• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * Copyright (C) 2018 Petr Vorel <pvorel@suse.cz>
4  * Copyright (C) 2018 Michael Moese <mmoese@suse.de>
5  *
6  * cve-2018-1000001 realpath buffer underflow
7  * Based on the reproducer posted upstream so other copyrights may apply.
8  * Author: Dmitry V. Levin <ldv@altlinux.org>
9  * LTP conversion from glibc source: Petr Vorel <pvorel@suse.cz>
10  */
11 
12 #include "tst_test.h"
13 
14 #include <errno.h>
15 #include <stdlib.h>
16 
17 #define CHROOT_DIR "cve-2018-1000001"
18 
setup(void)19 static void setup(void)
20 {
21 	SAFE_MKDIR(CHROOT_DIR, 0755);
22 	SAFE_CHROOT(CHROOT_DIR);
23 }
24 
run(void)25 static void run(void)
26 {
27 	TESTPTR(realpath(".", NULL));
28 
29 	if (TST_ERR != ENOENT) {
30 		tst_res(TFAIL | TTERRNO, "returned unexpected errno");
31 	} else	if (TST_RET_PTR != NULL) {
32 		tst_res(TFAIL, "syscall didn't return NULL: '%s'",
33 				(char *)TST_RET_PTR);
34 	} else {
35 		tst_res(TPASS, "bug not reproduced");
36 	}
37 }
38 
39 static struct tst_test test = {
40 	.test_all = run,
41 	.setup = setup,
42 	.needs_root = 1,
43 	.needs_tmpdir = 1,
44 };
45