1f08c3bdfSopenharmony_ci/* 2f08c3bdfSopenharmony_ci * Copyright (c) 2015 Fujitsu Ltd. 3f08c3bdfSopenharmony_ci * Author: Zeng Linggang <zenglg.jy@cn.fujitsu.com> 4f08c3bdfSopenharmony_ci * 5f08c3bdfSopenharmony_ci * This program is free software; you can redistribute it and/or modify 6f08c3bdfSopenharmony_ci * it under the terms of the GNU General Public License as published by 7f08c3bdfSopenharmony_ci * the Free Software Foundation; either version 2 of the License, or 8f08c3bdfSopenharmony_ci * (at your option) any later version. 9f08c3bdfSopenharmony_ci * 10f08c3bdfSopenharmony_ci * This program is distributed in the hope that it will be useful, 11f08c3bdfSopenharmony_ci * but WITHOUT ANY WARRANTY; without even the implied warranty of 12f08c3bdfSopenharmony_ci * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 13f08c3bdfSopenharmony_ci * the GNU General Public License for more details. 14f08c3bdfSopenharmony_ci */ 15f08c3bdfSopenharmony_ci 16f08c3bdfSopenharmony_ci/* 17f08c3bdfSopenharmony_ci * This is a test for glibc bug: 18f08c3bdfSopenharmony_ci * https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt 19f08c3bdfSopenharmony_ci */ 20f08c3bdfSopenharmony_ci 21f08c3bdfSopenharmony_ci#include <netdb.h> 22f08c3bdfSopenharmony_ci#include <stdio.h> 23f08c3bdfSopenharmony_ci#include <stdlib.h> 24f08c3bdfSopenharmony_ci#include <string.h> 25f08c3bdfSopenharmony_ci#include <errno.h> 26f08c3bdfSopenharmony_ci#include "test.h" 27f08c3bdfSopenharmony_ci 28f08c3bdfSopenharmony_ci#define CANARY "in_the_coal_mine" 29f08c3bdfSopenharmony_ci 30f08c3bdfSopenharmony_cistatic void setup(void); 31f08c3bdfSopenharmony_cistatic void check_vulnerable(void); 32f08c3bdfSopenharmony_ci 33f08c3bdfSopenharmony_cistatic struct { 34f08c3bdfSopenharmony_ci char buffer[1024]; 35f08c3bdfSopenharmony_ci char canary[sizeof(CANARY)]; 36f08c3bdfSopenharmony_ci} temp = { 37f08c3bdfSopenharmony_ci "buffer", 38f08c3bdfSopenharmony_ci CANARY, 39f08c3bdfSopenharmony_ci}; 40f08c3bdfSopenharmony_ci 41f08c3bdfSopenharmony_cichar *TCID = "gethostbyname_r01"; 42f08c3bdfSopenharmony_ciint TST_TOTAL = 1; 43f08c3bdfSopenharmony_ci 44f08c3bdfSopenharmony_ciint main(int ac, char **av) 45f08c3bdfSopenharmony_ci{ 46f08c3bdfSopenharmony_ci int lc; 47f08c3bdfSopenharmony_ci 48f08c3bdfSopenharmony_ci tst_parse_opts(ac, av, NULL, NULL); 49f08c3bdfSopenharmony_ci 50f08c3bdfSopenharmony_ci setup(); 51f08c3bdfSopenharmony_ci 52f08c3bdfSopenharmony_ci for (lc = 0; TEST_LOOPING(lc); lc++) { 53f08c3bdfSopenharmony_ci tst_count = 0; 54f08c3bdfSopenharmony_ci check_vulnerable(); 55f08c3bdfSopenharmony_ci } 56f08c3bdfSopenharmony_ci 57f08c3bdfSopenharmony_ci tst_exit(); 58f08c3bdfSopenharmony_ci} 59f08c3bdfSopenharmony_ci 60f08c3bdfSopenharmony_cistatic void setup(void) 61f08c3bdfSopenharmony_ci{ 62f08c3bdfSopenharmony_ci tst_sig(NOFORK, DEF_HANDLER, NULL); 63f08c3bdfSopenharmony_ci TEST_PAUSE; 64f08c3bdfSopenharmony_ci} 65f08c3bdfSopenharmony_ci 66f08c3bdfSopenharmony_cistatic void check_vulnerable(void) 67f08c3bdfSopenharmony_ci{ 68f08c3bdfSopenharmony_ci struct hostent resbuf; 69f08c3bdfSopenharmony_ci struct hostent *result; 70f08c3bdfSopenharmony_ci int herrno; 71f08c3bdfSopenharmony_ci int retval; 72f08c3bdfSopenharmony_ci char name[sizeof(temp.buffer)]; 73f08c3bdfSopenharmony_ci size_t len; 74f08c3bdfSopenharmony_ci 75f08c3bdfSopenharmony_ci /* 76f08c3bdfSopenharmony_ci * <glibc>/nss/digits_dots.c: 77f08c3bdfSopenharmony_ci * strlen(name) = size_needed - sizeof(*host_addr) - 78f08c3bdfSopenharmony_ci * sizeof(*h_addr_ptrs) - 1; 79f08c3bdfSopenharmony_ci */ 80f08c3bdfSopenharmony_ci len = sizeof(temp.buffer) - 16 - 2 * sizeof(char *) - 1; 81f08c3bdfSopenharmony_ci memset(name, '0', len); 82f08c3bdfSopenharmony_ci name[len] = '\0'; 83f08c3bdfSopenharmony_ci 84f08c3bdfSopenharmony_ci retval = gethostbyname_r(name, &resbuf, temp.buffer, 85f08c3bdfSopenharmony_ci sizeof(temp.buffer), &result, &herrno); 86f08c3bdfSopenharmony_ci 87f08c3bdfSopenharmony_ci if (strcmp(temp.canary, CANARY) != 0) { 88f08c3bdfSopenharmony_ci tst_resm(TFAIL, "vulnerable"); 89f08c3bdfSopenharmony_ci return; 90f08c3bdfSopenharmony_ci } 91f08c3bdfSopenharmony_ci 92f08c3bdfSopenharmony_ci if (retval == ERANGE) { 93f08c3bdfSopenharmony_ci tst_resm(TPASS, "not vulnerable"); 94f08c3bdfSopenharmony_ci return; 95f08c3bdfSopenharmony_ci } 96f08c3bdfSopenharmony_ci 97f08c3bdfSopenharmony_ci tst_resm(TFAIL, "gethostbyname_r() returned %s, expected ERANGE", 98f08c3bdfSopenharmony_ci tst_strerrno(retval)); 99f08c3bdfSopenharmony_ci} 100