1 /* @generated by `generate-fortify-tests.lua "socket"` */
2
3 #define _FORTIFY_SOURCE 2
4 #define TMPFILE_SIZE (1024 * 32)
5
6 #include <sys/param.h>
7 #include <sys/jail.h>
8 #include <sys/random.h>
9 #include <sys/resource.h>
10 #include <sys/select.h>
11 #include <sys/socket.h>
12 #include <sys/time.h>
13 #include <sys/uio.h>
14 #include <sys/wait.h>
15 #include <dirent.h>
16 #include <errno.h>
17 #include <fcntl.h>
18 #include <limits.h>
19 #include <poll.h>
20 #include <signal.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <strings.h>
25 #include <sysexits.h>
26 #include <unistd.h>
27 #include <wchar.h>
28 #include <atf-c.h>
29
30 static FILE * __unused
new_fp(size_t __len)31 new_fp(size_t __len)
32 {
33 static char fpbuf[LINE_MAX];
34 FILE *fp;
35
36 ATF_REQUIRE(__len <= sizeof(fpbuf));
37
38 memset(fpbuf, 'A', sizeof(fpbuf) - 1);
39 fpbuf[sizeof(fpbuf) - 1] = '\0';
40
41 fp = fmemopen(fpbuf, sizeof(fpbuf), "rb");
42 ATF_REQUIRE(fp != NULL);
43
44 return (fp);
45 }
46
47 /*
48 * Create a new symlink to use for readlink(2) style tests, we'll just use a
49 * random target name to have something interesting to look at.
50 */
51 static const char * __unused
new_symlink(size_t __len)52 new_symlink(size_t __len)
53 {
54 static const char linkname[] = "link";
55 char target[MAXNAMLEN];
56 int error;
57
58 ATF_REQUIRE(__len <= sizeof(target));
59
60 arc4random_buf(target, sizeof(target));
61
62 error = unlink(linkname);
63 ATF_REQUIRE(error == 0 || errno == ENOENT);
64
65 error = symlink(target, linkname);
66 ATF_REQUIRE(error == 0);
67
68 return (linkname);
69 }
70
71 /*
72 * For our purposes, first descriptor will be the reader; we'll send both
73 * raw data and a control message over it so that the result can be used for
74 * any of our recv*() tests.
75 */
76 static void __unused
new_socket(int sock[2])77 new_socket(int sock[2])
78 {
79 unsigned char ctrl[CMSG_SPACE(sizeof(int))] = { 0 };
80 static char sockbuf[256];
81 ssize_t rv;
82 size_t total = 0;
83 struct msghdr hdr = { 0 };
84 struct cmsghdr *cmsg;
85 int error, fd;
86
87 error = socketpair(AF_UNIX, SOCK_STREAM, 0, sock);
88 ATF_REQUIRE(error == 0);
89
90 while (total != sizeof(sockbuf)) {
91 rv = send(sock[1], &sockbuf[total], sizeof(sockbuf) - total, 0);
92
93 ATF_REQUIRE_MSG(rv > 0,
94 "expected bytes sent, got %zd with %zu left (size %zu, total %zu)",
95 rv, sizeof(sockbuf) - total, sizeof(sockbuf), total);
96 ATF_REQUIRE_MSG(total + (size_t)rv <= sizeof(sockbuf),
97 "%zd exceeds total %zu", rv, sizeof(sockbuf));
98 total += rv;
99 }
100
101 hdr.msg_control = ctrl;
102 hdr.msg_controllen = sizeof(ctrl);
103
104 cmsg = CMSG_FIRSTHDR(&hdr);
105 cmsg->cmsg_level = SOL_SOCKET;
106 cmsg->cmsg_type = SCM_RIGHTS;
107 cmsg->cmsg_len = CMSG_LEN(sizeof(fd));
108 fd = STDIN_FILENO;
109 memcpy(CMSG_DATA(cmsg), &fd, sizeof(fd));
110
111 error = sendmsg(sock[1], &hdr, 0);
112 ATF_REQUIRE(error != -1);
113 }
114
115 /*
116 * Constructs a tmpfile that we can use for testing read(2) and friends.
