Regression test for reads past the end of a packet (out of bounds reads).

Those should abort the bpf program.

The test currently fails (out of bound reads silently return zeros), but
succeeds if lo0 is replaced by an Ethernet interface and 127.0.0.1 by an
address reachable through it.

A fix is being worked on.

Approved by martin.
This commit is contained in:
pavel 2006-03-24 13:54:58 +00:00
parent 55e54105e0
commit 02a38a5320
3 changed files with 43 additions and 2 deletions

View File

@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.2 2005/12/25 22:07:01 rpaulo Exp $ # $NetBSD: Makefile,v 1.3 2006/03/24 13:54:58 pavel Exp $
.include <bsd.own.mk> .include <bsd.own.mk>
SUBDIR= interface SUBDIR= interface out-of-bounds
.include <bsd.subdir.mk> .include <bsd.subdir.mk>

View File

@ -0,0 +1,13 @@
# $NetBSD: Makefile,v 1.1 2006/03/24 13:54:58 pavel Exp $
.ifdef REGRESS_LOG
regress:
@echo sys/net/bpf/out-of-bounds out-of-bounds \
`./out-of-bounds.sh` | tee ${REGRESS_LOG} ; true
.else
regress:
@echo sys/net/bpf/out-of-bounds out-of-bounds \
`./out-of-bounds.sh`; true
.endif
.include <bsd.prog.mk>

View File

@ -0,0 +1,28 @@
#!/bin/sh
# an out-of-bounds read in the BPF expression should exit the bpf program,
# regardless of other expressions. Pass an expression to tcpdump which
# performs an out-of-bound read and ping with a packet which would cause
# the expression to succeed if the out-of-bounds read is not handled.
# exit status: 0 - pass, 1 - fail, 2 - skip
IFACE=${IFACE:-lo0}
ADDR=${ADDR:-127.0.0.1}
tcpdump -c1 -np -i $IFACE \( link[34000:2]=0 or icmp \) and ip[36:2]=0xcafe > /dev/null &
TCPDUMP_PID=$!
sleep 1
if ! kill -0 $TCPDUMP_PID > /dev/null 2>&1 ; then
echo "SKIPPED tcpdump exited - are you root?"; exit 2;
fi
if ! ping -c1 -p cafe $ADDR > /dev/null 2>&1 ; then
echo "SKIPPED not able to ping localhost";
kill $TCPDUMP_PID > /dev/null 2>&1 ; exit 2;
fi
sleep 2
if ! kill $TCPDUMP_PID > /dev/null 2>&1; then
echo "FAILED"; exit 1;
fi
wait $TCPDUMP_PID; echo "PASSED"; exit 0;