1 /*
2 * Copyright (c) 2017 Richard Palethorpe <rpalethorpe@suse.com>
3 *
4 * This program is free software: you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation, either version 2 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
16 */
17 /*
18 * Test for CVE-2016-6951, original reproducer can be found here:
19 * http://www.spinics.net/lists/keyrings/msg01845.html
20 *
21 * request_key() is not in glibc, so we just use the syscall directly instead
22 * of linking to keyutils.
23 */
24
25 #include <unistd.h>
26 #include <sys/syscall.h>
27
28 #include "tst_test.h"
29 #include "lapi/syscalls.h"
30
31 #define ATTEMPTS 0x100
32
run(void)33 static void run(void)
34 {
35 int i;
36
37 tst_res(TINFO, "Requesting dead key");
38 for (i = 0; i < ATTEMPTS; i++)
39 tst_syscall(__NR_request_key, "dead", "abc", "abc", 0, 0, 0);
40
41 tst_res(TPASS, "No crash after %d attempts", ATTEMPTS);
42 }
43
44 static struct tst_test test = {
45 .test_all = run,
46 };
47