1 /** 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 #include "../includes/common.h" 17 #include <dlfcn.h> 18 #include <libxml/xmlmemory.h> 19 #include <stdlib.h> 20 #include <string.h> 21 22 bool s_strlen_initialized = false; 23 static unsigned long (*real_strlen)(const char *) = nullptr; 24 25 #define TEST_STRING "CVE-2018_9472_Simulate_OverFlow_By_Large_String_Length" 26 #define LARGE_SIZE ((size_t)-2) 27 strlen_init(void)28void strlen_init(void) { 29 real_strlen = (unsigned long (*)(const char *))dlsym(RTLD_NEXT, "strlen"); 30 if (real_strlen) { 31 s_strlen_initialized = true; 32 } 33 } 34 strlen(const char * str)35size_t strlen(const char *str) { 36 if (!s_strlen_initialized) { 37 strlen_init(); 38 } 39 if (!strncmp(str, TEST_STRING, sizeof(TEST_STRING))) { 40 return LARGE_SIZE; 41 } 42 return real_strlen(str); 43 } 44 main()45int main() { 46 if (xmlMemStrdupLoc(TEST_STRING, "none", 0)) { 47 return EXIT_VULNERABLE; 48 } 49 return EXIT_SUCCESS; 50 } 51