Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move common ASAN test case code into asan_common.subr 

Reviewed by <kamil>
This commit is contained in:
mgorny 2019-01-29 19:56:37 +00:00
parent 437f8bba08
commit bf6dc715c6
8 changed files with 247 additions and 1112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
tests/usr.bin/cc/Makefile
View File

@ -1,16 +1,19 @@
# $NetBSD: Makefile,v 1.4 2018/05/02 18:46:05 kamil Exp $ # $NetBSD: Makefile,v 1.5 2019/01/29 19:56:37 mgorny Exp $
.include <bsd.own.mk> .include <bsd.own.mk>
TESTSDIR= ${TESTSBASE}/usr.bin/cc TESTSDIR= ${TESTSBASE}/usr.bin/cc
ASAN_TESTS= #
ASAN_TESTS+= t_asan_double_free
ASAN_TESTS+= t_asan_global_buffer_overflow
ASAN_TESTS+= t_asan_heap_overflow
ASAN_TESTS+= t_asan_off_by_one
ASAN_TESTS+= t_asan_poison
ASAN_TESTS+= t_asan_uaf
TESTS_SH= # TESTS_SH= #
TESTS_SH+= t_asan_double_free TESTS_SH+= $(ASAN_TESTS)
TESTS_SH+= t_asan_global_buffer_overflow
TESTS_SH+= t_asan_heap_overflow
TESTS_SH+= t_asan_off_by_one
TESTS_SH+= t_asan_poison
TESTS_SH+= t_asan_uaf
TESTS_SH+= t_ubsan_int_add_overflow TESTS_SH+= t_ubsan_int_add_overflow
TESTS_SH+= t_ubsan_int_sub_overflow TESTS_SH+= t_ubsan_int_sub_overflow
TESTS_SH+= t_ubsan_int_neg_overflow TESTS_SH+= t_ubsan_int_neg_overflow
@ -18,4 +21,8 @@ TESTS_SH+= t_ubsan_int_divzero
TESTS_SH+= t_ubsan_vla_out_of_bounds TESTS_SH+= t_ubsan_vla_out_of_bounds
TESTS_SH+= t_hello TESTS_SH+= t_hello
.for test in ${ASAN_TESTS}
TESTS_SH_SRC_${test}= asan_common.subr ${test}.sh
.endfor
.include <bsd.test.mk> .include <bsd.test.mk>

168
tests/usr.bin/cc/asan_common.subr Normal file
View File

@ -0,0 +1,168 @@
# $NetBSD: asan_common.subr,v 1.1 2019/01/29 19:56:37 mgorny Exp $
#
# Copyright (c) 2018, 2019 The NetBSD Foundation, Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
SUPPORT='n'
test_target() {
if uname -m | grep -q "amd64"; then
SUPPORT='y'
fi
if uname -m | grep -q "i386"; then
SUPPORT='y'
fi
}
atf_test_case target_not_supported
target_not_supported_head()
{
atf_set "descr" "Test forced skip"
}
target_not_supported_body()
{
atf_skip "Target is not supported"
}
# Add a new test case, with head & body.
# asan_test_case <test-name> <description> <check-output>
asan_test_case() {
atf_test_case "$1"
eval "$1_head() {
atf_set 'descr' 'compile and run \"$2\"'
atf_set 'require.progs' 'cc paxctl'
}"
atf_test_case "$1_profile"
eval "$1_head() {
atf_set 'descr' 'compile and run \"$2\" with profiling option'
atf_set 'require.progs' 'cc paxctl'
}"
atf_test_case "$1_pic"
eval "$1_head() {
atf_set 'descr' 'compile and run PIC \"$2\"'
atf_set 'require.progs' 'cc paxctl'
}"
atf_test_case "$1_pie"
eval "$1_head() {
