isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Test strvec_join() using strlcpy_unesc().

Browse Source 
Emulates an overflow like: sudoedit -s '\' `perl -e 'print "A" x 65536'`
This commit is contained in:
Todd C. Miller
2021-01-27 21:46:19 -07:00
parent 29acc64192
commit 888f63a9c8
2 changed files with 58 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/sudoers/Makefile.in
View File

@@ -230,7 +230,7 @@ CHECK_SYMBOLS_OBJS = check_symbols.o
CHECK_STARTTIME_OBJS = check_starttime.o starttime.lo sudoers_debug.lo CHECK_STARTTIME_OBJS = check_starttime.o starttime.lo sudoers_debug.lo
CHECK_UNESC_OBJS = check_unesc.o strlcpy_unesc.lo sudoers_debug.lo CHECK_UNESC_OBJS = check_unesc.o strlcpy_unesc.lo strvec_join.lo sudoers_debug.lo
VERSION = @PACKAGE_VERSION@ VERSION = @PACKAGE_VERSION@
PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_TARNAME = @PACKAGE_TARNAME@

62
plugins/sudoers/regress/unescape/check_unesc.c
View File

@@ -45,16 +45,15 @@ struct test_data {
sudo_dso_public int main(int argc, char *argv[]); sudo_dso_public int main(int argc, char *argv[]);
int static void
main(int argc, char *argv[]) test_strlcpy_unescape(int *ntests_out, int *errors_out)
{ {
int ntests = 0, errors = 0; int ntests = *ntests_out;
int errors = *errors_out;
struct test_data *td; struct test_data *td;
char buf[1024]; char buf[1024];
size_t len; size_t len;
initprogname(argc > 0 ? argv[0] : "check_unesc");
for (td = test_data; td->input != NULL; td++) { for (td = test_data; td->input != NULL; td++) {
ntests++; ntests++;
memset(buf, 'A', sizeof(buf)); memset(buf, 'A', sizeof(buf));
@@ -82,6 +81,59 @@ main(int argc, char *argv[])
} }
} }
*ntests_out = ntests;
*errors_out = errors;
}
static void
test_strvec_join(int *ntests_out, int *errors_out)
{
int ntests = *ntests_out;
int errors = *errors_out;
char buf[64*1024 + 1], expected[64*1024 + 3];
char *argv[3], *result;
/* Test joining an argument vector while unescaping. */
memset(buf, 'A', sizeof(buf));
buf[sizeof(buf) - 1] = '\0';
argv[0] = "\\";
argv[1] = buf;
argv[2] = NULL;
memset(expected, 'A', sizeof(expected));
expected[0] = '\\';
expected[1] = ' ';
expected[sizeof(expected) - 1] = '\0';
ntests++;
result = strvec_join(argv, ' ', strlcpy_unescape);
if (result == NULL) {
sudo_warnx("%d: failed to join argument vector", ntests);
errors++;
} else if (strcmp(result, expected) != 0) {
sudo_warnx("%d: got \"%s\", expected \"%s\"", ntests,
result, expected);
errors++;
}
free(result);
*ntests_out = ntests;
*errors_out = errors;
}
int
main(int argc, char *argv[])
{
int ntests = 0, errors = 0;
initprogname(argc > 0 ? argv[0] : "check_unesc");
/* strlcpy_unescape tests */
test_strlcpy_unescape(&ntests, &errors);
/* strvec_join test */
test_strvec_join(&ntests, &errors);
printf("%s: %d tests run, %d errors, %d%% success rate\n", getprogname(), printf("%s: %d tests run, %d errors, %d%% success rate\n", getprogname(),
ntests, errors, (ntests - errors) * 100 / ntests); ntests, errors, (ntests - errors) * 100 / ntests);