1 /* $NetBSD: t_msgctl.c,v 1.5 2017/01/13 20:44:45 christos Exp $ */
2
3 /*-
4 * Copyright (c) 2011 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Jukka Ruohonen.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
30 */
31 #include <sys/cdefs.h>
32 __RCSID("$NetBSD: t_msgctl.c,v 1.5 2017/01/13 20:44:45 christos Exp $");
33
34 #include <sys/msg.h>
35 #include <sys/stat.h>
36 #include <sys/sysctl.h>
37 #include <sys/wait.h>
38
39 #include <atf-c.h>
40 #include <errno.h>
41 #include <limits.h>
42 #include <pwd.h>
43 #include <stdio.h>
44 #include <stdlib.h>
45 #include <string.h>
46 #include <sysexits.h>
47 #include <time.h>
48 #include <unistd.h>
49
50 #define MSG_KEY 12345689
51 #define MSG_MTYPE_1 0x41
52
53 struct msg {
54 long mtype;
55 char buf[3];
56 };
57
58 static void clean(void);
59
60 static void
clean(void)61 clean(void)
62 {
63 int id;
64
65 if ((id = msgget(MSG_KEY, 0)) != -1)
66 (void)msgctl(id, IPC_RMID, 0);
67 }
68
69 ATF_TC_WITH_CLEANUP(msgctl_err);
ATF_TC_HEAD(msgctl_err,tc)70 ATF_TC_HEAD(msgctl_err, tc)
71 {
72 atf_tc_set_md_var(tc, "descr", "Test errors from msgctl(2)");
73 }
74
ATF_TC_BODY(msgctl_err,tc)75 ATF_TC_BODY(msgctl_err, tc)
76 {
77 const int cmd[] = { IPC_STAT, IPC_SET, IPC_RMID };
78 struct msqid_ds msgds;
79 size_t i;
80 int id;
81
82 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
83
84 id = msgget(MSG_KEY, IPC_CREAT | 0600);
85 ATF_REQUIRE(id != -1);
86
87 errno = 0;
88 ATF_REQUIRE_ERRNO(EINVAL, msgctl(id, INT_MAX, &msgds) == -1);
89
90 errno = 0;
91 ATF_REQUIRE_ERRNO(EFAULT, msgctl(id, IPC_STAT, (void *)-1) == -1);
92
93 for (i = 0; i < __arraycount(cmd); i++) {
94 errno = 0;
95 ATF_REQUIRE_ERRNO(EINVAL, msgctl(-1, cmd[i], &msgds) == -1);
96 }
97
98 ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
99 }
100
ATF_TC_CLEANUP(msgctl_err,tc)101 ATF_TC_CLEANUP(msgctl_err, tc)
102 {
103 clean();
104 }
105
106 ATF_TC_WITH_CLEANUP(msgctl_perm);
ATF_TC_HEAD(msgctl_perm,tc)107 ATF_TC_HEAD(msgctl_perm, tc)
108 {
109 atf_tc_set_md_var(tc, "descr", "Test permissions with msgctl(2)");
110 atf_tc_set_md_var(tc, "require.user", "root");
111 }
112
ATF_TC_BODY(msgctl_perm,tc)113 ATF_TC_BODY(msgctl_perm, tc)
114 {
115 struct msqid_ds msgds;
116 struct passwd *pw;
117 pid_t pid;
118 int sta;
119 int id;
120
121 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
122
123 pw = getpwnam("nobody");
124 id = msgget(MSG_KEY, IPC_CREAT | 0600);
125
126 ATF_REQUIRE(id != -1);
127 ATF_REQUIRE(pw != NULL);
128 ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0);
129
130 pid = fork();
131 ATF_REQUIRE(pid >= 0);
132
133 if (pid == 0) {
134
135 if (setuid(pw->pw_uid) != 0)
136 _exit(EX_OSERR);
137
138 msgds.msg_perm.uid = getuid();
139 msgds.msg_perm.gid = getgid();
140
141 errno = 0;
142
143 if (msgctl(id, IPC_SET, &msgds) == 0)
144 _exit(EXIT_FAILURE);
145
146 if (errno != EPERM)
147 _exit(EXIT_FAILURE);
148
149 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
150
151 if (msgctl(id, IPC_STAT, &msgds) != 0)
152 _exit(EX_OSERR);
153
154 msgds.msg_qbytes = 1;
155
156 if (msgctl(id, IPC_SET, &msgds) == 0)
157 _exit(EXIT_FAILURE);
158
