1 /*
2 * Copyright (c) 2017 FUJITSU LIMITED
3 * Author: Guangwen Feng <fenggw-fnst@cn.fujitsu.com>
4 *
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program, if not, see <http://www.gnu.org/licenses/>.
17 */
18
19 /*
20 * Test for CVE-2017-2618, this regression test can crash
21 * the buggy kernel, and the bug was fixed in:
22 *
23 * commit 0c461cb727d146c9ef2d3e86214f498b78b7d125
24 * Author: Stephen Smalley <sds@tycho.nsa.gov>
25 * Date: Tue Jan 31 11:54:04 2017 -0500
26 *
27 * selinux: fix off-by-one in setprocattr
28 */
29
30 #include <errno.h>
31 #include <stdlib.h>
32 #include <unistd.h>
33 #include "tst_test.h"
34
35 #define LOOPS 100
36 #define PATH_ATTRFS "/proc/self/attr/fscreate"
37
setup(void)38 static void setup(void)
39 {
40 if (access(PATH_ATTRFS, F_OK))
41 tst_brk(TCONF, "%s does not exist", PATH_ATTRFS);
42 }
43
do_test(void)44 static void do_test(void)
45 {
46 int i, fd;
47
48 for (i = 0; i < LOOPS; i++) {
49 if (!SAFE_FORK()) {
50 fd = SAFE_OPEN(PATH_ATTRFS, O_WRONLY);
51 write(fd, "\n", 1);
52 SAFE_CLOSE(fd);
53 exit(0);
54 }
55
56 tst_reap_children();
57 }
58
59 tst_res(TPASS, "Bug not reproduced");
60 }
61
62 static struct tst_test test = {
63 .forks_child = 1,
64 .setup = setup,
65 .test_all = do_test,
66 };
67