superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/tools
History
Alice C. Munduruca 472c5dd6b9 selftests: net: fix "buffer overflow detected" for tap.c 
When the selftest 'tap.c' is compiled with '-D_FORTIFY_SOURCE=3',
the strcpy() in rtattr_add_strsz() is replaced with a checked
version which causes the test to consistently fail when compiled
with toolchains for which this option is enabled by default.

 TAP version 13
 1..3
 # Starting 3 tests from 1 test cases.
 #  RUN           tap.test_packet_valid_udp_gso ...
 *** buffer overflow detected ***: terminated
 # test_packet_valid_udp_gso: Test terminated by assertion
 #          FAIL  tap.test_packet_valid_udp_gso
 not ok 1 tap.test_packet_valid_udp_gso
 #  RUN           tap.test_packet_valid_udp_csum ...
 *** buffer overflow detected ***: terminated
 # test_packet_valid_udp_csum: Test terminated by assertion
 #          FAIL  tap.test_packet_valid_udp_csum
 not ok 2 tap.test_packet_valid_udp_csum
 #  RUN           tap.test_packet_crash_tap_invalid_eth_proto ...
 *** buffer overflow detected ***: terminated
 # test_packet_crash_tap_invalid_eth_proto: Test terminated by assertion
 #          FAIL  tap.test_packet_crash_tap_invalid_eth_proto
 not ok 3 tap.test_packet_crash_tap_invalid_eth_proto
 # FAILED: 0 / 3 tests passed.
 # Totals: pass:0 fail:3 xfail:0 xpass:0 skip:0 error:0

A buffer overflow is detected by the fortified glibc __strcpy_chk()
since the __builtin_object_size() of `RTA_DATA(rta)` is incorrectly
reported as 1, even though there is ample space in its bounding
buffer `req`.

Additionally, given that IFLA_IFNAME also expects a null-terminated
string, callers of rtaddr_add_str{,sz}() could simply use the
rtaddr_add_strsz() variant. (which has been renamed to remove the
trailing `sz`) memset() has been used for this function since it
is unchecked and thus circumvents the issue discussed in the
previous paragraph.

Fixes: 2e64fe4624 ("selftests: add few test cases for tap driver")
Signed-off-by: Alice C. Munduruca <alice.munduruca@canonical.com>
Reviewed-by: Cengiz Can <cengiz.can@canonical.com>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Link: https://patch.msgid.link/20251216170641.250494-1-alice.munduruca@canonical.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
 		2025-12-23 12:30:23 +01:00
..
accounting
arch [GIT PULL] perf tools changes for v6.19 2025-12-07 07:07:02 -08:00
bootconfig
bpf bpftool: Fix build warnings due to MS extensions 2025-12-09 23:21:33 -08:00
build [GIT PULL] perf tools changes for v6.19 2025-12-07 07:07:02 -08:00
certs
cgroup
counter
crypto
debugging
dma dma-mapping updates for Linux 6.19: 2025-12-06 09:25:05 -08:00
docs docs: makefile: move rustdoc check to the build wrapper 2025-11-29 08:42:53 -07:00
firewire
firmware
gpio
hv
iio
include hyperv-next for v6.19 2025-12-09 06:10:17 +09:00
kvm/kvm_stat
laptop
leds
lib bpf-fixes 2025-12-17 15:54:58 +12:00
memory-model
mm tools/mm/page_owner_sort: add help option support 2025-11-16 17:28:06 -08:00
net Including fixes from netfilter and CAN. 2025-12-19 07:55:35 +12:00
objtool objtool: Add more robust signal error handling, detect and warn about stack overflows 2025-12-03 19:42:37 +01:00
pcmcia
perf [GIT PULL] perf tools changes for v6.19 2025-12-07 07:07:02 -08:00
power platform-drivers-x86 for v6.19-1 2025-12-10 06:38:17 +09:00
rcu
sched
sched_ext sched_ext: tools: Removing duplicate targets during non-cross compilation 2025-11-20 07:00:27 -10:00
scripts
sound
spi
testing selftests: net: fix "buffer overflow detected" for tap.c 2025-12-23 12:30:23 +01:00
thermal tools/thermal/thermal-engine: Fix format string bug in thermal-engine 2025-11-25 11:00:28 +01:00
time
tracing rtla updaets for v6.19: 2025-12-05 09:34:01 -08:00
usb
verification
virtio tools/virtio: replace "__auto_type" with "auto" 2025-12-08 15:32:15 -08:00
wmi
workqueue
writeback
Makefile