lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240327120036.233641-2-mic@digikod.net>
Date: Wed, 27 Mar 2024 13:00:34 +0100
From: Mickaël Salaün <mic@...ikod.net>
To: Paul Moore <paul@...l-moore.com>
Cc: Mickaël Salaün <mic@...ikod.net>,
	linux-security-module@...r.kernel.org,
	netdev@...r.kernel.org,
	Eric Dumazet <edumazet@...gle.com>,
	Günther Noack <gnoack@...gle.com>,
	Ivanov Mikhail <ivanov.mikhail1@...wei-partners.com>,
	Konstantin Meskhidze <konstantin.meskhidze@...wei.com>,
	"Serge E . Hallyn" <serge@...lyn.com>
Subject: [PATCH v1 2/2] selftests/landlock: Improve AF_UNSPEC tests

Test that an IPv6 socket requested to be binded with AF_UNSPEC returns
-EAFNOSUPPORT if the sockaddr length is valid.

Cc: Eric Dumazet <edumazet@...gle.com>
Cc: Günther Noack <gnoack@...gle.com>
Cc: Ivanov Mikhail <ivanov.mikhail1@...wei-partners.com>
Cc: Konstantin Meskhidze <konstantin.meskhidze@...wei.com>
Cc: Paul Moore <paul@...l-moore.com>
Cc: Serge E. Hallyn <serge@...lyn.com>
Signed-off-by: Mickaël Salaün <mic@...ikod.net>
---
 tools/testing/selftests/landlock/net_test.c | 37 +++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/tools/testing/selftests/landlock/net_test.c b/tools/testing/selftests/landlock/net_test.c
index f21cfbbc3638..f15cf565f856 100644
--- a/tools/testing/selftests/landlock/net_test.c
+++ b/tools/testing/selftests/landlock/net_test.c
@@ -673,6 +673,7 @@ TEST_F(protocol, bind_unspec)
 		.port = self->srv0.port,
 	};
 	int bind_fd, ret;
+	socklen_t inet_len, inet6_len, unix_len;
 
 	if (variant->sandbox == TCP_SANDBOX) {
 		const int ruleset_fd = landlock_create_ruleset(
@@ -736,12 +737,48 @@ TEST_F(protocol, bind_unspec)
 	if (variant->prot.domain == AF_INET) {
 		EXPECT_EQ(-EAFNOSUPPORT, ret);
 	} else {
+		/* The sockaddr length is less than SIN6_LEN_RFC2133. */
 		EXPECT_EQ(-EINVAL, ret)
 		{
 			TH_LOG("Wrong bind error: %s", strerror(errno));
 		}
 	}
 	EXPECT_EQ(0, close(bind_fd));
+
+	/* Stores the minimal sockaddr lengths per family. */
+	self->unspec_srv0.protocol.domain = AF_INET;
+	inet_len = get_addrlen(&self->unspec_srv0, true);
+	self->unspec_srv0.protocol.domain = AF_INET6;
+	inet6_len = get_addrlen(&self->unspec_srv0, true);
+	self->unspec_srv0.protocol.domain = AF_UNIX;
+	unix_len = get_addrlen(&self->unspec_srv0, true);
+	self->unspec_srv0.protocol.domain = AF_UNSPEC;
+
+	/* Checks bind with AF_UNSPEC and less than IPv4 sockaddr length. */
+	bind_fd = socket_variant(&self->srv0);
+	ASSERT_LE(0, bind_fd);
+	ret = bind_variant_addrlen(bind_fd, &self->unspec_srv0, inet_len - 1);
+	EXPECT_EQ(-EINVAL, ret);
+	EXPECT_EQ(0, close(bind_fd));
+
+	/* Checks bind with AF_UNSPEC and IPv6 sockaddr length. */
+	bind_fd = socket_variant(&self->srv0);
+	ASSERT_LE(0, bind_fd);
+	ret = bind_variant_addrlen(bind_fd, &self->unspec_srv0, inet6_len);
+	if (variant->prot.domain == AF_INET ||
+	    variant->prot.domain == AF_INET6) {
+		EXPECT_EQ(-EAFNOSUPPORT, ret);
+	} else {
+		EXPECT_EQ(-EINVAL, ret);
+	}
+	EXPECT_EQ(0, close(bind_fd));
+
+	/* Checks bind with AF_UNSPEC and unix sockaddr length. */
+	bind_fd = socket_variant(&self->srv0);
+	ASSERT_LE(0, bind_fd);
+	ret = bind_variant_addrlen(bind_fd, &self->unspec_srv0, unix_len);
+	EXPECT_EQ(-EINVAL, ret);
+	EXPECT_EQ(0, close(bind_fd));
 }
 
 TEST_F(protocol, connect_unspec)
-- 
2.44.0


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