atf_set 'descr' 'compile and run position independent (PIE) \"$2\"'
atf_set 'require.progs' 'cc paxctl'
}"
atf_test_case "${1}32"
eval "$1_head() {
atf_set 'descr' 'compile and run \"$2\" for/in netbsd32 emulation'
atf_set 'require.progs' 'cc paxctl file diff cat'
}"
eval "$1_body() {
echo \"\$ASAN_CODE\" > test.c
cc -fsanitize=address -o test test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:'CHECK\n' -e match:'$3' ./test
}
$1_profile_body() {
echo \"\$ASAN_CODE\" > test.c
cc -fsanitize=address -o test -pg test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:'CHECK\n' -e match:'$3' ./test
}
$1_pic_body() {
echo \"\$ASAN_CODE\" > test.c
cc -DPIC_FOO -fsanitize=address -fPIC -shared -o libtest.so test.c
cc -DPIC_MAIN -o test test.c -fsanitize=address -L. -ltest
paxctl +a test
export LD_LIBRARY_PATH=.
atf_check -s not-exit:0 -o not-match:'CHECK\n' -e match:'$3' ./test
}
$1_pie_body() {
# check whether this arch supports -pice
if ! cc -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then
atf_set_skip 'cc -pie not supported on this architecture'
fi
echo \"\$ASAN_CODE\" > test.c
cc -fsanitize=address -o test -fpie -pie test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:'CHECK\n' -e match:'$3' ./test
}
${1}32_body() {
# check whether this arch is 64bit
if ! cc -dM -E - < /dev/null | fgrep -q _LP64; then
atf_skip 'this is not a 64 bit architecture'
fi
if ! cc -m32 -dM -E - < /dev/null 2>/dev/null > ./def32; then
atf_skip 'cc -m32 not supported on this architecture'
else
if fgrep -q _LP64 ./def32; then
atf_fail 'cc -m32 does not generate netbsd32 binaries'
fi
fi
echo \"\$ASAN_CODE\" > test.c
cc -fsanitize=address -o df32 -m32 test.c
cc -fsanitize=address -o df64 test.c
file -b ./df32 > ./ftype32
file -b ./df64 > ./ftype64
if diff ./ftype32 ./ftype64 >/dev/null; then
atf_fail 'generated binaries do not differ'
fi
echo '32bit binaries on this platform are:'
cat ./ftype32
echo 'While native (64bit) binaries are:'
cat ./ftype64
paxctl +a df32
atf_check -s not-exit:0 -o not-match:'CHECK\n' -e match:'$3' ./df32
# and another test with profile 32bit binaries
cc -fsanitize=address -o test -pg -m32 test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:'CHECK\n' -e match:'$3' ./test
}"
}
asan_add_test_cases() {
test_target
test $SUPPORT = 'n' && {
atf_add_test_case target_not_supported
return 0
}
atf_add_test_case "$1"
# atf_add_test_case "$1_profile"
atf_add_test_case "$1_pic"
atf_add_test_case "$1_pie"
# atf_add_test_case "${1}32"
# static option not supported
# -static and -fsanitize=address can't be used together for compilation
# (gcc version 5.4.0 and clang 7.1) tested on April 2nd 2018.
}