159 if (errno != EPERM)
160 _exit(EXIT_FAILURE);
161
162 _exit(EXIT_SUCCESS);
163 }
164
165 (void)wait(&sta);
166
167 if (WIFEXITED(sta) == 0) {
168
169 if (WEXITSTATUS(sta) == EX_OSERR)
170 atf_tc_fail("system call failed");
171
172 if (WEXITSTATUS(sta) == EXIT_FAILURE)
173 atf_tc_fail("UID %u manipulated root's "
174 "message queue", pw->pw_uid);
175 }
176
177 ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
178 }
179
ATF_TC_CLEANUP(msgctl_perm,tc)180 ATF_TC_CLEANUP(msgctl_perm, tc)
181 {
182 clean();
183 }
184
185 ATF_TC_WITH_CLEANUP(msgctl_pid);
ATF_TC_HEAD(msgctl_pid,tc)186 ATF_TC_HEAD(msgctl_pid, tc)
187 {
188 atf_tc_set_md_var(tc, "descr", "Test that PIDs are updated");
189 }
190
ATF_TC_BODY(msgctl_pid,tc)191 ATF_TC_BODY(msgctl_pid, tc)
192 {
193 struct msg msg = { MSG_MTYPE_1, { 'a', 'b', 'c' } };
194 struct msqid_ds msgds;
195 int id, sta;
196 pid_t pid;
197
198 id = msgget(MSG_KEY, IPC_CREAT | 0600);
199 ATF_REQUIRE(id != -1);
200
201 pid = fork();
202 ATF_REQUIRE(pid >= 0);
203
204 if (pid == 0) {
205
206 #ifdef __FreeBSD__
207 (void)msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT);
208 #else
209 (void)msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT);
210 #endif
211
212 _exit(EXIT_SUCCESS);
213 }
214
215 (void)wait(&sta);
216 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
217
218 ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0);
219
220 if (pid != msgds.msg_lspid)
221 atf_tc_fail("the PID of last msgsnd(2) was not updated");
222
223 pid = fork();
224 ATF_REQUIRE(pid >= 0);
225
226 if (pid == 0) {
227
228 (void)msgrcv(id, &msg,
229 sizeof(struct msg), MSG_MTYPE_1, IPC_NOWAIT);
230
231 _exit(EXIT_SUCCESS);
232 }
233
234 (void)wait(&sta);
235 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
236
237 ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0);
238
239 if (pid != msgds.msg_lrpid)
240 atf_tc_fail("the PID of last msgrcv(2) was not updated");
241
242 ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
243 }
244
ATF_TC_CLEANUP(msgctl_pid,tc)245 ATF_TC_CLEANUP(msgctl_pid, tc)
246 {
247 clean();
248 }
249
250 ATF_TC_WITH_CLEANUP(msgctl_set);
ATF_TC_HEAD(msgctl_set,tc)251 ATF_TC_HEAD(msgctl_set, tc)
252 {
253 atf_tc_set_md_var(tc, "descr", "Test msgctl(2) with IPC_SET");
254 atf_tc_set_md_var(tc, "require.user", "root");
255 }
256
ATF_TC_BODY(msgctl_set,tc)257 ATF_TC_BODY(msgctl_set, tc)
258 {
259 struct msqid_ds msgds;
260 struct passwd *pw;
261 int id;
262
263 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
264
265 pw = getpwnam("nobody");
266 id = msgget(MSG_KEY, IPC_CREAT | 0600);
267
268 ATF_REQUIRE(id != -1);
269 ATF_REQUIRE(pw != NULL);
270 ATF_REQUIRE(msgctl(id, IPC_STAT, &msgds) == 0);
271
272 msgds.msg_perm.uid = pw->pw_uid;
273
274 if (msgctl(id, IPC_SET, &msgds) != 0)
275 atf_tc_fail("root failed to change the UID of message queue");
276
277 msgds.msg_perm.uid = getuid();
278 msgds.msg_perm.gid = pw->pw_gid;
279
280 if (msgctl(id, IPC_SET, &msgds) != 0)
281 atf_tc_fail("root failed to change the GID of message queue");
282
283 /*
284 * Note: setting the qbytes to zero fails even as root.
