| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABRcYm+6TYKhbGZY4y=vdeoG15EVfAPcV-8bo7ugomoNZ6F1tA@mail.gmail.com>
Date: Fri, 16 Apr 2021 13:43:04 +0200
From: Florent Revest <revest@...omium.org>
To: Andrii Nakryiko <andrii.nakryiko@...il.com>
Cc: bpf <bpf@...r.kernel.org>, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Yonghong Song <yhs@...com>, KP Singh <kpsingh@...nel.org>,
Brendan Jackman <jackmanb@...omium.org>,
open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH bpf-next v4 6/6] selftests/bpf: Add a series of tests for bpf_snprintf
On Fri, Apr 16, 2021 at 1:20 AM Andrii Nakryiko
<andrii.nakryiko@...il.com> wrote:
>
> On Wed, Apr 14, 2021 at 11:54 AM Florent Revest <revest@...omium.org> wrote:
> > +/* Loads an eBPF object calling bpf_snprintf with up to 10 characters of fmt */
> > +static int load_single_snprintf(char *fmt)
> > +{
> > + struct test_snprintf_single *skel;
> > + int ret;
> > +
> > + skel = test_snprintf_single__open();
> > + if (!skel)
> > + return -EINVAL;
> > +
> > + memcpy(skel->rodata->fmt, fmt, min(strlen(fmt) + 1, 10));
> > +
> > + ret = test_snprintf_single__load(skel);
> > + if (!ret)
> > + test_snprintf_single__destroy(skel);
>
> destroy unconditionally?
sweet!
> > +void test_snprintf_negative(void)
> > +{
> > + ASSERT_OK(load_single_snprintf("valid %d"), "valid usage");
> > +
> > + ASSERT_ERR(load_single_snprintf("0123456789"), "no terminating zero");
> > + ASSERT_ERR(load_single_snprintf("%d %d"), "too many specifiers");
> > + ASSERT_ERR(load_single_snprintf("%pi5"), "invalid specifier 1");
> > + ASSERT_ERR(load_single_snprintf("%a"), "invalid specifier 2");
> > + ASSERT_ERR(load_single_snprintf("%"), "invalid specifier 3");
> > + ASSERT_ERR(load_single_snprintf("\x80"), "non ascii character");
> > + ASSERT_ERR(load_single_snprintf("\x1"), "non printable character");
>
> Some more cases that came up in my mind:
>
> 1. %123987129387192387 -- long and unterminated specified
> 2. similarly %------- or something like that
>
> Do you think they are worth checking?
well, it doesn't hurt :) and it's very easy to add so no problem
> > +++ b/tools/testing/selftests/bpf/progs/test_snprintf_single.c
> > @@ -0,0 +1,20 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/* Copyright (c) 2021 Google LLC. */
> > +
> > +#include <linux/bpf.h>
> > +#include <bpf/bpf_helpers.h>
> > +
> > +// The format string is filled from the userspace side such that loading fails
>
> C++ style format
Oopsie
Powered by blists - more mailing lists