184
tests/usr.bin/cc/t_asan_double_free.sh
View File

@ -1,6 +1,6 @@
# $NetBSD: t_asan_double_free.sh,v 1.2 2018/07/16 07:25:58 kamil Exp $ # $NetBSD: t_asan_double_free.sh,v 1.3 2019/01/29 19:56:37 mgorny Exp $
# #
# Copyright (c) 2018 The NetBSD Foundation, Inc. # Copyright (c) 2018, 2019 The NetBSD Foundation, Inc.
# All rights reserved. # All rights reserved.
# #
# This code is derived from software contributed to The NetBSD Foundation # This code is derived from software contributed to The NetBSD Foundation
@ -28,184 +28,22 @@
# POSSIBILITY OF SUCH DAMAGE. # POSSIBILITY OF SUCH DAMAGE.
# #
SUPPORT='n' ASAN_CODE='
test_target() {
if uname -m | grep -q "amd64"; then
SUPPORT='y'
fi
if uname -m | grep -q "i386"; then
SUPPORT='y'
fi
}
atf_test_case double_free
double_free_head() {
atf_set "descr" "compile and run \"Double Free example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case double_free_profile
double_free_profile_head() {
atf_set "descr" "compile and run \"Double Free example\" with profiling option"
atf_set "require.progs" "cc paxctl"
}
atf_test_case double_free_pic
double_free_pic_head() {
atf_set "descr" "compile and run PIC \"Double Free example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case double_free_pie
double_free_pie_head() {
atf_set "descr" "compile and run position independent (PIE) \"Double Free example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case double_free32
double_free32_head() {
atf_set "descr" "compile and run \"Double Free example\" for/in netbsd32 emulation"
atf_set "require.progs" "cc paxctl file diff cat"
}
atf_test_case target_not_supported
target_not_supported_head()
{
atf_set "descr" "Test forced skip"
}
double_free_body() {
cat > test.c << EOF
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
void foo(int);
#ifndef PIC_MAIN
void foo(int index) { char *x = (char*)malloc(10 * sizeof(char)); memset(x, 0, 10); free(x); free(x - index); } void foo(int index) { char *x = (char*)malloc(10 * sizeof(char)); memset(x, 0, 10); free(x); free(x - index); }
#endif
#ifndef PIC_FOO
int main(int argc, char **argv) { foo(argc - 1); printf("CHECK\n"); exit(0); } int main(int argc, char **argv) { foo(argc - 1); printf("CHECK\n"); exit(0); }
EOF #endif
cc -fsanitize=address -o test test.c '
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"double-free" ./test
}
double_free_profile_body() { asan_test_case double_free "Double Free example" double-free
cat > test.c << EOF
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
void foo(int index) { char *x = (char*)malloc(10 * sizeof(char)); memset(x, 0, 10); free(x); free(x - index); }
int main(int argc, char **argv) { foo(argc - 1); printf("CHECK\n"); exit(0); }
EOF
cc -fsanitize=address -o test -pg test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"double-free" ./test
}
double_free_pic_body() {
cat > test.c << EOF
#include <stdlib.h>
#include <stdio.h>
#include <stdio.h>
int foo(int);
void main(int argc, char **argv) {foo(argc - 1); printf("CHECK\n"); exit(0);}
EOF
cat > pic.c << EOF
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
void foo(int index) { char *x = (char*)malloc(10 * sizeof(char)); memset(x, 0, 10); free(x); free(x - index); }
EOF
cc -fsanitize=address -fPIC -shared -o libtest.so pic.c
cc -o test test.c -fsanitize=address -L. -ltest
paxctl +a test
export LD_LIBRARY_PATH=.
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"double-free" ./test
}
double_free_pie_body() {
# check whether this arch supports -pice
if ! cc -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then
atf_set_skip "cc -pie not supported on this architecture"
fi
cat > test.c << EOF
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
void foo(int index) { char *x = (char*)malloc(10 * sizeof(char)); memset(x, 0, 10); free(x); free(x - index); }
int main(int argc, char **argv) { foo(argc - 1); printf("CHECK\n"); exit(0); }
EOF
cc -fsanitize=address -o test -fpie -pie test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"double-free" ./test
}
double_free32_body() {
# check whether this arch is 64bit
if ! cc -dM -E - < /dev/null | fgrep -q _LP64; then
atf_skip "this is not a 64 bit architecture"
fi
if ! cc -m32 -dM -E - < /dev/null 2>/dev/null > ./def32; then
atf_skip "cc -m32 not supported on this architecture"
else
if fgrep -q _LP64 ./def32; then
atf_fail "cc -m32 does not generate netbsd32 binaries"
fi
fi
cat > test.c << EOF
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
void foo(int index) { char *x = (char*)malloc(10 * sizeof(char)); memset(x, 0, 10); free(x); free(x - index); }
int main(int argc, char **argv) { foo(argc - 1); printf("CHECK\n"); exit(0); }
EOF
cc -fsanitize=address -o df32 -m32 test.c
cc -fsanitize=address -o df64 test.c
file -b ./df32 > ./ftype32
file -b ./df64 > ./ftype64
if diff ./ftype32 ./ftype64 >/dev/null; then
atf_fail "generated binaries do not differ"
fi
echo "32bit binaries on this platform are:"
cat ./ftype32
echo "While native (64bit) binaries are:"
cat ./ftype64
paxctl +a df32
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"double-free" ./df32
# and another test with profile 32bit binaries
cat > test.c << EOF
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
void foo(int index) { char *x = (char*)malloc(10 * sizeof(char)); memset(x, 0, 10); free(x); free(x - index); }
int main(int argc, char **argv) { foo(argc - 1); printf("CHECK\n"); exit(0); }
EOF
cc -fsanitize=address -o test -pg -m32 test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"double-free" ./test
}
target_not_supported_body()
{
atf_skip "Target is not supported"
}
atf_init_test_cases() atf_init_test_cases()
{ {
test_target asan_add_test_cases double_free
test $SUPPORT = 'n' && {
atf_add_test_case target_not_supported
return 0
}
atf_add_test_case double_free
# atf_add_test_case double_free_profile
atf_add_test_case double_free_pic
atf_add_test_case double_free_pie
# atf_add_test_case double_free32
# static option not supported
# -static and -fsanitize=address can't be used together for compilation
# (gcc version 5.4.0 and clang 7.1) tested on April 2nd 2018.
} }

