From b2aed1dc699adbac63bd35ffb5b014384a58fb94 Mon Sep 17 00:00:00 2001 From: Alice Frosi Date: Tue, 9 May 2023 16:28:58 +0200 Subject: seitan: add check for limits to op_cmp Adding the offset limits checks and unit tests. --- operations.c | 11 +++++++++-- tests/unit/test_errors.c | 31 ++++++++++++++++++++++++++++++- 2 files changed, 39 insertions(+), 3 deletions(-) diff --git a/operations.c b/operations.c index af86568..382474c 100644 --- a/operations.c +++ b/operations.c @@ -332,12 +332,19 @@ int op_inject_a(const struct seccomp_notif *req, int notifier, struct gluten *g, int op_cmp(const struct seccomp_notif *req, int notifier, struct gluten *g, struct op_cmp *op) { - int res = memcmp(gluten_ptr(&req->data, g, op->x), - gluten_ptr(&req->data, g, op->y), op->size); + const void *px = gluten_ptr(&req->data, g, op->x); + const void *py = gluten_ptr(&req->data, g, op->y); enum op_cmp_type cmp = op->cmp; + int res; (void)notifier; + if (px == NULL || py == NULL || !check_gluten_limits(op->x, op->size) || + !check_gluten_limits(op->y, op->size)) + return -1; + + res = memcmp(px, py, op->size); + if ((res == 0 && (cmp == CMP_EQ || cmp == CMP_LE || cmp == CMP_GE)) || (res < 0 && (cmp == CMP_LT || cmp == CMP_LE)) || (res > 0 && (cmp == CMP_GT || cmp == CMP_GE)) || diff --git a/tests/unit/test_errors.c b/tests/unit/test_errors.c index ca6fcb0..06bae12 100644 --- a/tests/unit/test_errors.c +++ b/tests/unit/test_errors.c @@ -83,10 +83,33 @@ START_TEST(test_read_op_return) ck_assert_int_eq(eval(&gluten, ops, &req, notifyfd), -1); } +static struct op_cmp test_cmp_data[] = { + { { OFFSET_DATA, DATA_SIZE }, { OFFSET_DATA, 0 }, 1, CMP_EQ, 1 }, + { { OFFSET_DATA, 0 }, { OFFSET_DATA, DATA_SIZE }, 1, CMP_EQ, 1 }, + { { OFFSET_DATA, DATA_SIZE - 1 }, { OFFSET_DATA, 0 }, 10, CMP_EQ, 1 }, + { { OFFSET_DATA, 0 }, { OFFSET_DATA, DATA_SIZE - 1 }, 10, CMP_EQ, 1 }, +}; + +START_TEST(test_op_cmp) +{ + struct op ops[2]; + + ops[0].type = OP_CMP; + ops[0].op.cmp.x.offset = test_cmp_data[_i].x.offset; + ops[0].op.cmp.x.type = test_cmp_data[_i].x.type; + ops[0].op.cmp.y.offset = test_cmp_data[_i].y.offset; + ops[0].op.cmp.y.type = test_cmp_data[_i].y.type; + ops[0].op.cmp.size = test_cmp_data[_i].size; + ops[0].op.cmp.jmp = test_cmp_data[_i].jmp; + ops[1].type = OP_END; + + ck_assert_int_eq(eval(&gluten, ops, &req, notifyfd), -1); +} + Suite *error_suite(void) { Suite *s; - TCase *bounds, *gwrite, *gread; + TCase *bounds, *gwrite, *gread, *gcmp; s = suite_create("Error handling"); @@ -109,6 +132,12 @@ Suite *error_suite(void) sizeof(test_max_size_read_data[0])); suite_add_tcase(s, gread); + gcmp = tcase_create("compare gluten"); + tcase_add_checked_fixture(gcmp, setup_error_check, teardown); + tcase_add_loop_test(gcmp, test_op_cmp, 0, + sizeof(test_cmp_data) / sizeof(test_cmp_data[0])); + suite_add_tcase(s, gcmp); + return s; } -- cgit v1.2.3