diff options
author | Zefir Kurtisi <zefir.kurtisi@gmail.com> | 2021-04-23 20:48:00 +0300 |
---|---|---|
committer | Petr Štetiar <ynezz@true.cz> | 2021-04-29 16:34:21 +0300 |
commit | a0dbcf8b8f966ce8a358afe555bb75401ef1e9be (patch) | |
tree | 9b680f476497adff7c7e41faf85fb9155ae73aac /tests | |
parent | 551d75b5662cccd0466b990d58136bdf799a804d (diff) |
tests: add blob-buffer overflow test
The blob buffer has no limitation in place
to prevent buflen to exceed maximum size.
This commit adds a test to demonstrate how
a blob increases past the maximum allowd
size of 16MB. It continuously adds chunks
of 64KB and with the 255th one blob_add()
returns a valid attribute pointer but the
blob's buflen does not increase.
The test is used to demonstrate the
failure, which is fixed with a follow-up
commit.
Signed-off-by: Zefir Kurtisi <zefir.kurtisi@gmail.com>
[adjusted test case for cram usage]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/cram/test_blob_buflen.t | 9 | ||||
-rw-r--r-- | tests/test-blob-buflen.c | 31 |
2 files changed, 40 insertions, 0 deletions
diff --git a/tests/cram/test_blob_buflen.t b/tests/cram/test_blob_buflen.t new file mode 100644 index 0000000..986e476 --- /dev/null +++ b/tests/cram/test_blob_buflen.t @@ -0,0 +1,9 @@ +check that blob buffer cannot exceed maximum buffer length: + + $ [ -n "$TEST_BIN_DIR" ] && export PATH="$TEST_BIN_DIR:$PATH" + + $ valgrind --quiet --leak-check=full test-blob-buflen + SUCCESS: failed to allocate attribute + + $ test-blob-buflen-san + SUCCESS: failed to allocate attribute diff --git a/tests/test-blob-buflen.c b/tests/test-blob-buflen.c new file mode 100644 index 0000000..45ea379 --- /dev/null +++ b/tests/test-blob-buflen.c @@ -0,0 +1,31 @@ +#include <stdio.h> + +#include "blobmsg.h" + +/* chunks of 64KB to be added to blob-buffer */ +#define BUFF_SIZE 0x10000 +/* exceed maximum blob buff-length */ +#define BUFF_CHUNKS (((BLOB_ATTR_LEN_MASK + 1) / BUFF_SIZE) + 1) + +int main(int argc, char **argv) +{ + int i; + static struct blob_buf buf; + blobmsg_buf_init(&buf); + int prev_len = buf.buflen; + + for (i = 0; i < BUFF_CHUNKS; i++) { + struct blob_attr *attr = blob_new(&buf, 0, BUFF_SIZE); + if (!attr) { + fprintf(stderr, "SUCCESS: failed to allocate attribute\n"); + break; + } + if (prev_len < buf.buflen) { + prev_len = buf.buflen; + continue; + } + fprintf(stderr, "ERROR: buffer length did not increase\n"); + return -1; + } + return 0; +} |