185
tests/usr.bin/cc/t_asan_global_buffer_overflow.sh
View File

@ -1,6 +1,6 @@
# $NetBSD: t_asan_global_buffer_overflow.sh,v 1.2 2018/07/16 07:25:58 kamil Exp $ # $NetBSD: t_asan_global_buffer_overflow.sh,v 1.3 2019/01/29 19:56:37 mgorny Exp $
# #
# Copyright (c) 2018 The NetBSD Foundation, Inc. # Copyright (c) 2018, 2019 The NetBSD Foundation, Inc.
# All rights reserved. # All rights reserved.
# #
# This code is derived from software contributed to The NetBSD Foundation # This code is derived from software contributed to The NetBSD Foundation
@ -28,184 +28,23 @@
# POSSIBILITY OF SUCH DAMAGE. # POSSIBILITY OF SUCH DAMAGE.
# #
SUPPORT='n' ASAN_CODE='
test_target() {
if uname -m | grep -q "amd64"; then
SUPPORT='y'
fi
if uname -m | grep -q "i386"; then
SUPPORT='y'
fi
}
atf_test_case global_buffer_overflow
global_buffer_overflow_head() {
atf_set "descr" "compile and run \"Global Buffer Overflow example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case global_buffer_overflow_profile
global_buffer_overflow_profile_head() {
atf_set "descr" "compile and run \"Global Buffer Overflow example\" with profiling option"
atf_set "require.progs" "cc paxctl"
}
atf_test_case global_buffer_overflow_pic
global_buffer_overflow_pic_head() {
atf_set "descr" "compile and run PIC \"Global Buffer Overflow example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case global_buffer_overflow_pie
global_buffer_overflow_pie_head() {
atf_set "descr" "compile and run position independent (PIE) \"Global Buffer Overflow example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case global_buffer_overflow32
global_buffer_overflow32_head() {
atf_set "descr" "compile and run \"Global Buffer Overflow example\" for/in netbsd32 emulation"
atf_set "require.progs" "cc paxctl file diff cat"
}
atf_test_case target_not_supported
target_not_supported_head()
{
atf_set "descr" "Test forced skip"
}
global_buffer_overflow_body() {
cat > test.c << EOF
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
int arr[5] = {-1}; int arr[5] = {-1};
void foo(int index) { arr[index] = 0; }
void main(int argc, char **argv) {foo(argc + 5); printf("CHECK\n"); exit(0);}
EOF
cc -fsanitize=address -o test test.c
paxctl -a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"global-buffer-overflow" ./test
}
global_buffer_overflow_profile_body() {
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
int arr[5] = {-1};
void foo(int index) { arr[index] = 0; }
void main(int argc, char **argv) {foo(argc + 5); printf("CHECK\n"); exit(0);}
EOF
cc -fsanitize=address -o test -pg test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"global-buffer-overflow" ./test
}
global_buffer_overflow_pic_body() {
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
void foo(int); void foo(int);
void main(int argc, char **argv) {foo(argc + 5); printf("CHECK\n"); exit(0);} #ifndef PIC_MAIN
EOF
cat > pic.c << EOF
#include <stdio.h>
#include <stdlib.h>
int arr[5] = {-1};
void foo(int index) { arr[index] = 0; } void foo(int index) { arr[index] = 0; }
EOF #endif
#ifndef PIC_FOO
int main(int argc, char **argv) {foo(argc + 5); printf("CHECK\n"); exit(0);}
#endif
'
cc -fPIC -fsanitize=address -shared -o libtest.so pic.c asan_test_case global_buffer_overflow "Global Buffer Overflow example" \
cc -o test test.c -fsanitize=address -L. -ltest global-buffer-overflow
paxctl +a test
export LD_LIBRARY_PATH=.
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"global-buffer-overflow" ./test
}
global_buffer_overflow_pie_body() {
# check whether this arch supports -pice
if ! cc -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then
atf_set_skip "cc -pie not supported on this architecture"
fi
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
int arr[5] = {-1};
void foo(int index) { arr[index] = 0; }
void main(int argc, char **argv) {foo(argc + 5); printf("CHECK\n"); exit(0);}
EOF
cc -fsanitize=address -fpie -pie -o test test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"global-buffer-overflow" ./test
}
global_buffer_overflow32_body() {
# check whether this arch is 64bit
if ! cc -dM -E - < /dev/null | fgrep -q _LP64; then
atf_skip "this is not a 64 bit architecture"
fi
if ! cc -m32 -dM -E - < /dev/null 2>/dev/null > ./def32; then
atf_skip "cc -m32 not supported on this architecture"
else
if fgrep -q _LP64 ./def32; then
atf_fail "cc -m32 does not generate netbsd32 binaries"
fi
fi
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
int arr[5] = {-1};
void foo(int index) { arr[index] = 0; }
void main(int argc, char **argv) {foo(argc + 5); printf("CHECK\n"); exit(0);}
EOF
cc -fsanitize=address -o gbof32 -m32 test.c
cc -fsanitize=address -o gbof64 test.c
file -b ./gbof32 > ./ftype32
file -b ./gbof64 > ./ftype64
if diff ./ftype32 ./ftype64 >/dev/null; then
atf_fail "generated binaries do not differ"
fi
echo "32bit binaries on this platform are:"
cat ./ftype32
echo "While native (64bit) binaries are:"
cat ./ftype64
paxctl +a gbof32
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"global-buffer-overflow" ./gbof32
# and another test with profile 32bit binaries
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
int arr[5] = {-1};
void foo(int index) { arr[index] = 0; }
void main(int argc, char **argv) {foo(argc + 5); printf("CHECK\n"); exit(0);}
EOF
cc -o test -m32 -fsanitize=address -pg test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"global-buffer-overflow" ./test
}
target_not_supported_body()
{
atf_skip "Target is not supported"
}
atf_init_test_cases() atf_init_test_cases()
{ {
test_target asan_add_test_cases global_buffer_overflow
test $SUPPORT = 'n' && {
atf_add_test_case target_not_supported
return 0
}
atf_add_test_case global_buffer_overflow
# atf_add_test_case global_buffer_overflow_profile
atf_add_test_case global_buffer_overflow_pic
atf_add_test_case global_buffer_overflow_pie
# atf_add_test_case global_buffer_overflow32
# static option not supported
# -static and -fsanitize=address can't be used together for compilation
# (gcc version 5.4.0 and clang 7.1) tested on April 2nd 2018.
} }