117 */
118 static int __unused
new_tmpfile(void)119 new_tmpfile(void)
120 {
121 char buf[1024];
122 ssize_t rv;
123 size_t written;
124 int fd;
125
126 fd = open("tmpfile", O_RDWR | O_CREAT | O_TRUNC, 0644);
127 ATF_REQUIRE(fd >= 0);
128
129 written = 0;
130 while (written < TMPFILE_SIZE) {
131 rv = write(fd, buf, sizeof(buf));
132 ATF_REQUIRE(rv > 0);
133
134 written += rv;
135 }
136
137 ATF_REQUIRE_EQ(0, lseek(fd, 0, SEEK_SET));
138 return (fd);
139 }
140
141 static void
disable_coredumps(void)142 disable_coredumps(void)
143 {
144 struct rlimit rl = { 0 };
145
146 if (setrlimit(RLIMIT_CORE, &rl) == -1)
147 _exit(EX_OSERR);
148 }
149
150 /*
151 * Replaces stdin with a file that we can actually read from, for tests where
152 * we want a FILE * or fd that we can get data from.
153 */
154 static void __unused
replace_stdin(void)155 replace_stdin(void)
156 {
157 int fd;
158
159 fd = new_tmpfile();
160
161 (void)dup2(fd, STDIN_FILENO);
162 if (fd != STDIN_FILENO)
163 close(fd);
164 }
165
166 ATF_TC(getpeername_before_end);
ATF_TC_HEAD(getpeername_before_end,tc)167 ATF_TC_HEAD(getpeername_before_end, tc)
168 {
169 }
ATF_TC_BODY(getpeername_before_end,tc)170 ATF_TC_BODY(getpeername_before_end, tc)
171 {
172 #define BUF &__stack.__buf
173 struct {
174 uint8_t padding_l;
175 struct sockaddr __buf;
176 uint8_t padding_r;
177 } __stack;
178 const size_t __bufsz __unused = sizeof(__stack.__buf);
179 const size_t __len = sizeof(struct sockaddr) - 1;
180 const size_t __idx __unused = __len - 1;
181 int sock[2] = { -1, -1 };
182 socklen_t socklen;
183 new_socket(sock);
184 socklen = __len;
185
186 getpeername(sock[0], &__stack.__buf, &socklen);
187 #undef BUF
188
189 }
190
191 ATF_TC(getpeername_end);
ATF_TC_HEAD(getpeername_end,tc)192 ATF_TC_HEAD(getpeername_end, tc)
193 {
194 }
ATF_TC_BODY(getpeername_end,tc)195 ATF_TC_BODY(getpeername_end, tc)
196 {
197 #define BUF &__stack.__buf
198 struct {
199 uint8_t padding_l;
200 struct sockaddr __buf;
201 uint8_t padding_r;
202 } __stack;
203 const size_t __bufsz __unused = sizeof(__stack.__buf);
204 const size_t __len = sizeof(struct sockaddr);
205 const size_t __idx __unused = __len - 1;
206 int sock[2] = { -1, -1 };
207 socklen_t socklen;
208 new_socket(sock);
209 socklen = __len;
210
211 getpeername(sock[0], &__stack.__buf, &socklen);
212 #undef BUF
213
214 }
215
216 ATF_TC(getpeername_heap_before_end);
ATF_TC_HEAD(getpeername_heap_before_end,tc)217 ATF_TC_HEAD(getpeername_heap_before_end, tc)
218 {
219 }
ATF_TC_BODY(getpeername_heap_before_end,tc)220 ATF_TC_BODY(getpeername_heap_before_end, tc)
221 {
222 #define BUF __stack.__buf
223 struct {
224 uint8_t padding_l;
225 struct sockaddr * __buf;
226 uint8_t padding_r;
227 } __stack;
228 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (1);
229 const size_t __len = sizeof(struct sockaddr) - 1;
230 const size_t __idx __unused = __len - 1;
231 int sock[2] = { -1, -1 };
232 socklen_t socklen;
233 __stack.__buf = malloc(__bufsz);
234 new_socket(sock);
235 socklen = __len;
236
237 getpeername(sock[0], __stack.__buf, &socklen);
238 #undef BUF
239
240 }
241
242 ATF_TC(getpeername_heap_end);
ATF_TC_HEAD(getpeername_heap_end,tc)243 ATF_TC_HEAD(getpeername_heap_end, tc)
244 {
245 }
ATF_TC_BODY(getpeername_heap_end,tc)246 ATF_TC_BODY(getpeername_heap_end, tc)
247 {
248 #define BUF __stack.__buf
249 struct {
250 uint8_t padding_l;
251 struct sockaddr * __buf;
