Re: [LTP] [PATCH] mq_timedsend01: do not write out of the array boundaries.

Thu, 07 Jul 2011 07:46:56 -0700 

Hi!
> When preparing the message to be sent, limit the number of written bytes
> to the array's size, otherwise it will be detected as a stack smashing attack
> and the test case will be killed, as from the output below:
> 
> <<<test_start>>>
> tag=mq_timedsend01 stime=948808768
> cmdline="mq_timedsend01"
> contacts=""
> analysis=exit
> <<<test_output>>>
> incrementing stop
> 
> ... [SNIP] ...
> 
> mq_timedsend01    0  TINFO  :  (case04) START
> EXPECT: return value(ret)=-1 errno=90 (Message too long)
> RESULT: return value(ret)=-1 errno=90 (Message too long)
> stack smashing detected: mq_timedsend01 terminated()
> <<<execution_status>>>
> initiation_status="ok"
> duration=0 termination_type=signaled termination_id=6 corefile=no
> cutime=0 cstime=2
> <<<test_end>>>
> 
> Signed-off-by: Carmelo Amoroso <[email protected]>
> ---
>  .../kernel/syscalls/mq_timedsend/mq_timedsend01.c  |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/testcases/kernel/syscalls/mq_timedsend/mq_timedsend01.c 
> b/testcases/kernel/syscalls/mq_timedsend/mq_timedsend01.c
> index 63add02..db2b272 100644
> --- a/testcases/kernel/syscalls/mq_timedsend/mq_timedsend01.c
> +++ b/testcases/kernel/syscalls/mq_timedsend/mq_timedsend01.c
> @@ -367,7 +367,7 @@ static int do_test(struct test_case *tc)
>       /*
>        * Prepare send message
>        */
> -     for (i = 0; i < tc->len; i++)
> +     for (i = 0; i < tc->len && i < sizeof(smsg); i++)
>               smsg[i] = i;
>  
>       /*

Perhaps increasing the smsg and rmsg array to MAX_MSGSIZE + 1 would be
more consistend. Commited anyway, thanks.

-- 
Cyril Hrubis
[email protected]

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list

Reply via email to