lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 14 Jun 2019 20:18:16 +0800
From:   <chengzhihao1@...wei.com>
To:     <david.oberhollenzer@...ma-star.at>, <richard@....at>,
        <boris.brezillon@...tlin.com>, <david@...ma-star.at>,
        <artem.bityutskiy@...ux.intel.com>, <yi.zhang@...wei.com>
CC:     <linux-mtd@...ts.infradead.org>, <linux-kernel@...r.kernel.org>,
        <chengzhihao1@...wei.com>
Subject: [PATCH mtd-utils] ubi-tests: io_read: Filter invalid offset value before 'lseek' in io_read test

From: Zhihao Cheng <chengzhihao1@...wei.com>

There are many different offset values passed in 'lseek' during io_read
testing of ubi test. The offset value maybe a negative number or a big
number that exceeds the volume data size, which can lead to ubi tests
failure by passing invalid offset value to 'lseek'. For example:

Example 1: The data size of volume is 39525 bytes, offset = (sz) -
MAX_NAND_PAGE_SIZE - 1, where MAX_NAND_PAGE_SIZE is 65536. Here, offset
is a negative value passed to 'lseek', which leads to fail in io_read.

  ======================================================================
  ======================================================================
  ======================================================================
  Test on mtdram, fastmap enabled, VID header offset factor 1
  ======================================================================
  ======================================================================
  ======================================================================
  mtdram: 16MiB, PEB size 16KiB, fastmap enabled
  Running mkvol_basic /dev/ubi0
  Running mkvol_bad /dev/ubi0
  Running mkvol_paral /dev/ubi0
  Running rsvol /dev/ubi0
  Running io_basic /dev/ubi0
  Running io_read /dev/ubi0
  [io_basic] test_read3():189: function seek() failed with error 22
  (Invalid argument)
  [io_basic] test_read3():190: len = 1
  [io_basic] test_read2():237: offset = -26012
  [io_basic] test_read1():303: length = 1
  [io_basic] test_read():362: alignment = 7905
  Error: io_read failed
  FAILURE

Example 2: The data size of volume is 79035 bytes, offset = 2 *
MAX_NAND_PAGE_SIZE, where MAX_NAND_PAGE_SIZE is 65536. Here, offset is a
value exceeds volume size, which leads to fail in io_read.

  ======================================================================
  ======================================================================
  ======================================================================
  Test on mtdram, fastmap enabled, VID header offset factor 1
  ======================================================================
  ======================================================================
  ======================================================================
  mtdram: 16MiB, PEB size 16KiB, fastmap enabled
  Running mkvol_basic /dev/ubi0
  Running mkvol_bad /dev/ubi0
  Running mkvol_paral /dev/ubi0
  Running rsvol /dev/ubi0
  Running io_basic /dev/ubi0
  Running io_read /dev/ubi0
  [io_basic] test_read3():185: function seek() failed with error 22
  (Invalid argument)
  [io_basic] test_read3():186: len = 1
  [io_basic] test_read2():233: offset = 131072
  [io_basic] test_read1():299: length = 1
  [io_basic] test_read():358: alignment = 3
  Error: io_read failed
  FAILURE

This patch checks offset value before executing 'lseek', invalid offset
values are filtered.

----------------------------------------

Signed-off-by: Zhihao Cheng <chengzhihao1@...wei.com>
---
 tests/ubi-tests/io_read.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/ubi-tests/io_read.c b/tests/ubi-tests/io_read.c
index 3100ef1..f944a86 100644
--- a/tests/ubi-tests/io_read.c
+++ b/tests/ubi-tests/io_read.c
@@ -228,6 +228,10 @@ static int test_read2(const struct ubi_vol_info *vol_info, int len)
 				  vol_info->data_bytes);
 
 	for (i = 0; i < sizeof(offsets)/sizeof(off_t); i++) {
+		/* Filter invalid offset value */
+		if (offsets[i] < 0 || offsets[i] > vol_info->data_bytes)
+			continue;
+
 		if (test_read3(vol_info, len, offsets[i])) {
 			errorm("offset = %d", offsets[i]);
 			return -1;
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