252 uint8_t padding_r;
253 } __stack;
254 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (1);
255 const size_t __len = sizeof(struct sockaddr);
256 const size_t __idx __unused = __len - 1;
257 int sock[2] = { -1, -1 };
258 socklen_t socklen;
259 __stack.__buf = malloc(__bufsz);
260 new_socket(sock);
261 socklen = __len;
262
263 getpeername(sock[0], __stack.__buf, &socklen);
264 #undef BUF
265
266 }
267
268 ATF_TC(getpeername_heap_after_end);
ATF_TC_HEAD(getpeername_heap_after_end,tc)269 ATF_TC_HEAD(getpeername_heap_after_end, tc)
270 {
271 }
ATF_TC_BODY(getpeername_heap_after_end,tc)272 ATF_TC_BODY(getpeername_heap_after_end, tc)
273 {
274 #define BUF __stack.__buf
275 struct {
276 uint8_t padding_l;
277 struct sockaddr * __buf;
278 uint8_t padding_r;
279 } __stack;
280 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (1);
281 const size_t __len = sizeof(struct sockaddr) + 1;
282 const size_t __idx __unused = __len - 1;
283 pid_t __child;
284 int __status;
285 int sock[2] = { -1, -1 };
286 socklen_t socklen;
287 __child = fork();
288 ATF_REQUIRE(__child >= 0);
289 if (__child > 0)
290 goto monitor;
291
292 /* Child */
293 disable_coredumps();
294 __stack.__buf = malloc(__bufsz);
295 new_socket(sock);
296 socklen = __len;
297
298 getpeername(sock[0], __stack.__buf, &socklen);
299 _exit(EX_SOFTWARE); /* Should have aborted. */
300
301 monitor:
302 while (waitpid(__child, &__status, 0) != __child) {
303 ATF_REQUIRE_EQ(EINTR, errno);
304 }
305
306 if (!WIFSIGNALED(__status)) {
307 switch (WEXITSTATUS(__status)) {
308 case EX_SOFTWARE:
309 atf_tc_fail("FORTIFY_SOURCE failed to abort");
310 break;
311 case EX_OSERR:
312 atf_tc_fail("setrlimit(2) failed");
313 break;
314 default:
315 atf_tc_fail("child exited with status %d",
316 WEXITSTATUS(__status));
317 }
318 } else {
319 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
320 }
321 #undef BUF
322
323 }
324
325 ATF_TC(getsockname_before_end);
ATF_TC_HEAD(getsockname_before_end,tc)326 ATF_TC_HEAD(getsockname_before_end, tc)
327 {
328 }
ATF_TC_BODY(getsockname_before_end,tc)329 ATF_TC_BODY(getsockname_before_end, tc)
330 {
331 #define BUF &__stack.__buf
332 struct {
333 uint8_t padding_l;
334 struct sockaddr __buf;
335 uint8_t padding_r;
336 } __stack;
337 const size_t __bufsz __unused = sizeof(__stack.__buf);
338 const size_t __len = sizeof(struct sockaddr) - 1;
339 const size_t __idx __unused = __len - 1;
340 int sock[2] = { -1, -1 };
341 socklen_t socklen;
342 new_socket(sock);
343 socklen = __len;
344
345 getsockname(sock[0], &__stack.__buf, &socklen);
346 #undef BUF
347
348 }
349
350 ATF_TC(getsockname_end);
ATF_TC_HEAD(getsockname_end,tc)351 ATF_TC_HEAD(getsockname_end, tc)
352 {
353 }
ATF_TC_BODY(getsockname_end,tc)354 ATF_TC_BODY(getsockname_end, tc)
355 {
356 #define BUF &__stack.__buf
357 struct {
358 uint8_t padding_l;
359 struct sockaddr __buf;
360 uint8_t padding_r;
361 } __stack;
362 const size_t __bufsz __unused = sizeof(__stack.__buf);
363 const size_t __len = sizeof(struct sockaddr);
364 const size_t __idx __unused = __len - 1;
365 int sock[2] = { -1, -1 };
366 socklen_t socklen;
367 new_socket(sock);
368 socklen = __len;
369
370 getsockname(sock[0], &__stack.__buf, &socklen);
371 #undef BUF
372
373 }
374
375 ATF_TC(getsockname_heap_before_end);
ATF_TC_HEAD(getsockname_heap_before_end,tc)376 ATF_TC_HEAD(getsockname_heap_before_end, tc)
377 {
378 }
