Re: [LTP] [PATCH] mq_timedsend01: do not write out of the array boundaries.

Thu, 07 Jul 2011 22:09:55 -0700 

On 07/07/2011 16.47, Cyril Hrubis wrote:
> Hi!
>> When preparing the message to be sent, limit the number of written bytes
>> to the array's size, otherwise it will be detected as a stack smashing attack
>> and the test case will be killed, as from the output below:
>>
>> <<<test_start>>>
>> tag=mq_timedsend01 stime=948808768
>> cmdline="mq_timedsend01"
>> contacts=""
>> analysis=exit
>> <<<test_output>>>
>> incrementing stop
>>
>> ... [SNIP] ...
>>
>> mq_timedsend01    0  TINFO  :  (case04) START
>> EXPECT: return value(ret)=-1 errno=90 (Message too long)
>> RESULT: return value(ret)=-1 errno=90 (Message too long)
>> stack smashing detected: mq_timedsend01 terminated()
>> <<<execution_status>>>
>> initiation_status="ok"
>> duration=0 termination_type=signaled termination_id=6 corefile=no
>> cutime=0 cstime=2
>> <<<test_end>>>
>>
>> Signed-off-by: Carmelo Amoroso <[email protected]>
>> ---
>>  .../kernel/syscalls/mq_timedsend/mq_timedsend01.c  |    2 +-
>>  1 files changed, 1 insertions(+), 1 deletions(-)
>>
>> diff --git a/testcases/kernel/syscalls/mq_timedsend/mq_timedsend01.c 
>> b/testcases/kernel/syscalls/mq_timedsend/mq_timedsend01.c
>> index 63add02..db2b272 100644
>> --- a/testcases/kernel/syscalls/mq_timedsend/mq_timedsend01.c
>> +++ b/testcases/kernel/syscalls/mq_timedsend/mq_timedsend01.c
>> @@ -367,7 +367,7 @@ static int do_test(struct test_case *tc)
>>      /*
>>       * Prepare send message
>>       */
>> -    for (i = 0; i < tc->len; i++)
>> +    for (i = 0; i < tc->len && i < sizeof(smsg); i++)
>>              smsg[i] = i;
>>  
>>      /*
> 
> Perhaps increasing the smsg and rmsg array to MAX_MSGSIZE + 1 would be
> more consistend. Commited anyway, thanks.
> 

I think this way is safer... you could always have a test case that
tries to write max+2 ;-).

thanks,
Carmelo


------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list

Reply via email to