diff options
-rw-r--r-- | operations.c | 10 | ||||
-rw-r--r-- | tests/unit/test_operations.c | 155 |
2 files changed, 72 insertions, 93 deletions
diff --git a/operations.c b/operations.c index 8d8b926..c751919 100644 --- a/operations.c +++ b/operations.c @@ -345,6 +345,7 @@ int op_cmp(const struct seccomp_notif *req, int notifier, struct gluten *g, const void *py = gluten_ptr(&req->data, g, op->y); enum op_cmp_type cmp = op->cmp; int res; + int jmp; (void)notifier; @@ -357,10 +358,15 @@ int op_cmp(const struct seccomp_notif *req, int notifier, struct gluten *g, if ((res == 0 && (cmp == CMP_EQ || cmp == CMP_LE || cmp == CMP_GE)) || (res < 0 && (cmp == CMP_LT || cmp == CMP_LE)) || (res > 0 && (cmp == CMP_GT || cmp == CMP_GE)) || - (res != 0 && (cmp == CMP_NE))) + (res != 0 && (cmp == CMP_NE))) { + debug(" execute op_cmp: successful comparison"); return 0; + } - return op->jmp.offset; + if (gluten_read(NULL, g, &jmp, op->jmp, sizeof(jmp)) == -1) + return -1; + debug(" execute op_cmp: jump to %d", jmp); + return jmp; } int op_resolve_fd(const struct seccomp_notif *req, int notifier, diff --git a/tests/unit/test_operations.c b/tests/unit/test_operations.c index a5ed78f..a955832 100644 --- a/tests/unit/test_operations.c +++ b/tests/unit/test_operations.c @@ -130,12 +130,12 @@ END_TEST START_TEST(test_op_call) { long nr = __NR_getppid; - struct op operations[] = { { OP_CALL, + struct op ops[] = { { OP_CALL, { .call = { .nr = { OFFSET_DATA, 0 } } } }, { OP_CONT, OP_EMPTY }, { OP_END, OP_EMPTY } }; - memcpy(&gluten.inst, &operations, sizeof(operations)); - ck_write_gluten(gluten, operations[0].op.call.nr, nr); + write_instr(gluten, ops); + ck_write_gluten(gluten, ops[0].op.call.nr, nr); ck_assert_int_eq(eval(&gluten, &req, notifyfd), 0); check_target_result(1, 0, true); } @@ -145,7 +145,7 @@ START_TEST(test_op_call_ret) { long nr = __NR_getppid; long r; - struct op operations[] = { + struct op ops[] = { { OP_CALL, { .call = { .nr = { OFFSET_DATA, 0 }, .ret = { OFFSET_DATA, sizeof(nr) }, @@ -154,11 +154,11 @@ START_TEST(test_op_call_ret) { OP_END, OP_EMPTY }, }; - memcpy(&gluten.inst, &operations, sizeof(operations)); - ck_write_gluten(gluten, operations[0].op.call.nr, nr); + write_instr(gluten, ops); + ck_write_gluten(gluten, ops[0].op.call.nr, nr); ck_assert_int_eq(eval(&gluten, &req, notifyfd), 0); check_target_result(1, 0, true); - ck_read_gluten(gluten, operations[0].op.call.ret, r); + ck_read_gluten(gluten, ops[0].op.call.ret, r); ck_assert(r == getpid()); } END_TEST @@ -207,7 +207,7 @@ END_TEST START_TEST(test_op_load) { - struct op operations[] = { + struct op ops[] = { { OP_LOAD, { .load = { { OFFSET_SECCOMP_DATA, 1 }, { OFFSET_DATA, 0 }, @@ -219,99 +219,77 @@ START_TEST(test_op_load) struct sockaddr_un addr; int v = 2; - memcpy(&gluten.inst, &operations, sizeof(operations)); - ck_write_gluten(gluten, operations[1].op.ret.val, v); + write_instr(gluten, ops); + ck_write_gluten(gluten, ops[1].op.ret.val, v); ck_assert_int_eq(eval(&gluten, &req, notifyfd), 0); check_target_result(v, 0, false); - ck_read_gluten(gluten, operations[0].op.load.dst, addr); + ck_read_gluten(gluten, ops[0].op.load.dst, addr); ck_assert_str_eq(addr.sun_path, "/tmp/test.sock"); ck_assert(addr.sun_family == AF_UNIX); } END_TEST -static void