ATF_TC_BODY(getsockname_heap_before_end,tc)379 ATF_TC_BODY(getsockname_heap_before_end, tc)
380 {
381 #define BUF __stack.__buf
382 struct {
383 uint8_t padding_l;
384 struct sockaddr * __buf;
385 uint8_t padding_r;
386 } __stack;
387 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (1);
388 const size_t __len = sizeof(struct sockaddr) - 1;
389 const size_t __idx __unused = __len - 1;
390 int sock[2] = { -1, -1 };
391 socklen_t socklen;
392 __stack.__buf = malloc(__bufsz);
393 new_socket(sock);
394 socklen = __len;
395
396 getsockname(sock[0], __stack.__buf, &socklen);
397 #undef BUF
398
399 }
400
401 ATF_TC(getsockname_heap_end);
ATF_TC_HEAD(getsockname_heap_end,tc)402 ATF_TC_HEAD(getsockname_heap_end, tc)
403 {
404 }
ATF_TC_BODY(getsockname_heap_end,tc)405 ATF_TC_BODY(getsockname_heap_end, tc)
406 {
407 #define BUF __stack.__buf
408 struct {
409 uint8_t padding_l;
410 struct sockaddr * __buf;
411 uint8_t padding_r;
412 } __stack;
413 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (1);
414 const size_t __len = sizeof(struct sockaddr);
415 const size_t __idx __unused = __len - 1;
416 int sock[2] = { -1, -1 };
417 socklen_t socklen;
418 __stack.__buf = malloc(__bufsz);
419 new_socket(sock);
420 socklen = __len;
421
422 getsockname(sock[0], __stack.__buf, &socklen);
423 #undef BUF
424
425 }
426
427 ATF_TC(getsockname_heap_after_end);
ATF_TC_HEAD(getsockname_heap_after_end,tc)428 ATF_TC_HEAD(getsockname_heap_after_end, tc)
429 {
430 }
ATF_TC_BODY(getsockname_heap_after_end,tc)431 ATF_TC_BODY(getsockname_heap_after_end, tc)
432 {
433 #define BUF __stack.__buf
434 struct {
435 uint8_t padding_l;
436 struct sockaddr * __buf;
437 uint8_t padding_r;
438 } __stack;
439 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (1);
440 const size_t __len = sizeof(struct sockaddr) + 1;
441 const size_t __idx __unused = __len - 1;
442 pid_t __child;
443 int __status;
444 int sock[2] = { -1, -1 };
445 socklen_t socklen;
446 __child = fork();
447 ATF_REQUIRE(__child >= 0);
448 if (__child > 0)
449 goto monitor;
450
451 /* Child */
452 disable_coredumps();
453 __stack.__buf = malloc(__bufsz);
454 new_socket(sock);
455 socklen = __len;
456
457 getsockname(sock[0], __stack.__buf, &socklen);
458 _exit(EX_SOFTWARE); /* Should have aborted. */
459
460 monitor:
461 while (waitpid(__child, &__status, 0) != __child) {
462 ATF_REQUIRE_EQ(EINTR, errno);
463 }
464
465 if (!WIFSIGNALED(__status)) {
466 switch (WEXITSTATUS(__status)) {
467 case EX_SOFTWARE:
468 atf_tc_fail("FORTIFY_SOURCE failed to abort");
469 break;
470 case EX_OSERR:
471 atf_tc_fail("setrlimit(2) failed");
472 break;
473 default:
474 atf_tc_fail("child exited with status %d",
475 WEXITSTATUS(__status));
476 }
477 } else {
478 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
479 }
480 #undef BUF
481
482 }
483
484 ATF_TC(recv_before_end);
ATF_TC_HEAD(recv_before_end,tc)485 ATF_TC_HEAD(recv_before_end, tc)
486 {
487 }
ATF_TC_BODY(recv_before_end,tc)488 ATF_TC_BODY(recv_before_end, tc)
489 {
490 #define BUF &__stack.__buf
491 struct {
492 uint8_t padding_l;
493 unsigned char __buf[42];
494 uint8_t padding_r;
495 } __stack;
496 const size_t __bufsz __unused = sizeof(__stack.__buf);
497 const size_t __len = 42 - 1;
498 const size_t __idx __unused = __len - 1;
499 int sock[2] = { -1, -1 };
500
501 new_socket(sock);
502
503 recv(sock[0], __stack.__buf, __len, 0);
504 #undef BUF
505
506 }
507
508 ATF_TC(recv_end);
