/* * Copyright (c) 2015 Fujitsu Ltd. * Author: Zeng Linggang * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See * the GNU General Public License for more details. */ /* * This is a test for glibc bug: * https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt */ #include #include #include #include #include #include "test.h" #define CANARY "in_the_coal_mine" static void setup(void); static void check_vulnerable(void); static struct { char buffer[1024]; char canary[sizeof(CANARY)]; } temp = { "buffer", CANARY, }; char *TCID = "gethostbyname_r01"; int TST_TOTAL = 1; int main(int ac, char **av) { int lc; tst_parse_opts(ac, av, NULL, NULL); setup(); for (lc = 0; TEST_LOOPING(lc); lc++) { tst_count = 0; check_vulnerable(); } tst_exit(); } static void setup(void) { tst_sig(NOFORK, DEF_HANDLER, NULL); TEST_PAUSE; } static void check_vulnerable(void) { struct hostent resbuf; struct hostent *result; int herrno; int retval; char name[sizeof(temp.buffer)]; size_t len; /* * /nss/digits_dots.c: * strlen(name) = size_needed - sizeof(*host_addr) - * sizeof(*h_addr_ptrs) - 1; */ len = sizeof(temp.buffer) - 16 - 2 * sizeof(char *) - 1; memset(name, '0', len); name[len] = '\0'; retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno); if (strcmp(temp.canary, CANARY) != 0) { tst_resm(TFAIL, "vulnerable"); return; } if (retval == ERANGE) { tst_resm(TPASS, "not vulnerable"); return; } tst_resm(TFAIL, "gethostbyname_r() returned %s, expected ERANGE", tst_strerrno(retval)); }