlydir) |
193 |
+ for (do_nocheck = 0; do_nocheck < 2; ++do_nocheck) |
194 |
+ for (do_mark = 0; do_mark < 2; ++do_mark) |
195 |
+ for (int base_idx = 0; base_sizes[base_idx] >= 0; ++base_idx) |
196 |
+ { |
197 |
+ for (int size_skew = -max_size_skew; size_skew <= max_size_skew; |
198 |
+ ++size_skew) |
199 |
+ { |
200 |
+ int size = base_sizes[base_idx] + size_skew; |
201 |
+ if (size < 0) |
202 |
+ continue; |
203 |
+ |
204 |
+ const char *user_name = repeating_string (size); |
205 |
+ one_test ("~", user_name, "/a/b"); |
206 |
+ } |
207 |
+ |
208 |
+ const char *user_name = repeating_string (base_sizes[base_idx]); |
209 |
+ one_test ("~", user_name, ""); |
210 |
+ one_test ("~", user_name, "/"); |
211 |
+ one_test ("~", user_name, "/a"); |
212 |
+ one_test ("~", user_name, "/*/*"); |
213 |
+ one_test ("~", user_name, "\\/"); |
214 |
+ one_test ("/~", user_name, ""); |
215 |
+ one_test ("*/~", user_name, "/a/b"); |
216 |
+ } |
217 |
+ |
218 |
+ free (repeat); |
219 |
+ |
220 |
+ return 0; |
221 |
+} |
222 |
+ |
223 |
+#include <support/test-driver.c> |
224 |
-- |
225 |
2.15.1 |