ATF_TC_HEAD(recv_end,tc)509 ATF_TC_HEAD(recv_end, tc)
510 {
511 }
ATF_TC_BODY(recv_end,tc)512 ATF_TC_BODY(recv_end, tc)
513 {
514 #define BUF &__stack.__buf
515 struct {
516 uint8_t padding_l;
517 unsigned char __buf[42];
518 uint8_t padding_r;
519 } __stack;
520 const size_t __bufsz __unused = sizeof(__stack.__buf);
521 const size_t __len = 42;
522 const size_t __idx __unused = __len - 1;
523 int sock[2] = { -1, -1 };
524
525 new_socket(sock);
526
527 recv(sock[0], __stack.__buf, __len, 0);
528 #undef BUF
529
530 }
531
532 ATF_TC(recv_heap_before_end);
ATF_TC_HEAD(recv_heap_before_end,tc)533 ATF_TC_HEAD(recv_heap_before_end, tc)
534 {
535 }
ATF_TC_BODY(recv_heap_before_end,tc)536 ATF_TC_BODY(recv_heap_before_end, tc)
537 {
538 #define BUF __stack.__buf
539 struct {
540 uint8_t padding_l;
541 unsigned char * __buf;
542 uint8_t padding_r;
543 } __stack;
544 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
545 const size_t __len = 42 - 1;
546 const size_t __idx __unused = __len - 1;
547 int sock[2] = { -1, -1 };
548
549 __stack.__buf = malloc(__bufsz);
550 new_socket(sock);
551
552 recv(sock[0], __stack.__buf, __len, 0);
553 #undef BUF
554
555 }
556
557 ATF_TC(recv_heap_end);
ATF_TC_HEAD(recv_heap_end,tc)558 ATF_TC_HEAD(recv_heap_end, tc)
559 {
560 }
ATF_TC_BODY(recv_heap_end,tc)561 ATF_TC_BODY(recv_heap_end, tc)
562 {
563 #define BUF __stack.__buf
564 struct {
565 uint8_t padding_l;
566 unsigned char * __buf;
567 uint8_t padding_r;
568 } __stack;
569 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
570 const size_t __len = 42;
571 const size_t __idx __unused = __len - 1;
572 int sock[2] = { -1, -1 };
573
574 __stack.__buf = malloc(__bufsz);
575 new_socket(sock);
576
577 recv(sock[0], __stack.__buf, __len, 0);
578 #undef BUF
579
580 }
581
582 ATF_TC(recv_heap_after_end);
ATF_TC_HEAD(recv_heap_after_end,tc)583 ATF_TC_HEAD(recv_heap_after_end, tc)
584 {
585 }
ATF_TC_BODY(recv_heap_after_end,tc)586 ATF_TC_BODY(recv_heap_after_end, tc)
587 {
588 #define BUF __stack.__buf
589 struct {
590 uint8_t padding_l;
591 unsigned char * __buf;
592 uint8_t padding_r;
593 } __stack;
594 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
595 const size_t __len = 42 + 1;
596 const size_t __idx __unused = __len - 1;
597 pid_t __child;
598 int __status;
599 int sock[2] = { -1, -1 };
600
601 __child = fork();
602 ATF_REQUIRE(__child >= 0);
603 if (__child > 0)
604 goto monitor;
605
606 /* Child */
607 disable_coredumps();
608 __stack.__buf = malloc(__bufsz);
609 new_socket(sock);
610
611 recv(sock[0], __stack.__buf, __len, 0);
612 _exit(EX_SOFTWARE); /* Should have aborted. */
613
614 monitor:
615 while (waitpid(__child, &__status, 0) != __child) {
616 ATF_REQUIRE_EQ(EINTR, errno);
617 }
618
619 if (!WIFSIGNALED(__status)) {
620 switch (WEXITSTATUS(__status)) {
621 case EX_SOFTWARE:
622 atf_tc_fail("FORTIFY_SOURCE failed to abort");
623 break;
624 case EX_OSERR:
625 atf_tc_fail("setrlimit(2) failed");
626 break;
627 default:
628 atf_tc_fail("child exited with status %d",
629 WEXITSTATUS(__status));
630 }
631 } else {
632 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
633 }
634 #undef BUF
635
636 }
637
638 ATF_TC(recvfrom_before_end);
ATF_TC_HEAD(recvfrom_before_end,tc)639 ATF_TC_HEAD(recvfrom_before_end, tc)
640 {
641 }
ATF_TC_BODY(recvfrom_before_end,tc)642 ATF_TC_BODY(recvfrom_before_end, tc)
643 {
644 #define BUF &__stack.__buf
645 struct {