183
tests/usr.bin/cc/t_asan_heap_overflow.sh
View File

@ -1,6 +1,6 @@
# $NetBSD: t_asan_heap_overflow.sh,v 1.2 2018/07/16 07:25:58 kamil Exp $ # $NetBSD: t_asan_heap_overflow.sh,v 1.3 2019/01/29 19:56:37 mgorny Exp $
# #
# Copyright (c) 2018 The NetBSD Foundation, Inc. # Copyright (c) 2018, 2019 The NetBSD Foundation, Inc.
# All rights reserved. # All rights reserved.
# #
# This code is derived from software contributed to The NetBSD Foundation # This code is derived from software contributed to The NetBSD Foundation
@ -28,185 +28,22 @@
# POSSIBILITY OF SUCH DAMAGE. # POSSIBILITY OF SUCH DAMAGE.
# #
SUPPORT='n' ASAN_CODE='
test_target() {
if uname -m | grep -q "amd64"; then
SUPPORT='y'
fi
if uname -m | grep -q "i386"; then
SUPPORT='y'
fi
}
atf_test_case heap_overflow
heap_overflow_head() {
atf_set "descr" "compile and run \"Heap Overflow example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case heap_overflow_profile
heap_overflow_profile_head() {
atf_set "descr" "compile and run \"Heap Overflow example\" with profiling option"
atf_set "require.progs" "cc paxctl"
}
atf_test_case heap_overflow_pic
heap_overflow_pic_head() {
atf_set "descr" "compile and run PIC \"Heap Overflow example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case heap_overflow_pie
heap_overflow_pie_head() {
atf_set "descr" "compile and run position independent (PIE) \"Heap Overflow example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case heap_overflow32
heap_overflow32_head() {
atf_set "descr" "compile and run \"Heap Overflow example\" for/in netbsd32 emulation"
atf_set "require.progs" "cc paxctl file diff cat"
}
atf_test_case target_not_supported
target_not_supported_head()
{
atf_set "descr" "Test forced skip"
}
heap_overflow_body() {
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int foo(int index) { int *x = (int *)malloc(20); int res = x[index * 4]; free(x); return res;}
int main(int argc, char **argv) {foo(argc + 19); printf("CHECK\n"); exit(0);}
EOF
cc -fsanitize=address -o test test.c
paxctl -a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-buffer-overflow" ./test
}
heap_overflow_profile_body() {
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int foo(int index) { int *x = (int *)malloc(20); int res = x[index * 4]; free(x); return res;}
int main(int argc, char **argv) {foo(argc + 19); printf("CHECK\n"); exit(0);}
EOF
cc -fsanitize=address -o test -pg test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-buffer-overflow" ./test
}
heap_overflow_pic_body() {
cat > test.c << EOF
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
int foo(int); int foo(int);
int main(int argc, char **argv) {foo(argc + 19); printf("CHECK\n"); exit(0);} #ifndef PIC_MAIN
EOF
cat > pic.c << EOF
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int foo(int index) { int *x = (int *)malloc(20); int res = x[index * 4]; free(x); return res;}
EOF
cc -fPIC -fsanitize=address -shared -o libtest.so pic.c
cc -o test test.c -fsanitize=address -L. -ltest
paxctl +a test
export LD_LIBRARY_PATH=.
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-buffer-overflow" ./test
}
heap_overflow_pie_body() {
# check whether this arch supports -pice
if ! cc -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then
atf_set_skip "cc -pie not supported on this architecture"
fi
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int foo(int index) { int *x = (int *)malloc(20); int res = x[index * 4]; free(x); return res;} int foo(int index) { int *x = (int *)malloc(20); int res = x[index * 4]; free(x); return res;}
#endif
#ifndef PIC_FOO
int main(int argc, char **argv) {foo(argc + 19); printf("CHECK\n"); exit(0);} int main(int argc, char **argv) {foo(argc + 19); printf("CHECK\n"); exit(0);}
EOF #endif
cc -fsanitize=address -fpie -pie -o test test.c '
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-buffer-overflow" ./test
}
heap_overflow32_body() { asan_test_case heap_overflow "Heap Overflow example" heap-buffer-overflow
# check whether this arch is 64bit
if ! cc -dM -E - < /dev/null | fgrep -q _LP64; then
atf_skip "this is not a 64 bit architecture"
fi
if ! cc -m32 -dM -E - < /dev/null 2>/dev/null > ./def32; then
atf_skip "cc -m32 not supported on this architecture"
else
if fgrep -q _LP64 ./def32; then
atf_fail "cc -m32 does not generate netbsd32 binaries"
fi
fi
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int foo(int index) { int *x = (int *)malloc(20); int res = x[index * 4]; free(x); return res;}
int main(int argc, char **argv) {foo(argc + 19); printf("CHECK\n"); exit(0);}
EOF
cc -fsanitize=address -o ho32 -m32 test.c
cc -fsanitize=address -o ho64 test.c
file -b ./ho32 > ./ftype32
file -b ./ho64 > ./ftype64
if diff ./ftype32 ./ftype64 >/dev/null; then
atf_fail "generated binaries do not differ"
fi
echo "32bit binaries on this platform are:"
cat ./ftype32
echo "While native (64bit) binaries are:"
cat ./ftype64
paxctl +a ho32
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-buffer-overflow" ./ho32
# and another test with profile 32bit binaries
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int foo(int index) { int *x = (int *)malloc(20); int res = x[index * 4]; free(x); return res;}
int main(int argc, char **argv) {foo(argc + 19); printf("CHECK\n"); exit(0);}
EOF
cc -o test -m32 -fsanitize=address -pg test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-buffer-overflow" ./test
}
target_not_supported_body()
{
atf_skip "Target is not supported"
}
atf_init_test_cases() atf_init_test_cases()
{ {
test_target asan_add_test_cases heap_overflow
test $SUPPORT = 'n' && {
atf_add_test_case target_not_supported
return 0
}
atf_add_test_case heap_overflow
# atf_add_test_case heap_overflow_profile
atf_add_test_case heap_overflow_pic
atf_add_test_case heap_overflow_pie
# atf_add_test_case heap_overflow32
# static option not supported
# -static and -fsanitize=address can't be used together for compilation
# (gcc version 5.4.0 and clang 7.1) tested on April 2nd 2018.
} }

