1*fade3174SKonstantin Belousov /* 2*fade3174SKonstantin Belousov * Copyright (c) 2017 Jan Kokemüller 3*fade3174SKonstantin Belousov * All rights reserved. 4*fade3174SKonstantin Belousov * 5*fade3174SKonstantin Belousov * Redistribution and use in source and binary forms, with or without 6*fade3174SKonstantin Belousov * modification, are permitted provided that the following conditions 7*fade3174SKonstantin Belousov * are met: 8*fade3174SKonstantin Belousov * 1. Redistributions of source code must retain the above copyright 9*fade3174SKonstantin Belousov * notice, this list of conditions and the following disclaimer. 10*fade3174SKonstantin Belousov * 2. Redistributions in binary form must reproduce the above copyright 11*fade3174SKonstantin Belousov * notice, this list of conditions and the following disclaimer in the 12*fade3174SKonstantin Belousov * documentation and/or other materials provided with the distribution. 13*fade3174SKonstantin Belousov * 14*fade3174SKonstantin Belousov * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15*fade3174SKonstantin Belousov * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16*fade3174SKonstantin Belousov * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17*fade3174SKonstantin Belousov * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18*fade3174SKonstantin Belousov * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19*fade3174SKonstantin Belousov * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20*fade3174SKonstantin Belousov * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21*fade3174SKonstantin Belousov * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22*fade3174SKonstantin Belousov * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23*fade3174SKonstantin Belousov * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24*fade3174SKonstantin Belousov * SUCH DAMAGE. 25*fade3174SKonstantin Belousov */ 26*fade3174SKonstantin Belousov 27*fade3174SKonstantin Belousov #include <sys/cdefs.h> 28*fade3174SKonstantin Belousov __FBSDID("$FreeBSD$"); 29*fade3174SKonstantin Belousov 30*fade3174SKonstantin Belousov #include <sys/param.h> 31*fade3174SKonstantin Belousov #include <errno.h> 32*fade3174SKonstantin Belousov #include <fcntl.h> 33*fade3174SKonstantin Belousov #include <stdio.h> 34*fade3174SKonstantin Belousov #include <stdlib.h> 35*fade3174SKonstantin Belousov #include <string.h> 36*fade3174SKonstantin Belousov #include <unistd.h> 37*fade3174SKonstantin Belousov 38*fade3174SKonstantin Belousov #include <atf-c.h> 39*fade3174SKonstantin Belousov 40*fade3174SKonstantin Belousov ATF_TC(realpath_buffer_overflow); 41*fade3174SKonstantin Belousov ATF_TC_HEAD(realpath_buffer_overflow, tc) 42*fade3174SKonstantin Belousov { 43*fade3174SKonstantin Belousov atf_tc_set_md_var(tc, "descr", 44*fade3174SKonstantin Belousov "Test for out of bounds read from 'left' array " 45*fade3174SKonstantin Belousov "(compile realpath.c with '-fsanitize=address')"); 46*fade3174SKonstantin Belousov } 47*fade3174SKonstantin Belousov 48*fade3174SKonstantin Belousov ATF_TC_BODY(realpath_buffer_overflow, tc) 49*fade3174SKonstantin Belousov { 50*fade3174SKonstantin Belousov char path[MAXPATHLEN] = { 0 }; 51*fade3174SKonstantin Belousov char resb[MAXPATHLEN] = { 0 }; 52*fade3174SKonstantin Belousov size_t i; 53*fade3174SKonstantin Belousov 54*fade3174SKonstantin Belousov path[0] = 'a'; 55*fade3174SKonstantin Belousov path[1] = '/'; 56*fade3174SKonstantin Belousov for (i = 2; i < sizeof(path) - 1; ++i) { 57*fade3174SKonstantin Belousov path[i] = 'a'; 58*fade3174SKonstantin Belousov } 59*fade3174SKonstantin Belousov 60*fade3174SKonstantin Belousov ATF_REQUIRE(realpath(path, resb) == NULL); 61*fade3174SKonstantin Belousov } 62*fade3174SKonstantin Belousov 63*fade3174SKonstantin Belousov ATF_TC(realpath_empty_symlink); 64*fade3174SKonstantin Belousov ATF_TC_HEAD(realpath_empty_symlink, tc) 65*fade3174SKonstantin Belousov { 66*fade3174SKonstantin Belousov atf_tc_set_md_var(tc, "descr", 67*fade3174SKonstantin Belousov "Test for correct behavior when encountering empty symlinks"); 68*fade3174SKonstantin Belousov } 69*fade3174SKonstantin Belousov 70*fade3174SKonstantin Belousov ATF_TC_BODY(realpath_empty_symlink, tc) 71*fade3174SKonstantin Belousov { 72*fade3174SKonstantin Belousov char path[MAXPATHLEN] = { 0 }; 73*fade3174SKonstantin Belousov char slnk[MAXPATHLEN] = { 0 }; 74*fade3174SKonstantin Belousov char resb[MAXPATHLEN] = { 0 }; 75*fade3174SKonstantin Belousov int fd; 76*fade3174SKonstantin Belousov 77*fade3174SKonstantin Belousov (void)strlcat(slnk, "empty_symlink", sizeof(slnk)); 78*fade3174SKonstantin Belousov 79*fade3174SKonstantin Belousov ATF_REQUIRE(symlink("", slnk) == 0); 80*fade3174SKonstantin Belousov 81*fade3174SKonstantin Belousov fd = open("aaa", O_RDONLY | O_CREAT, 0600); 82*fade3174SKonstantin Belousov 83*fade3174SKonstantin Belousov ATF_REQUIRE(fd >= 0); 84*fade3174SKonstantin Belousov ATF_REQUIRE(close(fd) == 0); 85*fade3174SKonstantin Belousov 86*fade3174SKonstantin Belousov (void)strlcat(path, "empty_symlink", sizeof(path)); 87*fade3174SKonstantin Belousov (void)strlcat(path, "/aaa", sizeof(path)); 88*fade3174SKonstantin Belousov 89*fade3174SKonstantin Belousov ATF_REQUIRE_ERRNO(ENOENT, realpath(path, resb) == NULL); 90*fade3174SKonstantin Belousov 91*fade3174SKonstantin Belousov ATF_REQUIRE(unlink("aaa") == 0); 92*fade3174SKonstantin Belousov ATF_REQUIRE(unlink(slnk) == 0); 93*fade3174SKonstantin Belousov } 94*fade3174SKonstantin Belousov 95*fade3174SKonstantin Belousov ATF_TP_ADD_TCS(tp) 96*fade3174SKonstantin Belousov { 97*fade3174SKonstantin Belousov 98*fade3174SKonstantin Belousov ATF_TP_ADD_TC(tp, realpath_buffer_overflow); 99*fade3174SKonstantin Belousov ATF_TP_ADD_TC(tp, realpath_empty_symlink); 100*fade3174SKonstantin Belousov 101*fade3174SKonstantin Belousov return atf_no_error(); 102*fade3174SKonstantin Belousov } 103