646 uint8_t padding_l;
647 unsigned char __buf[42];
648 uint8_t padding_r;
649 } __stack;
650 const size_t __bufsz __unused = sizeof(__stack.__buf);
651 const size_t __len = 42 - 1;
652 const size_t __idx __unused = __len - 1;
653 int sock[2] = { -1, -1 };
654
655 new_socket(sock);
656
657 recvfrom(sock[0], __stack.__buf, __len, 0, NULL, NULL);
658 #undef BUF
659
660 }
661
662 ATF_TC(recvfrom_end);
ATF_TC_HEAD(recvfrom_end,tc)663 ATF_TC_HEAD(recvfrom_end, tc)
664 {
665 }
ATF_TC_BODY(recvfrom_end,tc)666 ATF_TC_BODY(recvfrom_end, tc)
667 {
668 #define BUF &__stack.__buf
669 struct {
670 uint8_t padding_l;
671 unsigned char __buf[42];
672 uint8_t padding_r;
673 } __stack;
674 const size_t __bufsz __unused = sizeof(__stack.__buf);
675 const size_t __len = 42;
676 const size_t __idx __unused = __len - 1;
677 int sock[2] = { -1, -1 };
678
679 new_socket(sock);
680
681 recvfrom(sock[0], __stack.__buf, __len, 0, NULL, NULL);
682 #undef BUF
683
684 }
685
686 ATF_TC(recvfrom_heap_before_end);
ATF_TC_HEAD(recvfrom_heap_before_end,tc)687 ATF_TC_HEAD(recvfrom_heap_before_end, tc)
688 {
689 }
ATF_TC_BODY(recvfrom_heap_before_end,tc)690 ATF_TC_BODY(recvfrom_heap_before_end, tc)
691 {
692 #define BUF __stack.__buf
693 struct {
694 uint8_t padding_l;
695 unsigned char * __buf;
696 uint8_t padding_r;
697 } __stack;
698 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
699 const size_t __len = 42 - 1;
700 const size_t __idx __unused = __len - 1;
701 int sock[2] = { -1, -1 };
702
703 __stack.__buf = malloc(__bufsz);
704 new_socket(sock);
705
706 recvfrom(sock[0], __stack.__buf, __len, 0, NULL, NULL);
707 #undef BUF
708
709 }
710
711 ATF_TC(recvfrom_heap_end);
ATF_TC_HEAD(recvfrom_heap_end,tc)712 ATF_TC_HEAD(recvfrom_heap_end, tc)
713 {
714 }
ATF_TC_BODY(recvfrom_heap_end,tc)715 ATF_TC_BODY(recvfrom_heap_end, tc)
716 {
717 #define BUF __stack.__buf
718 struct {
719 uint8_t padding_l;
720 unsigned char * __buf;
721 uint8_t padding_r;
722 } __stack;
723 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
724 const size_t __len = 42;
725 const size_t __idx __unused = __len - 1;
726 int sock[2] = { -1, -1 };
727
728 __stack.__buf = malloc(__bufsz);
729 new_socket(sock);
730
731 recvfrom(sock[0], __stack.__buf, __len, 0, NULL, NULL);
732 #undef BUF
733
734 }
735
736 ATF_TC(recvfrom_heap_after_end);
ATF_TC_HEAD(recvfrom_heap_after_end,tc)737 ATF_TC_HEAD(recvfrom_heap_after_end, tc)
738 {
739 }
ATF_TC_BODY(recvfrom_heap_after_end,tc)740 ATF_TC_BODY(recvfrom_heap_after_end, tc)
741 {
742 #define BUF __stack.__buf
743 struct {
744 uint8_t padding_l;
745 unsigned char * __buf;
746 uint8_t padding_r;
747 } __stack;
748 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
749 const size_t __len = 42 + 1;
750 const size_t __idx __unused = __len - 1;
751 pid_t __child;
752 int __status;
753 int sock[2] = { -1, -1 };
754
755 __child = fork();
756 ATF_REQUIRE(__child >= 0);
757 if (__child > 0)
758 goto monitor;
759
760 /* Child */
761 disable_coredumps();
762 __stack.__buf = malloc(__bufsz);
763 new_socket(sock);
764
765 recvfrom(sock[0], __stack.__buf, __len, 0, NULL, NULL);
766 _exit(EX_SOFTWARE); /* Should have aborted. */
767
768 monitor:
769 while (waitpid(__child, &__status, 0) != __child) {
770 ATF_REQUIRE_EQ(EINTR, errno);
771 }
772
773 if (!WIFSIGNALED(__status)) {
774 switch (WEXITSTATUS(__status)) {
775 case EX_SOFTWARE:
776 atf_tc_fail("FORTIFY_SOURCE failed to abort");
