1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (C) 2018 Petr Vorel <pvorel@suse.cz>
4 * Copyright (C) 2018 Michael Moese <mmoese@suse.de>
5 *
6 * cve-2018-1000001 realpath buffer underflow
7 * Based on the reproducer posted upstream so other copyrights may apply.
8 * Author: Dmitry V. Levin <ldv@altlinux.org>
9 * LTP conversion from glibc source: Petr Vorel <pvorel@suse.cz>
10 */
11
12 #include "tst_test.h"
13
14 #include <errno.h>
15 #include <stdlib.h>
16
17 #define CHROOT_DIR "cve-2018-1000001"
18
setup(void)19 static void setup(void)
20 {
21 SAFE_MKDIR(CHROOT_DIR, 0755);
22 SAFE_CHROOT(CHROOT_DIR);
23 }
24
run(void)25 static void run(void)
26 {
27 TESTPTR(realpath(".", NULL));
28
29 if (TST_ERR != ENOENT) {
30 tst_res(TFAIL | TTERRNO, "returned unexpected errno");
31 } else if (TST_RET_PTR != NULL) {
32 tst_res(TFAIL, "syscall didn't return NULL: '%s'",
33 (char *)TST_RET_PTR);
34 } else {
35 tst_res(TPASS, "bug not reproduced");
36 }
37 }
38
39 static struct tst_test test = {
40 .test_all = run,
41 .setup = setup,
42 .needs_root = 1,
43 .needs_tmpdir = 1,
44 .tags = (const struct tst_tag[]) {
45 {"CVE", "2018-1000001"},
46 {}
47 }
48 };
49