1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) 2017 FUJITSU LIMITED
4 * Author: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
5 */
6
7 /*
8 * Test for CVE-2017-2618, this regression test can crash
9 * the buggy kernel, and the bug was fixed in:
10 *
11 * commit 0c461cb727d146c9ef2d3e86214f498b78b7d125
12 * Author: Stephen Smalley <sds@tycho.nsa.gov>
13 * Date: Tue Jan 31 11:54:04 2017 -0500
14 *
15 * selinux: fix off-by-one in setprocattr
16 */
17
18 #include <errno.h>
19 #include <stdlib.h>
20 #include <unistd.h>
21 #include "tst_test.h"
22
23 #define LOOPS 100
24 #define PATH_ATTRFS "/proc/self/attr/fscreate"
25
setup(void)26 static void setup(void)
27 {
28 if (access(PATH_ATTRFS, F_OK))
29 tst_brk(TCONF, "%s does not exist", PATH_ATTRFS);
30 }
31
do_test(void)32 static void do_test(void)
33 {
34 int i, fd;
35
36 for (i = 0; i < LOOPS; i++) {
37 if (!SAFE_FORK()) {
38 fd = SAFE_OPEN(PATH_ATTRFS, O_WRONLY);
39 write(fd, "\n", 1);
40 SAFE_CLOSE(fd);
41 exit(0);
42 }
43
44 tst_reap_children();
45 }
46
47 tst_res(TPASS, "Bug not reproduced");
48 }
49
50 static struct tst_test test = {
51 .forks_child = 1,
52 .setup = setup,
53 .test_all = do_test,
54 .tags = (const struct tst_tag[]) {
55 {"linux-git", "0c461cb727d1"},
56 {"CVE", "2017-2618"},
57 {}
58 }
59 };
60