test_op_cmp_int(int a, int b, enum op_cmp_type cmp) -{ - int jmp = 3; - struct op operations[] = { +struct top_cmp_int_data_t { + int a; + int b; + enum op_cmp_type cmp; +}; +struct top_cmp_int_data_t top_cmp_int_data[] = { + { 1, 1, CMP_EQ }, { 1, 2, CMP_NE }, { 2, 1, CMP_GT }, + { 1, 1, CMP_GE }, { 1, 2, CMP_LT }, { 1, 1, CMP_LE }, +}; + +START_TEST(test_op_cmp_int) +{ + enum op_cmp_type cmp = top_cmp_int_data[_i].cmp; + int a = top_cmp_int_data[_i].a; + int b = top_cmp_int_data[_i].b; + int jmp = 2; + struct op ops[] = { { OP_CMP, { .cmp = { { OFFSET_DATA, 0 }, { OFFSET_DATA, 10 }, sizeof(int), cmp, { OFFSET_RO_DATA, 0 } } } }, - { OP_BLOCK, { .block = { -1 } } }, - { OP_END, OP_EMPTY }, { OP_CONT, OP_EMPTY }, { OP_END, OP_EMPTY }, + { OP_BLOCK, { .block = { -1 } } }, + { OP_END, OP_EMPTY }, }; - memcpy(&gluten.inst, &operations, sizeof(operations)); - ck_write_gluten(gluten, operations[0].op.cmp.x, a); - ck_write_gluten(gluten, operations[0].op.cmp.y, b); - ck_write_gluten(gluten, operations[0].op.cmp.jmp, jmp); + write_instr(gluten, ops); + ck_write_gluten(gluten, ops[0].op.cmp.x, a); + ck_write_gluten(gluten, ops[0].op.cmp.y, b); + ck_write_gluten(gluten, ops[0].op.cmp.jmp, jmp); ck_assert_int_eq(eval(&gluten, &req, notifyfd), 0); check_target_result_nonegative(); } - -START_TEST(test_op_cmp_int_eq) -{ - test_op_cmp_int(1, 1, CMP_EQ); -} -END_TEST - -START_TEST(test_op_cmp_int_ne) -{ - test_op_cmp_int(1, 2, CMP_NE); -} -END_TEST - -START_TEST(test_op_cmp_int_gt) -{ - test_op_cmp_int(2, 1, CMP_GT); -} -END_TEST - -START_TEST(test_op_cmp_int_ge) -{ - test_op_cmp_int(1, 1, CMP_GE); -} -END_TEST - -START_TEST(test_op_cmp_int_lt) -{ - test_op_cmp_int(1, 2, CMP_LT); -} -END_TEST - -START_TEST(test_op_cmp_int_le) -{ - test_op_cmp_int(1, 1, CMP_LE); -} -END_TEST - START_TEST(test_op_cmp_string_eq) { char s1[30] = "Hello Test!!"; char s2[30] = "Hello Test!!"; int jmp = 3; - struct op operations[] = { + struct op ops[] = { { OP_CMP, { .cmp = { { OFFSET_DATA, 0 }, { OFFSET_DATA, 30 }, sizeof(s1), CMP_EQ, { OFFSET_RO_DATA, 0 } } } }, - { OP_BLOCK, { .block = { -1 } } }, - { OP_END, OP_EMPTY }, { OP_CONT, OP_EMPTY }, { OP_END, OP_EMPTY }, + { OP_BLOCK, { .block = { -1 } } }, + { OP_END, OP_EMPTY }, { 0 }, }; - ck_write_gluten(gluten, operations[0].op.cmp.x, s1); - ck_write_gluten(gluten, operations[0].op.cmp.y, s2); - ck_write_gluten(gluten, operations[0].op.cmp.jmp, jmp); + + write_instr(gluten, ops); + ck_write_gluten(gluten, ops[0].op.cmp.x, s1); + ck_write_gluten(gluten, ops[0].op.cmp.y, s2); + ck_write_gluten(gluten, ops[0].op.cmp.jmp, jmp); ck_assert_int_eq(eval(&gluten, &req, notifyfd), 0); check_target_result_nonegative(); @@ -322,25 +300,25 @@ START_TEST(test_op_cmp_string_false) { char s1[30] = "Hello Test!!"; char s2[30] = "Hello Tost!!"; - int jmp = 2; - struct op operations[] = { + int jmp = 3; + struct op ops[] = { { OP_CMP, { .cmp = { { OFFSET_DATA, 0 }, { OFFSET_DATA, 30 }, sizeof(s1), CMP_EQ, { OFFSET_RO_DATA, 0 } } } }, - { OP_CONT, OP_EMPTY }, - { OP_END, OP_EMPTY }, { OP_BLOCK, { .block = { -1 } } }, { OP_END, OP_EMPTY }, + { OP_CONT, OP_EMPTY }, + { OP_END, OP_EMPTY }, { 0 }, }; - memcpy(&gluten.inst, &operations, sizeof(operations)); - ck_write_gluten(gluten, operations[0].op.cmp.x, s1); - ck_write_gluten(gluten, operations[0].op.cmp.y, s2); - ck_write_gluten(gluten, operations[0].op.cmp.jmp, jmp); + write_instr(gluten, ops); + ck_write_gluten(gluten, ops[0].op.cmp.x, s1); + ck_write_gluten(gluten, ops[0].op.cmp.y, s2); + ck_write_gluten(gluten, ops[0].op.cmp.jmp, jmp); ck_assert_int_eq(eval(&gluten, &req, notifyfd), 0); check_target_result_nonegative(); @@ -349,7 +327,7 @@ END_TEST START_TEST(test_op_resolvedfd_eq) { - struct op operations[] = { + struct op ops[] = { { OP_RESOLVEDFD, { .resfd = { { OFFSET_DATA, 0 }, { OFFSET_DATA, 4 }, @@ -362,9 +340,9 @@ START_TEST(test_op_resolvedfd_eq) { 0 }, }; - memcpy(&gluten.inst, &operations, sizeof(operations)); - ck_write_gluten(gluten, operations[0].op.resfd.fd, at->fd); - ck_write_gluten(gluten, operations[0].op.resfd.path, path); + write_instr(gluten, ops); + ck_write_gluten(gluten, ops[0].op.resfd.fd, at->fd); + ck_write_gluten(gluten, ops[0].op.resfd.path, path); ck_assert_int_eq(eval(&gluten, &req, notifyfd), 0); check_target_result(-1, 1, false); @@ -374,7 +352,7 @@ END_TEST START_TEST(test_op_resolvedfd_neq) { char path2[] = "/tmp/seitan-test-wrong"; - struct op operations[] = { + struct op ops[] = { { OP_RESOLVEDFD, { .resfd = { { OFFSET_DATA, 0 }, { OFFSET_DATA, 4 }, @@ -386,9 +364,9 @@ START_TEST(test_op_resolvedfd_neq) { OP_END, OP_EMPTY }, }; - memcpy(&gluten.inst, &operations, sizeof(operations)); - ck_write_gluten(gluten, operations[0].op.resfd.fd, at->fd); - ck_write_gluten(gluten, operations[0].op.resfd.path, path2); + write_instr(gluten, ops); + ck_write_gluten(gluten, ops[0].op.resfd.fd, at->fd); + ck_write_gluten(gluten, ops[0].op.resfd.path, path2); ck_assert_int_eq(eval(&gluten, &req, notifyfd), 0); check_target_result(-1, 1, false); @@ -400,7 +378,7 @@ START_TEST(test_op_nr) { long nr = __NR_getpid; int jmp = 3; - struct op operations[] = { + struct op ops[] = { { OP_NR, { .nr = { { OFFSET_RO_DATA, 0 }, { OFFSET_RO_DATA, sizeof(nr) } } } }, @@ -410,9 +388,9 @@ START_TEST(test_op_nr) { OP_END, OP_EMPTY }, }; - memcpy(&gluten.inst, &operations, sizeof(operations)); - ck_write_gluten(gluten, operations[0].op.nr.nr, nr); - ck_write_gluten(gluten, operations[0].op.nr.no_match, jmp); + write_instr(gluten, ops); + ck_write_gluten(gluten, ops[0].op.nr.nr, nr); + ck_write_gluten(gluten, ops[0].op.nr.no_match, jmp); ck_assert_int_eq(eval(&gluten, &req, notifyfd), 0); check_target_result_nonegative(); } @@ -442,7 +420,7 @@ Suite *op_call_suite(void) TCase *inject, *inject_a; TCase *load, *nr, *copy; - s = suite_create("Perform operations"); + s = suite_create("Perform ops"); cont = tcase_create("op_continue"); tcase_add_checked_fixture(cont, setup_without_fd, teardown); @@ -500,12 +478,7 @@ Suite *op_call_suite(void) cmpint = tcase_create("op_cmp_int"); tcase_add_checked_fixture(cmpint, setup_without_fd, teardown); tcase_set_timeout(cmpint, timeout); - tcase_add_test(cmpint, test_op_cmp_int_eq); - tcase_add_test(cmpint, test_op_cmp_int_ne); - tcase_add_test(cmpint, test_op_cmp_int_le); - tcase_add_test(cmpint, test_op_cmp_int_lt); - tcase_add_test(cmpint, test_op_cmp_int_ge); - tcase_add_test(cmpint, test_op_cmp_int_gt); + tcase_add_loop_test(cmpint, test_op_cmp_int, 0, ARRAY_SIZE(top_cmp_int_data)); suite_add_tcase(s, cmpint); resolvedfd = tcase_create("op_resolvedfd"); |