diff options
| author | Julian Andres Klode <julian.klode@canonical.com> | 2021-02-09 23:29:05 +0100 |
|---|---|---|
| committer | Julian Andres Klode <julian.klode@canonical.com> | 2021-02-09 23:33:47 +0100 |
| commit | 6284c8221da94ab6b4262795e6a7990fc3655848 (patch) | |
| tree | 4f95e77355c20ebac55b46716efc43fb703f0eaf /test/interactive-helper | |
| parent | e6bdafad65f67f45e0bc8919082e0f411b8bc121 (diff) | |
Fix test suite regression from StrToNum fixes
We ignored the failure from strtoul() that those test cases had values
out of range, hence they passed before, but now failed on 32-bit
platforms because we use strtoull() and do the limit check ourselves.
Move the tarball generator for test-github-111-invalid-armember to the
createdeb helper, and fix the helper to set all the numbers for like uid
and stuff to 0 instead of the maximum value the fields support (all 7s).
Regression-Of: e0743a85c5f5f2f83d91c305450e8ba192194cd8
Diffstat (limited to 'test/interactive-helper')
| -rw-r--r-- | test/interactive-helper/createdeb-cve-2020-27350.cc | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/test/interactive-helper/createdeb-cve-2020-27350.cc b/test/interactive-helper/createdeb-cve-2020-27350.cc index 8b9619469..a290c0ac2 100644 --- a/test/interactive-helper/createdeb-cve-2020-27350.cc +++ b/test/interactive-helper/createdeb-cve-2020-27350.cc @@ -203,6 +203,12 @@ static void createdeb_bigtarfilelength(const int fd, int flag, unsigned long lon memcpy(t.t.Name, "control\0 ", 16); memcpy(t.t.UserName, "userName", 8); memcpy(t.t.GroupName, "thisIsAGroupNamethisIsAGroupName", 32); + memcpy(t.t.UserID, "0", 2); + memcpy(t.t.GroupID, "0", 2); + memcpy(t.t.MTime, "0", 2); + memcpy(t.t.MagicNumber, "0", 2); + memcpy(t.t.Major, "0", 2); + memcpy(t.t.Minor, "0", 2); t.t.LinkFlag = flag; base256_encode(t.t.Size, size, sizeof(t.t.Size)); memset(t.t.Checksum, ' ', sizeof(t.t.Checksum)); @@ -218,6 +224,38 @@ static void createdeb_bigtarfilelength(const int fd, int flag, unsigned long lon write_chk(fd, t.buf, sizeof(t.buf)); } +static void createtar(const int fd) +{ + union + { + struct TarHeader t; + char buf[512]; + } t; + for (int i = 0; i < sizeof(t.buf); i++) + t.buf[i] = '7'; + memcpy(t.t.Name, "unterminatedName", 16); + memcpy(t.t.UserName, "userName", 8); + memcpy(t.t.GroupName, "thisIsAGroupNamethisIsAGroupName", 32); + memcpy(t.t.UserID, "0", 2); + memcpy(t.t.GroupID, "0", 2); + memcpy(t.t.MTime, "0", 2); + memcpy(t.t.MagicNumber, "0", 2); + memcpy(t.t.Major, "0", 2); + memcpy(t.t.Minor, "0", 2); + t.t.LinkFlag = 'X'; // I AM BROKEN + memcpy(t.t.Size, "000000000000", sizeof(t.t.Size)); + memset(t.t.Checksum, ' ', sizeof(t.t.Checksum)); + + unsigned long sum = 0; + for (int i = 0; i < sizeof(t.buf); i++) + sum += t.buf[i]; + + int written = sprintf(t.t.Checksum, "%lo", sum); + for (int i = written; i < sizeof(t.t.Checksum); i++) + t.t.Checksum[i] = ' '; + write_chk(fd, t.buf, sizeof(t.buf)); +} + static void createdeb_test(const int fd) { // Magic number @@ -311,6 +349,10 @@ int main(int argc, char *argv[]) { createdeb_bigtarfilelength(fd, '0', 128llu * 1024 * 1024 * 1024 + 1); } + else if (strcmp(mode, "github-111") == 0) + { + createtar(fd); + } else if (strcmp(mode, "test") == 0) { createdeb_test(fd); |