777 break;
778 case EX_OSERR:
779 atf_tc_fail("setrlimit(2) failed");
780 break;
781 default:
782 atf_tc_fail("child exited with status %d",
783 WEXITSTATUS(__status));
784 }
785 } else {
786 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
787 }
788 #undef BUF
789
790 }
791
792 ATF_TC(recvfrom_sockaddr_before_end);
ATF_TC_HEAD(recvfrom_sockaddr_before_end,tc)793 ATF_TC_HEAD(recvfrom_sockaddr_before_end, tc)
794 {
795 }
ATF_TC_BODY(recvfrom_sockaddr_before_end,tc)796 ATF_TC_BODY(recvfrom_sockaddr_before_end, tc)
797 {
798 #define BUF &__stack.__buf
799 struct {
800 uint8_t padding_l;
801 struct sockaddr __buf;
802 uint8_t padding_r;
803 } __stack;
804 const size_t __bufsz __unused = sizeof(__stack.__buf);
805 const size_t __len = sizeof(struct sockaddr) - 1;
806 const size_t __idx __unused = __len - 1;
807 int sock[2] = { -1, -1 };
808 char data[16];
809 socklen_t socklen;
810
811 new_socket(sock);
812 socklen = __len;
813
814 recvfrom(sock[0], data, sizeof(data), 0, &__stack.__buf, &socklen);
815 #undef BUF
816
817 }
818
819 ATF_TC(recvfrom_sockaddr_end);
ATF_TC_HEAD(recvfrom_sockaddr_end,tc)820 ATF_TC_HEAD(recvfrom_sockaddr_end, tc)
821 {
822 }
ATF_TC_BODY(recvfrom_sockaddr_end,tc)823 ATF_TC_BODY(recvfrom_sockaddr_end, tc)
824 {
825 #define BUF &__stack.__buf
826 struct {
827 uint8_t padding_l;
828 struct sockaddr __buf;
829 uint8_t padding_r;
830 } __stack;
831 const size_t __bufsz __unused = sizeof(__stack.__buf);
832 const size_t __len = sizeof(struct sockaddr);
833 const size_t __idx __unused = __len - 1;
834 int sock[2] = { -1, -1 };
835 char data[16];
836 socklen_t socklen;
837
838 new_socket(sock);
839 socklen = __len;
840
841 recvfrom(sock[0], data, sizeof(data), 0, &__stack.__buf, &socklen);
842 #undef BUF
843
844 }
845
846 ATF_TC(recvfrom_sockaddr_heap_before_end);
ATF_TC_HEAD(recvfrom_sockaddr_heap_before_end,tc)847 ATF_TC_HEAD(recvfrom_sockaddr_heap_before_end, tc)
848 {
849 }
ATF_TC_BODY(recvfrom_sockaddr_heap_before_end,tc)850 ATF_TC_BODY(recvfrom_sockaddr_heap_before_end, tc)
851 {
852 #define BUF __stack.__buf
853 struct {
854 uint8_t padding_l;
855 struct sockaddr * __buf;
856 uint8_t padding_r;
857 } __stack;
858 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (1);
859 const size_t __len = sizeof(struct sockaddr) - 1;
860 const size_t __idx __unused = __len - 1;
861 int sock[2] = { -1, -1 };
862 char data[16];
863 socklen_t socklen;
864
865 __stack.__buf = malloc(__bufsz);
866 new_socket(sock);
867 socklen = __len;
868
869 recvfrom(sock[0], data, sizeof(data), 0, __stack.__buf, &socklen);
870 #undef BUF
871
872 }
873
874 ATF_TC(recvfrom_sockaddr_heap_end);
ATF_TC_HEAD(recvfrom_sockaddr_heap_end,tc)875 ATF_TC_HEAD(recvfrom_sockaddr_heap_end, tc)
876 {
877 }
ATF_TC_BODY(recvfrom_sockaddr_heap_end,tc)878 ATF_TC_BODY(recvfrom_sockaddr_heap_end, tc)
879 {
880 #define BUF __stack.__buf
881 struct {
882 uint8_t padding_l;
883 struct sockaddr * __buf;
884 uint8_t padding_r;
885 } __stack;
886 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (1);
887 const size_t __len = sizeof(struct sockaddr);
888 const size_t __idx __unused = __len - 1;
889 int sock[2] = { -1, -1 };
890 char data[16];
891 socklen_t socklen;
892
893 __stack.__buf = malloc(__bufsz);
894 new_socket(sock);
895 socklen = __len;
896
897 recvfrom(sock[0], data, sizeof(data), 0, __stack.__buf, &socklen);
898 #undef BUF
899
900 }