285 */
286 msgds.msg_qbytes = 1;
287 msgds.msg_perm.gid = getgid();
288
289 if (msgctl(id, IPC_SET, &msgds) != 0)
290 atf_tc_fail("root failed to change qbytes of message queue");
291
292 ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
293 }
294
ATF_TC_CLEANUP(msgctl_set,tc)295 ATF_TC_CLEANUP(msgctl_set, tc)
296 {
297 clean();
298 }
299
300 ATF_TC_WITH_CLEANUP(msgctl_time);
ATF_TC_HEAD(msgctl_time,tc)301 ATF_TC_HEAD(msgctl_time, tc)
302 {
303 atf_tc_set_md_var(tc, "descr", "Test that access times are updated");
304 }
305
ATF_TC_BODY(msgctl_time,tc)306 ATF_TC_BODY(msgctl_time, tc)
307 {
308 struct msg msg = { MSG_MTYPE_1, { 'a', 'b', 'c' } };
309 struct msqid_ds msgds;
310 time_t t;
311 int id;
312
313 id = msgget(MSG_KEY, IPC_CREAT | 0600);
314 ATF_REQUIRE(id != -1);
315
316 t = time(NULL);
317
318 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
319 #ifdef __FreeBSD__
320 (void)msgsnd(id, &msg, sizeof(msg.buf), IPC_NOWAIT);
321 #else
322 (void)msgsnd(id, &msg, sizeof(struct msg), IPC_NOWAIT);
323 #endif
324 (void)msgctl(id, IPC_STAT, &msgds);
325
326 if (llabs(t - msgds.msg_stime) > 1)
327 atf_tc_fail("time of last msgsnd(2) was not updated");
328
329 if (msgds.msg_rtime != 0)
330 atf_tc_fail("time of last msgrcv(2) was updated incorrectly");
331
332 t = time(NULL);
333
334 (void)memset(&msgds, 0, sizeof(struct msqid_ds));
335 (void)msgrcv(id, &msg, sizeof(struct msg), MSG_MTYPE_1, IPC_NOWAIT);
336 (void)msgctl(id, IPC_STAT, &msgds);
337
338 if (llabs(t - msgds.msg_rtime) > 1)
339 atf_tc_fail("time of last msgrcv(2) was not updated");
340
341 /*
342 * Note: this is non-zero even after the memset(3).
343 */
344 if (msgds.msg_stime == 0)
345 atf_tc_fail("time of last msgsnd(2) was updated incorrectly");
346
347 ATF_REQUIRE(msgctl(id, IPC_RMID, 0) == 0);
348 }
349
ATF_TC_CLEANUP(msgctl_time,tc)350 ATF_TC_CLEANUP(msgctl_time, tc)
351 {
352 clean();
353 }
354
ATF_TP_ADD_TCS(tp)355 ATF_TP_ADD_TCS(tp)
356 {
357
358 ATF_TP_ADD_TC(tp, msgctl_err);
359 ATF_TP_ADD_TC(tp, msgctl_perm);
360 ATF_TP_ADD_TC(tp, msgctl_pid);
361 ATF_TP_ADD_TC(tp, msgctl_set);
362 ATF_TP_ADD_TC(tp, msgctl_time);
363
364 return atf_no_error();
365 }
366