1/* 2 * Copyright (c) 2017 Fujitsu Ltd. 3 * Author: Guangwen Feng <fenggw-fnst@cn.fujitsu.com> 4 * 5 * This program is free software: you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation, either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program, if not, see <http://www.gnu.org/licenses/>. 17 */ 18 19/* 20 * Test for CVE-2016-7042, this regression test can crash the buggy kernel 21 * when the stack-protector is enabled, and the bug was fixed in: 22 * 23 * commit 03dab869b7b239c4e013ec82aea22e181e441cfc 24 * Author: David Howells <dhowells@redhat.com> 25 * Date: Wed Oct 26 15:01:54 2016 +0100 26 * 27 * KEYS: Fix short sprintf buffer in /proc/keys show function 28 */ 29 30#include <errno.h> 31#include <stdio.h> 32 33#include "tst_test.h" 34#include "lapi/keyctl.h" 35 36#define PATH_KEYS "/proc/keys" 37 38static key_serial_t key; 39static int fd; 40 41static void do_test(void) 42{ 43 char buf[BUFSIZ]; 44 45 key = add_key("user", "ltptestkey", "a", 1, KEY_SPEC_SESSION_KEYRING); 46 if (key == -1) 47 tst_brk(TBROK, "Failed to add key"); 48 49 if (keyctl(KEYCTL_UPDATE, key, "b", 1)) 50 tst_brk(TBROK, "Failed to update key"); 51 52 fd = SAFE_OPEN(PATH_KEYS, O_RDONLY); 53 54 tst_res(TINFO, "Attempting to crash the system"); 55 56 SAFE_READ(0, fd, buf, BUFSIZ); 57 58 tst_res(TPASS, "Bug not reproduced"); 59 60 SAFE_CLOSE(fd); 61 62 if (keyctl(KEYCTL_UNLINK, key, KEY_SPEC_SESSION_KEYRING)) 63 tst_brk(TBROK, "Failed to unlink key"); 64 key = 0; 65} 66 67static void setup(void) 68{ 69 if (access(PATH_KEYS, F_OK)) 70 tst_brk(TCONF, "%s does not exist", PATH_KEYS); 71} 72 73static void cleanup(void) 74{ 75 if (key > 0 && keyctl(KEYCTL_UNLINK, key, KEY_SPEC_SESSION_KEYRING)) 76 tst_res(TWARN, "Failed to unlink key"); 77 78 if (fd > 0) 79 SAFE_CLOSE(fd); 80} 81 82static struct tst_test test = { 83 .setup = setup, 84 .cleanup = cleanup, 85 .test_all = do_test, 86}; 87