Hi!
On Thu, 2015-02-26 at 10:00 +0100, Cyril Hrubis wrote:
> > +/*
> > + * Copyright (c) 2015 Fujitsu Ltd.
> > + * Author: Zeng Linggang <[email protected]>
> > + *
> > + * This program is free software; you can redistribute it and/or modify
> > + * it under the terms of the GNU General Public License as published by
> > + * the Free Software Foundation; either version 2 of the License, or
> > + * (at your option) any later version.
> > + *
> > + * This program is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
> > + * the GNU General Public License for more details.
> > + */
> > +
> > +/*
> > + * This is a test for glibc bug:
> > + *
> > https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
> > + */
> > +
> > +#include <netdb.h>
> > +#include <stdio.h>
> > +#include <stdlib.h>
> > +#include <string.h>
> > +#include <errno.h>
> > +#include "test.h"
> > +
> > +#define CANARY "in_the_coal_mine"
> > +
> > +static void setup(void);
> > +static void cleanup(void);
> > +static void check_vulnerable(void);
> > +
> > +static struct {
> > + char buffer[1024];
> > + char canary[sizeof(CANARY)];
> > +} temp = {
> > + "buffer",
> > + CANARY,
> > +};
> > +
> > +char *TCID = "gethostbyname_r01";
> > +int TST_TOTAL = 1;
> > +
> > +int main(int ac, char **av)
> > +{
> > + int lc;
> > + const char *msg;
> > +
> > + msg = parse_opts(ac, av, NULL, NULL);
> > + if (msg != NULL)
> > + tst_brkm(TBROK, NULL, "OPTION PARSING ERROR - %s", msg);
> > +
> > + setup();
> > +
> > + for (lc = 0; TEST_LOOPING(lc); lc++) {
> > + tst_count = 0;
> > + check_vulnerable();
> > + }
> > +
> > + cleanup();
> > + tst_exit();
> > +}
> > +
> > +static void setup(void)
> > +{
> > + tst_sig(NOFORK, DEF_HANDLER, NULL);
> > + TEST_PAUSE;
> > +}
> > +
> > +static void cleanup(void)
> > +{
> > +}
>
> What is the point of empty cleanup()? If cleanup is not needed we do not
> have to define an empty function and call it at the end of the test.
>
OK. I will delete this function.
> > +static void check_vulnerable(void)
> > +{
> > + struct hostent resbuf;
> > + struct hostent *result;
> > + int herrno;
> > + int retval;
> > + char name[sizeof(temp.buffer)];
> > + size_t len;
> > +
> > + len = sizeof(temp.buffer) - 16 - 2 * sizeof(char *) - 1;
>
> What is the point of this complicated arithemtic?
>
I am not very sure about these number's meaning.
I just know about these:
------------------------------------------------------------------
16: the size of sizeof(*host_addr)
from glibc nss/digits_dots.c:
typedef unsigned char host_addr_t[16];
host_addr_t *host_addr;
2 * sizeof(char *): the size of sizeof (*h_addr_ptrs)
from glibc nss/digits_dots.c:
typedef char *host_addr_list_t[2];
host_addr_list_t *h_addr_ptrs;
1: the end of string('\0')
------------------------------------------------------------------
> > + memset(name, '0', len);
> > + name[len] = '\0';
> > +
> > + retval = gethostbyname_r(name, &resbuf, temp.buffer,
> > + sizeof(temp.buffer), &result, &herrno);
> > +
> > + if (strcmp(temp.canary, CANARY) != 0) {
> > + tst_resm(TFAIL, "vulnerable");
> > + return;
> > + }
> > +
> > + if (retval == ERANGE) {
> > + tst_resm(TPASS, "not vulnerable");
> > + return;
> > + }
> > +
> > + tst_resm(TFAIL, "should not happen");
>
> Better failure message here please. I guess from the code that
> gethostbyname_r returns errno then something like:
>
OK.
And thank you for your review.
Best regards,
Zeng
> tst_resm(TFAIL,
> "gethostbyname_r() returned %s, expected ERANGE",
> tst_strerrno(retval));
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list
