> +/*
> + * Copyright (c) 2015 Fujitsu Ltd.
> + * Author: Zeng Linggang <zenglg...@cn.fujitsu.com>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation; either version 2 of the License, or
> + * (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
> + * the GNU General Public License for more details.
> + */
> +
> +/*
> + * This is a test for glibc bug:
> + *
> https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
> + */
> +
> +#include <netdb.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <errno.h>
> +#include "test.h"
> +
> +#define CANARY "in_the_coal_mine"
> +
> +static void setup(void);
> +static void cleanup(void);
> +static void check_vulnerable(void);
> +
> +static struct {
> + char buffer[1024];
> + char canary[sizeof(CANARY)];
> +} temp = {
> + "buffer",
> + CANARY,
> +};
> +
> +char *TCID = "gethostbyname_r01";
> +int TST_TOTAL = 1;
> +
> +int main(int ac, char **av)
> +{
> + int lc;
> + const char *msg;
> +
> + msg = parse_opts(ac, av, NULL, NULL);
> + if (msg != NULL)
> + tst_brkm(TBROK, NULL, "OPTION PARSING ERROR - %s", msg);
> +
> + setup();
> +
> + for (lc = 0; TEST_LOOPING(lc); lc++) {
> + tst_count = 0;
> + check_vulnerable();
> + }
> +
> + cleanup();
> + tst_exit();
> +}
> +
> +static void setup(void)
> +{
> + tst_sig(NOFORK, DEF_HANDLER, NULL);
> + TEST_PAUSE;
> +}
> +
> +static void cleanup(void)
> +{
> +}
What is the point of empty cleanup()? If cleanup is not needed we do not
have to define an empty function and call it at the end of the test.
> +static void check_vulnerable(void)
> +{
> + struct hostent resbuf;
> + struct hostent *result;
> + int herrno;
> + int retval;
> + char name[sizeof(temp.buffer)];
> + size_t len;
> +
> + len = sizeof(temp.buffer) - 16 - 2 * sizeof(char *) - 1;
What is the point of this complicated arithemtic?
> + memset(name, '0', len);
> + name[len] = '\0';
> +
> + retval = gethostbyname_r(name, &resbuf, temp.buffer,
> + sizeof(temp.buffer), &result, &herrno);
> +
> + if (strcmp(temp.canary, CANARY) != 0) {
> + tst_resm(TFAIL, "vulnerable");
> + return;
> + }
> +
> + if (retval == ERANGE) {
> + tst_resm(TPASS, "not vulnerable");
> + return;
> + }
> +
> + tst_resm(TFAIL, "should not happen");
Better failure message here please. I guess from the code that
gethostbyname_r returns errno then something like:
tst_resm(TFAIL,
"gethostbyname_r() returned %s, expected ERANGE",
tst_strerrno(retval));
--
Cyril Hrubis
chru...@suse.cz
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
