Test for CVE-2015-0235 (GHOST)

2 files changed, 58 insertions, 0 deletions

diff --git a/admin/cve-2015-0235-ghost.c b/admin/cve-2015-0235-ghost.c
new file mode 100644
index 00000000..3615ff57
--- /dev/null
+++ b/admin/cve-2015-0235-ghost.c
@@ -0,0 +1,40 @@
+/* From http://www.openwall.com/lists/oss-security/2015/01/27/9 */
+
+#include <netdb.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#define CANARY "in_the_coal_mine"
+
+struct {
+  char buffer[1024];
+  char canary[sizeof(CANARY)];
+} temp = { "buffer", CANARY };
+
+int main(void) {
+  struct hostent resbuf;
+  struct hostent *result;
+  int herrno;
+  int retval;
+
+  /*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/
+  size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1;
+  char name[sizeof(temp.buffer)];
+  memset(name, '0', len);
+  name[len] = '\0';
+
+  retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);
+
+  if (strcmp(temp.canary, CANARY) != 0) {
+    puts("vulnerable");
+    exit(EXIT_SUCCESS);
+  }
+  if (retval == ERANGE) {
+    puts("not vulnerable");
+    exit(EXIT_SUCCESS);
+  }
+  puts("should not happen");
+  exit(EXIT_FAILURE);
+}
diff --git a/admin/test-cve-2015-0235-ghost.yml b/admin/test-cve-2015-0235-ghost.yml
new file mode 100644
index 00000000..6090eb2b
--- /dev/null
+++ b/admin/test-cve-2015-0235-ghost.yml
@@ -0,0 +1,18 @@
+# Test systems for CVE-2015-0235 GHOST
+#
+# http://www.openwall.com/lists/oss-security/2015/01/27/9
+---
+- hosts: all
+  gather_facts: False
+  tasks:
+    - name: copy in the cve-2015-0235-ghost-x86-64 test program
+      copy: src=cve-2015-0235-ghost-x86-64 dest=~ mode=755
+
+    - name: run the test program
+      command: ~/cve-2015-0235-ghost-x86-64
+      register: test_output
+
+    - debug: var=test_output.stdout_lines
+
+    - name: remove test program again
+      file: path=~/cve-2015-0235-ghost-x86-64 state=absent