Module Name: src Committed By: martin Date: Thu Feb 28 15:31:23 UTC 2013
Modified Files: src/tests/kernel: Makefile Added Files: src/tests/kernel: t_kauth_pr_47598.c Log Message: Add a testprogram for PR 47598. To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.32 src/tests/kernel/Makefile cvs rdiff -u -r0 -r1.1 src/tests/kernel/t_kauth_pr_47598.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/tests/kernel/Makefile diff -u src/tests/kernel/Makefile:1.31 src/tests/kernel/Makefile:1.32 --- src/tests/kernel/Makefile:1.31 Wed Nov 7 16:36:49 2012 +++ src/tests/kernel/Makefile Thu Feb 28 15:31:22 2013 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.31 2012/11/07 16:36:49 pgoyette Exp $ +# $NetBSD: Makefile,v 1.32 2013/02/28 15:31:22 martin Exp $ NOMAN= # defined @@ -13,6 +13,7 @@ TESTS_C+= t_pty TESTS_C+= t_mqueue TESTS_C+= t_sysv TESTS_C+= t_subr_prf +TESTS_C+= t_kauth_pr_47598 TESTS_SH= t_umount TESTS_SH+= t_ps_strings Added files: Index: src/tests/kernel/t_kauth_pr_47598.c diff -u /dev/null src/tests/kernel/t_kauth_pr_47598.c:1.1 --- /dev/null Thu Feb 28 15:31:23 2013 +++ src/tests/kernel/t_kauth_pr_47598.c Thu Feb 28 15:31:22 2013 @@ -0,0 +1,127 @@ +/*- + * Copyright (c) 2013 The NetBSD Foundation, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include <sys/cdefs.h> +__COPYRIGHT("@(#) Copyright (c) 2013\ + The NetBSD Foundation, inc. All rights reserved."); +__RCSID("$NetBSD: t_kauth_pr_47598.c,v 1.1 2013/02/28 15:31:22 martin Exp $"); + +#include <errno.h> +#include <unistd.h> +#include <stdio.h> +#include <stdlib.h> +#include <sys/sysctl.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <atf-c.h> + +/* + * PR kern/47598: if security.models.extensions.curtain = 1 we crash when + * doing a netstat while an embryonic (not yet fully accepted) connection + * exists. + * This has been fixed with rev. 1.5 of + * src/sys/secmodel/extensions/secmodel_extensions.c. + */ + + +ATF_TC(kauth_curtain); +ATF_TC_HEAD(kauth_curtain, tc) +{ + atf_tc_set_md_var(tc, "require.user", "root"); + atf_tc_set_md_var(tc, "require.progs", "netstat"); + atf_tc_set_md_var(tc, "descr", + "Checks for kernel crash with curtain active (PR kern/47598)"); +} + +ATF_TC_BODY(kauth_curtain, tc) +{ + static const char curtain_name[] = "security.models.bsd44.curtain"; + + int old_curtain, new_curtain = 1, s, s2, err; + size_t old_curtain_len = sizeof(old_curtain), slen; + struct sockaddr_in sa; + + /* + * save old value of "curtain" and enable it + */ + if (sysctlbyname(curtain_name, &old_curtain, &old_curtain_len, + &new_curtain, sizeof(new_curtain)) != 0) + atf_tc_fail("failed to enable %s", curtain_name); + + /* + * create a socket and bind it to some arbitray free port + */ + s = socket(PF_INET, SOCK_STREAM|SOCK_NONBLOCK, 0); + ATF_REQUIRE(s != -1); + memset(&sa, 0, sizeof(sa)); + sa.sin_family = AF_INET; + sa.sin_len = sizeof(sa); + sa.sin_addr.s_addr = inet_addr("127.0.0.1"); + ATF_REQUIRE(bind(s, (struct sockaddr *)&sa, sizeof(sa))==0); + ATF_REQUIRE(listen(s, 16)==0); + + /* + * extract address and open a connection to the port + */ + slen = sizeof(sa); + ATF_REQUIRE(getsockname(s, (struct sockaddr *)&sa, &slen)==0); + s2 = socket(PF_INET, SOCK_STREAM|SOCK_NONBLOCK, 0); + ATF_REQUIRE(s2 != -1); + printf("port is %d\n", ntohs(sa.sin_port)); + err = connect(s2, (struct sockaddr *)&sa, sizeof(sa)); + ATF_REQUIRE_MSG(err == -1 && errno == EINPROGRESS, + "conect returned %d with errno %d", err, errno); + fflush(stdout); + fflush(stderr); + + /* + * we now have a pending, not yet accepted connection - run netstat + */ + system("netstat -aA"); + + /* + * cleanup + */ + close(s2); + close(s); + + /* + * restore old value of curtain + */ + if (sysctlbyname(curtain_name, NULL, 0, + &old_curtain, sizeof(old_curtain)) != 0) + atf_tc_fail("failed to restore %s", curtain_name); +} + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, kauth_curtain); + + return atf_no_error(); +} + +