mirror of
https://github.com/linux-apfs/apfstests.git
synced 2026-05-01 15:01:44 -07:00
Darrick J. Wong
e6897e32b8
XFS had a use-after-free bug when xfs_xattr_put_listent runs out of listxattr buffer space while trying to store the name "system.posix_acl_access" and then corrupts memory by not checking the seen_enough state and then trying to shove "trusted.SGI_ACL_FILE" into the buffer as well. In order to tickle the bug in a user visible way we must have already put a name in the buffer, so we take advantage of the fact that "security.evm" sorts before "system.posix_acl_access" to make sure this happens. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Eryu Guan <guaneryu@gmail.com> Signed-off-by: Eryu Guan <guaneryu@gmail.com>
42 lines
838 B
Bash
Executable File
42 lines
838 B
Bash
Executable File
#! /bin/bash
|
|
# SPDX-License-Identifier: GPL-2.0+
|
|
# Copyright (c) 2019 Oracle, Inc. All Rights Reserved.
|
|
#
|
|
# FS QA Test No. 529
|
|
#
|
|
# Regression test for a bug where XFS corrupts memory if the listxattr buffer
|
|
# is a particularly well crafted size on a filesystem that supports posix acls.
|
|
#
|
|
seq=`basename $0`
|
|
seqres=$RESULT_DIR/$seq
|
|
echo "QA output created by $seq"
|
|
tmp=/tmp/$$
|
|
status=1 # failure is the default!
|
|
trap "_cleanup; exit \$status" 0 1 2 3 15
|
|
|
|
_cleanup()
|
|
{
|
|
cd /
|
|
rm -f $tmp.*
|
|
}
|
|
|
|
# get standard environment, filters and checks
|
|
. ./common/rc
|
|
. ./common/attr
|
|
|
|
# real QA test starts here
|
|
_supported_fs generic
|
|
_supported_os Linux
|
|
_require_acls
|
|
_require_scratch
|
|
_require_test_program "t_attr_corruption"
|
|
|
|
rm -f $seqres.full
|
|
_scratch_mkfs >> $seqres.full 2>&1
|
|
_scratch_mount
|
|
|
|
$here/src/t_attr_corruption $SCRATCH_MNT
|
|
|
|
status=0
|
|
exit
|