1 /**
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #include "../includes/common.h"
17 #include <dlfcn.h>
18 #include <libxml/xmlmemory.h>
19 #include <stdlib.h>
20 #include <string.h>
21 
22 bool s_strlen_initialized = false;
23 static unsigned long (*real_strlen)(const char *) = nullptr;
24 
25 #define TEST_STRING "CVE-2018_9472_Simulate_OverFlow_By_Large_String_Length"
26 #define LARGE_SIZE ((size_t)-2)
27 
strlen_init(void)28 void strlen_init(void) {
29   real_strlen = (unsigned long (*)(const char *))dlsym(RTLD_NEXT, "strlen");
30   if (real_strlen) {
31     s_strlen_initialized = true;
32   }
33 }
34 
strlen(const char * str)35 size_t strlen(const char *str) {
36   if (!s_strlen_initialized) {
37     strlen_init();
38   }
39   if (!strncmp(str, TEST_STRING, sizeof(TEST_STRING))) {
40     return LARGE_SIZE;
41   }
42   return real_strlen(str);
43 }
44 
main()45 int main() {
46   if (xmlMemStrdupLoc(TEST_STRING, "none", 0)) {
47     return EXIT_VULNERABLE;
48   }
49   return EXIT_SUCCESS;
50 }
51