202
tests/usr.bin/cc/t_asan_off_by_one.sh
View File

@ -1,6 +1,6 @@
# $NetBSD: t_asan_off_by_one.sh,v 1.2 2018/07/16 07:25:58 kamil Exp $ # $NetBSD: t_asan_off_by_one.sh,v 1.3 2019/01/29 19:56:37 mgorny Exp $
# #
# Copyright (c) 2018 The NetBSD Foundation, Inc. # Copyright (c) 2018, 2019 The NetBSD Foundation, Inc.
# All rights reserved. # All rights reserved.
# #
# This code is derived from software contributed to The NetBSD Foundation # This code is derived from software contributed to The NetBSD Foundation
@ -28,206 +28,26 @@
# POSSIBILITY OF SUCH DAMAGE. # POSSIBILITY OF SUCH DAMAGE.
# #
SUPPORT='n' ASAN_CODE='
test_target() {
if uname -m | grep -q "amd64"; then
SUPPORT='y'
fi
if uname -m | grep -q "i386"; then
SUPPORT='y'
fi
}
atf_test_case off_by_one
off_by_one_head() {
atf_set "descr" "compile and run \"Off by one example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case off_by_one_profile
off_by_one_profile_head() {
atf_set "descr" "compile and run \"Off by one example\" with profiling option"
atf_set "require.progs" "cc paxctl"
}
atf_test_case off_by_one_pic
off_by_one_pic_head() {
atf_set "descr" "compile and run PIC \"Off by one example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case off_by_one_pie
off_by_one_pie_head() {
atf_set "descr" "compile and run position independent (PIE) \"Off by one example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case off_by_one32
off_by_one32_head() {
atf_set "descr" "compile and run \"Off by one example\" for/in netbsd32 emulation"
atf_set "require.progs" "cc paxctl file diff cat"
}
atf_test_case target_not_supported
target_not_supported_head()
{
atf_set "descr" "Test forced skip"
}
off_by_one_body() {
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
void foo() {
int arr[5];
for (int i = 0; i <= 5 ; i++) {
arr[i] = 0;
}
}
void main() {foo(); printf("CHECK\n"); exit(0);}
EOF
cc -fsanitize=address -o test test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"stack-buffer-overflow" ./test
}
off_by_one_profile_body() {
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
void foo() {
int arr[5];
for (int i = 0; i <= 5 ; i++) {
arr[i] = 0;
}
}
void main() {foo(); printf("CHECK\n"); exit(0);}
EOF
cc -fsanitize=address -o test -pg test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"stack-buffer-overflow" ./test
}
off_by_one_pic_body() {
cat > test.c << EOF
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
void foo(); void foo();
void main() {foo(); printf("CHECK\n"); exit(0);} #ifndef PIC_MAIN
EOF
cat > pic.c << EOF
#include <stdio.h>
#include <stdlib.h>
void foo() {
int arr[5];
for (int i = 0; i <= 5 ; i++) {
arr[i] = 0;
}
}
EOF
cc -fPIC -fsanitize=address -shared -o libtest.so pic.c
cc -o test test.c -fsanitize=address -L. -ltest
export LD_LIBRARY_PATH=.
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"stack-buffer-overflow" ./test
}
off_by_one_pie_body() {
# check whether this arch supports -pice
if ! cc -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then
atf_set_skip "cc -pie not supported on this architecture"
fi
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
void foo() {
int arr[5];
for (int i = 0; i <= 5 ; i++) {
arr[i] = 0;
}
}
void main() {foo(); printf("CHECK\n"); exit(0);}
EOF
cc -fsanitize=address -o test -fpie -pie test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"stack-buffer-overflow" ./test
}
off_by_one32_body() {
# check whether this arch is 64bit
if ! cc -dM -E - < /dev/null | fgrep -q _LP64; then
atf_skip "this is not a 64 bit architecture"
fi
if ! cc -m32 -dM -E - < /dev/null 2>/dev/null > ./def32; then
atf_skip "cc -m32 not supported on this architecture"
else
if fgrep -q _LP64 ./def32; then
atf_fail "cc -m32 does not generate netbsd32 binaries"
fi
fi
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
void foo() { void foo() {
int arr[5]; int arr[5];
for (int i = 0; i <= 5 ; i++) { for (int i = 0; i <= 5 ; i++) {
arr[i] = 0; arr[i] = 0;
} }
} }
void main() {foo(); printf("CHECK\n"); exit(0);} #endif
EOF #ifndef PIC_FOO
cc -fsanitize=address -o obo32 -m32 test.c int main() {foo(); printf("CHECK\n"); exit(0);}
cc -fsanitize=address -o obo64 test.c #endif
file -b ./obo32 > ./ftype32 '
file -b ./obo64 > ./ftype64
if diff ./ftype32 ./ftype64 >/dev/null; then
atf_fail "generated binaries do not differ"
fi
echo "32bit binaries on this platform are:"
cat ./ftype32
echo "While native (64bit) binaries are:"
cat ./ftype64
paxctl +a obo32
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"stack-buffer-overflow" ./obo32
# and another test with profile 32bit binaries asan_test_case off_by_one "Off by one example" stack-buffer-overflow
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
void foo() {
int arr[5];
for (int i = 0; i <= 5 ; i++) {
arr[i] = 0;
}
}
void main() {foo(); printf("CHECK\n"); exit(0);}
EOF
cc -fsanitize=address -o test -pg test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"stack-buffer-overflow" ./test
}
target_not_supported_body()
{
atf_skip "Target is not supported"
}
atf_init_test_cases() atf_init_test_cases()
{ {
test_target asan_add_test_cases off_by_one
test $SUPPORT = 'n' && {
atf_add_test_case target_not_supported
return 0
}
atf_add_test_case off_by_one
# atf_add_test_case off_by_one_profile
atf_add_test_case off_by_one_pic
atf_add_test_case off_by_one_pie
# atf_add_test_case off_by_one32
# static option not supported
# -static and -fsanitize=address can't be used together for compilation
# (gcc version 5.4.0 and clang 7.1) tested on April 2nd 2018.
} }

