aboutsummaryrefslogtreecommitdiff
blob: c074c85670364668d94d2ff95e2fa190c2343e78 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
/* Check for descriptor leak in if_nametoindex with a long interface name.
   Copyright (C) 2018-2020 Free Software Foundation, Inc.
   This file is part of the GNU C Library.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with the GNU C Library; if not, see
   <https://www.gnu.org/licenses/>.  */

/* This test checks for a descriptor leak in case of a long interface
   name (CVE-2018-19591, bug 23927).  */

#include <errno.h>
#include <net/if.h>
#include <netdb.h>
#include <string.h>
#include <support/check.h>
#include <support/descriptors.h>
#include <support/support.h>

static int
do_test (void)
{
  struct support_descriptors *descrs = support_descriptors_list ();

  /* Prepare a name which is just as long as required for trigging the
     bug.  */
  char name[IFNAMSIZ + 1];
  memset (name, 'A', IFNAMSIZ);
  name[IFNAMSIZ] = '\0';
  TEST_COMPARE (strlen (name), IFNAMSIZ);
  struct ifreq ifr;
  TEST_COMPARE (strlen (name), sizeof (ifr.ifr_name));

  /* Test directly via if_nametoindex.  */
  TEST_COMPARE (if_nametoindex (name), 0);
  TEST_COMPARE (errno, ENODEV);
  support_descriptors_check (descrs);

  /* Same test via getaddrinfo.  */
  char *host = xasprintf ("fea0::%%%s", name);
  struct addrinfo hints = { .ai_flags = AI_NUMERICHOST, };
  struct addrinfo *ai;
  TEST_COMPARE (getaddrinfo (host, NULL, &hints, &ai), EAI_NONAME);
  support_descriptors_check (descrs);

  support_descriptors_free (descrs);

  return 0;
}

#include <support/test-driver.c>