From 2420f7ae8b72405de1a41760b213e2e0849b2b8d Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 12 Jun 2013 13:56:39 +0100 Subject: Add a test-case for CVE-2013-2168 Reviewed-by: Thiago Macieira [build system adjusted to compile it even if we don't have GLib -smcv] --- test/internals/printf.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 test/internals/printf.c (limited to 'test/internals/printf.c') diff --git a/test/internals/printf.c b/test/internals/printf.c new file mode 100644 index 00000000..2d2fff8d --- /dev/null +++ b/test/internals/printf.c @@ -0,0 +1,89 @@ +/* Regression test for _dbus_printf_string_upper_bound + * + * Author: Simon McVittie + * Copyright © 2013 Intel Corporation + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation files + * (the "Software"), to deal in the Software without restriction, + * including without limitation the rights to use, copy, modify, merge, + * publish, distribute, sublicense, and/or sell copies of the Software, + * and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include + +#define DBUS_COMPILATION /* this test uses libdbus-internal */ +#include +#include +#include +#include "test-utils.h" + +#include +#include + +static void +do_test (int minimum, + const char *format, + ...) +{ + va_list ap; + int result; + + va_start (ap, format); + result = _dbus_printf_string_upper_bound (format, ap); + va_end (ap); + + if (result < minimum) + { + fprintf (stderr, "expected at least %d, got %d\n", minimum, result); + abort (); + } +} + +#define X_TIMES_8 "XXXXXXXX" +#define X_TIMES_16 X_TIMES_8 X_TIMES_8 +#define X_TIMES_32 X_TIMES_16 X_TIMES_16 +#define X_TIMES_64 X_TIMES_32 X_TIMES_32 +#define X_TIMES_128 X_TIMES_64 X_TIMES_64 +#define X_TIMES_256 X_TIMES_128 X_TIMES_128 +#define X_TIMES_512 X_TIMES_256 X_TIMES_256 +#define X_TIMES_1024 X_TIMES_512 X_TIMES_512 + +int +main (int argc, + char **argv) +{ + char buf[] = X_TIMES_1024 X_TIMES_1024 X_TIMES_1024 X_TIMES_1024; + int i; + + do_test (1, "%d", 0); + do_test (7, "%d", 1234567); + do_test (3, "%f", 3.5); + + do_test (0, "%s", ""); + do_test (1024, "%s", X_TIMES_1024); + do_test (1025, "%s", X_TIMES_1024 "Y"); + + for (i = 4096; i > 0; i--) + { + buf[i] = '\0'; + do_test (i, "%s", buf); + do_test (i + 3, "%s:%d", buf, 42); + } + + return 0; +} -- cgit v1.2.1 From f17fd1cc4e8d69f92986b6f452618c6c1b9819dc Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 30 Aug 2013 17:45:52 +0100 Subject: Define DBUS_COMPILATION externally for all tests that use internal stuff It might as well go in the AM_CPPFLAGS rather than in the source code. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68852 Reviewed-by: Ralf Habacker --- test/internals/printf.c | 1 - 1 file changed, 1 deletion(-) (limited to 'test/internals/printf.c') diff --git a/test/internals/printf.c b/test/internals/printf.c index 2d2fff8d..db151518 100644 --- a/test/internals/printf.c +++ b/test/internals/printf.c @@ -26,7 +26,6 @@ #include -#define DBUS_COMPILATION /* this test uses libdbus-internal */ #include #include #include -- cgit v1.2.1