237
tests/usr.bin/cc/t_asan_poison.sh
View File

@ -1,6 +1,6 @@
# $NetBSD: t_asan_poison.sh,v 1.2 2018/07/16 07:25:58 kamil Exp $ # $NetBSD: t_asan_poison.sh,v 1.3 2019/01/29 19:56:37 mgorny Exp $
# #
# Copyright (c) 2018 The NetBSD Foundation, Inc. # Copyright (c) 2018, 2019 The NetBSD Foundation, Inc.
# All rights reserved. # All rights reserved.
# #
# This code is derived from software contributed to The NetBSD Foundation # This code is derived from software contributed to The NetBSD Foundation
@ -28,117 +28,12 @@
# POSSIBILITY OF SUCH DAMAGE. # POSSIBILITY OF SUCH DAMAGE.
# #
SUPPORT='n' ASAN_CODE='
test_target() {
if uname -m | grep -q "amd64"; then
SUPPORT='y'
fi
if uname -m | grep -q "i386"; then
SUPPORT='y'
fi
}
atf_test_case poison
poison_head() {
atf_set "descr" "compile and run \"Use after Poison example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case poison_profile
poison_profile_head() {
atf_set "descr" "compile and run \"Use after Poison example\" with profiling option"
atf_set "require.progs" "cc paxctl"
}
atf_test_case poison_pic
poison_pic_head() {
atf_set "descr" "compile and run PIC \"Use after Poison example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case poison_pie
poison_pie_head() {
atf_set "descr" "compile and run position independent (PIE) \"Use after Poison example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case poison32
poison32_head() {
atf_set "descr" "compile and run \"Use after Poison example\" for/in netbsd32 emulation"
atf_set "require.progs" "cc paxctl file diff cat"
}
atf_test_case target_not_supported
target_not_supported_head()
{
atf_set "descr" "Test forced skip"
}
poison_body() {
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
#include <sanitizer/asan_interface.h>
int foo() {
int p = 2;
int *a;
ASAN_POISON_MEMORY_REGION(&p, sizeof(int));
a=&p;
printf("%d", *a);
}
int main() {
foo();
printf("CHECK\n");
exit(0);
}
EOF
cc -fsanitize=address -o test test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"use-after-poison" ./test
}
poison_profile_body() {
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
#include <sanitizer/asan_interface.h>
int foo() {
int p = 2;
int *a;
ASAN_POISON_MEMORY_REGION(&p, sizeof(int));
a=&p;
printf("%d", *a);
}
int main() {
foo();
printf("CHECK\n");
exit(0);
}
EOF
cc -fsanitize=address -o test -pg test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"use-after-poison" ./test
}
poison_pic_body() {
cat > test.c << EOF
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <sanitizer/asan_interface.h> #include <sanitizer/asan_interface.h>
int foo(); int foo();
int main() { #ifndef PIC_MAIN
foo();
printf("CHECK\n");
exit(0);
}
EOF
cat > pic.c << EOF
#include <stdio.h>
#include <stdlib.h>
#include <sanitizer/asan_interface.h>
int foo() { int foo() {
int p = 2; int p = 2;
int *a; int *a;
@ -146,132 +41,20 @@ int foo() {
a=&p; a=&p;
printf("%d", *a); printf("%d", *a);
} }
EOF #endif
cc -fPIC -fsanitize=address -shared -o libtest.so pic.c
cc -o test test.c -fsanitize=address -L. -ltest
paxctl +a test
export LD_LIBRARY_PATH=.
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"use-after-poison" ./test
}
poison_pie_body() {
# check whether this arch supports -pice
if ! cc -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then
atf_set_skip "cc -pie not supported on this architecture"
fi
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
#include <sanitizer/asan_interface.h>
int foo() {
int p = 2;
int *a;
ASAN_POISON_MEMORY_REGION(&p, sizeof(int));
a=&p;
printf("%d", *a);
}
#ifndef PIC_FOO
int main() { int main() {
foo(); foo();
printf("CHECK\n"); printf("CHECK\n");
exit(0); exit(0);
} }
EOF #endif
cc -fsanitize=address -fpie -pie -o test test.c '
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"use-after-poison" ./test
}
poison32_body() { asan_test_case poison 'Use after Poison example' use-after-poison
# check whether this arch is 64bit
if ! cc -dM -E - < /dev/null | fgrep -q _LP64; then
atf_skip "this is not a 64 bit architecture"
fi
if ! cc -m32 -dM -E - < /dev/null 2>/dev/null > ./def32; then
atf_skip "cc -m32 not supported on this architecture"
else
if fgrep -q _LP64 ./def32; then
atf_fail "cc -m32 does not generate netbsd32 binaries"
fi
fi
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
#include <sanitizer/asan_interface.h>
int foo() {
int p = 2;
int *a;
ASAN_POISON_MEMORY_REGION(&p, sizeof(int));
a=&p;
printf("%d", *a);
}
int main() {
foo();
printf("CHECK\n");
exit(0);
}
EOF
cc -fsanitize=address -o psn32 -m32 test.c
cc -fsanitize=address -o psn64 test.c
file -b ./psn32 > ./ftype32
file -b ./psn64 > ./ftype64
if diff ./ftype32 ./ftype64 >/dev/null; then
atf_fail "generated binaries do not differ"
fi
echo "32bit binaries on this platform are:"
cat ./ftype32
echo "While native (64bit) binaries are:"
cat ./ftype64
paxctl +a psn32
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"use-after-poison" ./psn32
# and another test with profile 32bit binaries
cat > test.c << EOF
#include <stdio.h>
#include <stdlib.h>
#include <sanitizer/asan_interface.h>
int foo() {
int p = 2;
int *a;
ASAN_POISON_MEMORY_REGION(&p, sizeof(int));
a=&p;
printf("%d", *a);
}
int main() {
foo();
printf("CHECK\n");
exit(0);
}
EOF
cc -o test -m32 -fsanitize=address -pg test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"use-after-poison" ./test
}
target_not_supported_body()
{
atf_skip "Target is not supported"
}
atf_init_test_cases() atf_init_test_cases()
{ {
test_target asan_add_test_cases poison
test $SUPPORT = 'n' && {
atf_add_test_case target_not_supported
return 0
}
atf_add_test_case poison
# atf_add_test_case poison_profile
atf_add_test_case poison_pic
atf_add_test_case poison_pie
# atf_add_test_case poison32
# static option not supported
# -static and -fsanitize=address can't be used together for compilation
# (gcc version 5.4.0 and clang 7.1) tested on April 2nd 2018.
} }

179
tests/usr.bin/cc/t_asan_uaf.sh
View File

@ -1,6 +1,6 @@
# $NetBSD: t_asan_uaf.sh,v 1.2 2018/07/16 07:25:58 kamil Exp $ # $NetBSD: t_asan_uaf.sh,v 1.3 2019/01/29 19:56:37 mgorny Exp $
# #
# Copyright (c) 2018 The NetBSD Foundation, Inc. # Copyright (c) 2018, 2019 The NetBSD Foundation, Inc.
# All rights reserved. # All rights reserved.
# #
# This code is derived from software contributed to The NetBSD Foundation # This code is derived from software contributed to The NetBSD Foundation
@ -28,178 +28,21 @@
# POSSIBILITY OF SUCH DAMAGE. # POSSIBILITY OF SUCH DAMAGE.
# #
SUPPORT='n' ASAN_CODE='
test_target() {
if uname -m | grep -q "amd64"; then
SUPPORT='y'
fi
if uname -m | grep -q "i386"; then
SUPPORT='y'
fi
}
atf_test_case uaf
uaf_head() {
atf_set "descr" "compile and run \"Use After Free example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case uaf_profile
uaf_profile_head() {
atf_set "descr" "compile and run \"Use After Free example\" with profiling option"
atf_set "require.progs" "cc paxctl"
}
atf_test_case uaf_pic
uaf_pic_head() {
atf_set "descr" "compile and run PIC \"Use After Free example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case uaf_pie
uaf_pie_head() {
atf_set "descr" "compile and run position independent (PIE) \"Use After Free example\""
atf_set "require.progs" "cc paxctl"
}
atf_test_case uaf32
uaf32_head() {
atf_set "descr" "compile and run \"Use After Free example\" for/in netbsd32 emulation"
atf_set "require.progs" "cc paxctl file diff cat"
}
atf_test_case target_not_supported
target_not_supported_head()
{
atf_set "descr" "Test forced skip"
}
uaf_body() {
cat > test.c << EOF
#include <stdlib.h>
#include <stdio.h>
int foo() {int *x = (int *)malloc(10 * sizeof(int)); free(x); return x[0];}
void main() {foo(); printf("CHECK\n"); exit(0);}
EOF
cc -fsanitize=address -o test test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-use-after-free" ./test
}
uaf_profile_body() {
cat > test.c << EOF
#include <stdlib.h>
#include <stdio.h>
int foo() {int *x = (int *)malloc(10 * sizeof(int)); free(x); return x[0];}
void main() {foo(); printf("CHECK\n"); exit(0);}
EOF
cc -fsanitize=address -o test -pg test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-use-after-free" ./test
}
uaf_pic_body() {
cat > test.c << EOF
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
int foo(); int foo();
void main() {foo(); printf("CHECK\n"); exit(0);} #ifndef PIC_MAIN
EOF
cat > pic.c << EOF
#include <stdlib.h>
#include <stdio.h>
int foo() {int *x = (int *)malloc(10 * sizeof(int)); free(x); return x[0];} int foo() {int *x = (int *)malloc(10 * sizeof(int)); free(x); return x[0];}
EOF #endif
#ifndef PIC_FOO
int main() {foo(); printf("CHECK\n"); exit(0);}
#endif
'
cc -fPIC -fsanitize=address -shared -o libtest.so pic.c asan_test_case uaf "Use After Free example" heap-use-after-free
cc -o test test.c -fsanitize=address -L. -ltest
paxctl +a test
export LD_LIBRARY_PATH=.
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-use-after-free" ./test
}
uaf_pie_body() {
# check whether this arch supports -pice
if ! cc -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then
atf_set_skip "cc -pie not supported on this architecture"
fi
cat > test.c << EOF
#include <stdlib.h>
#include <stdio.h>
int foo() {int *x = (int *)malloc(10 * sizeof(int)); free(x); return x[0];}
void main() {foo(); printf("CHECK\n"); exit(0);}
EOF
cc -fsanitize=address -fpie -pie -o test test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-use-after-free" ./test
}
uaf32_body() {
# check whether this arch is 64bit
if ! cc -dM -E - < /dev/null | fgrep -q _LP64; then
atf_skip "this is not a 64 bit architecture"
fi
if ! cc -m32 -dM -E - < /dev/null 2>/dev/null > ./def32; then
atf_skip "cc -m32 not supported on this architecture"
else
if fgrep -q _LP64 ./def32; then
atf_fail "cc -m32 does not generate netbsd32 binaries"
fi
fi
cat > test.c << EOF
#include <stdlib.h>
#include <stdio.h>
int foo() {int *x = (int *)malloc(10 * sizeof(int)); free(x); return x[0];}
void main() {foo(); printf("CHECK\n"); exit(0);}
EOF
cc -fsanitize=address -o uaf32 -m32 test.c
cc -fsanitize=address -o uaf64 test.c
file -b ./uaf32 > ./ftype32
file -b ./uaf64 > ./ftype64
if diff ./ftype32 ./ftype64 >/dev/null; then
atf_fail "generated binaries do not differ"
fi
echo "32bit binaries on this platform are:"
cat ./ftype32
echo "While native (64bit) binaries are:"
cat ./ftype64
paxctl +a uaf32
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-use-after-free" ./uaf32
# and another test with profile 32bit binaries
cat > test.c << EOF
#include <stdlib.h>
#include <stdio.h>
int foo() {int *x = (int *)malloc(10 * sizeof(int)); free(x); return x[0];}
void main() {foo(); printf("CHECK\n"); exit(0);}
EOF
cc -o test -m32 -fsanitize=address -pg test.c
paxctl +a test
atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-use-after-free" ./test
}
target_not_supported_body()
{
atf_skip "Target is not supported"
}
atf_init_test_cases() atf_init_test_cases()
{ {
test_target asan_add_test_cases uaf
test $SUPPORT = 'n' && {
atf_add_test_case target_not_supported
return 0
}
atf_add_test_case uaf
# atf_add_test_case uaf_profile
atf_add_test_case uaf_pic
atf_add_test_case uaf_pie
# atf_add_test_case uaf32
# static option not supported
# -static and -fsanitize=address can't be used together for compilation
# (gcc version 5.4.0 and clang 7.1) tested on April 2nd 2018.
} }