901
902 ATF_TC(recvfrom_sockaddr_heap_after_end);
ATF_TC_HEAD(recvfrom_sockaddr_heap_after_end,tc)903 ATF_TC_HEAD(recvfrom_sockaddr_heap_after_end, tc)
904 {
905 }
ATF_TC_BODY(recvfrom_sockaddr_heap_after_end,tc)906 ATF_TC_BODY(recvfrom_sockaddr_heap_after_end, tc)
907 {
908 #define BUF __stack.__buf
909 struct {
910 uint8_t padding_l;
911 struct sockaddr * __buf;
912 uint8_t padding_r;
913 } __stack;
914 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (1);
915 const size_t __len = sizeof(struct sockaddr) + 1;
916 const size_t __idx __unused = __len - 1;
917 pid_t __child;
918 int __status;
919 int sock[2] = { -1, -1 };
920 char data[16];
921 socklen_t socklen;
922
923 __child = fork();
924 ATF_REQUIRE(__child >= 0);
925 if (__child > 0)
926 goto monitor;
927
928 /* Child */
929 disable_coredumps();
930 __stack.__buf = malloc(__bufsz);
931 new_socket(sock);
932 socklen = __len;
933
934 recvfrom(sock[0], data, sizeof(data), 0, __stack.__buf, &socklen);
935 _exit(EX_SOFTWARE); /* Should have aborted. */
936
937 monitor:
938 while (waitpid(__child, &__status, 0) != __child) {
939 ATF_REQUIRE_EQ(EINTR, errno);
940 }
941
942 if (!WIFSIGNALED(__status)) {
943 switch (WEXITSTATUS(__status)) {
944 case EX_SOFTWARE:
945 atf_tc_fail("FORTIFY_SOURCE failed to abort");
946 break;
947 case EX_OSERR:
948 atf_tc_fail("setrlimit(2) failed");
949 break;
950 default:
951 atf_tc_fail("child exited with status %d",
952 WEXITSTATUS(__status));
953 }
954 } else {
955 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
956 }
957 #undef BUF
958
959 }
960
961 ATF_TC(recvmsg_msg_name_before_end);
ATF_TC_HEAD(recvmsg_msg_name_before_end,tc)962 ATF_TC_HEAD(recvmsg_msg_name_before_end, tc)
963 {
964 }
ATF_TC_BODY(recvmsg_msg_name_before_end,tc)965 ATF_TC_BODY(recvmsg_msg_name_before_end, tc)
966 {
967 #define BUF &__stack.__buf
968 struct {
969 uint8_t padding_l;
970 struct sockaddr __buf;
971 uint8_t padding_r;
972 } __stack;
973 const size_t __bufsz __unused = sizeof(__stack.__buf);
974 const size_t __len = sizeof(struct sockaddr) - 1;
975 const size_t __idx __unused = __len - 1;
976 int sock[2] = { -1, -1 };
977 struct msghdr msg;
978
979 memset(&msg, 0, sizeof(msg));
980 msg.msg_name = BUF;
981 msg.msg_namelen = __len;
982
983 recvmsg(sock[0], &msg, 0);
984 #undef BUF
985
986 }
987
988 ATF_TC(recvmsg_msg_name_end);
ATF_TC_HEAD(recvmsg_msg_name_end,tc)989 ATF_TC_HEAD(recvmsg_msg_name_end, tc)
990 {
991 }
ATF_TC_BODY(recvmsg_msg_name_end,tc)992 ATF_TC_BODY(recvmsg_msg_name_end, tc)
993 {
994 #define BUF &__stack.__buf
995 struct {
996 uint8_t padding_l;
997 struct sockaddr __buf;
998 uint8_t padding_r;
999 } __stack;
1000 const size_t __bufsz __unused = sizeof(__stack.__buf);
1001 const size_t __len = sizeof(struct sockaddr);
1002 const size_t __idx __unused = __len - 1;
1003 int sock[2] = { -1, -1 };
1004 struct msghdr msg;
1005
1006 memset(&msg, 0, sizeof(msg));
1007 msg.msg_name = BUF;
1008 msg.msg_namelen = __len;
1009
1010 recvmsg(sock[0], &msg, 0);
1011 #undef BUF
1012
1013 }
1014
1015 ATF_TC(recvmsg_msg_name_heap_before_end);
ATF_TC_HEAD(recvmsg_msg_name_heap_before_end,tc)1016 ATF_TC_HEAD(recvmsg_msg_name_heap_before_end, tc)
1017 {
1018 }
ATF_TC_BODY(recvmsg_msg_name_heap_before_end,tc)1019 ATF_TC_BODY(recvmsg_msg_name_heap_before_end, tc)
1020 {
1021 #define BUF __stack.__buf
1022 struct {
1023 uint8_t padding_l;
1024 struct sockaddr * __buf;
1025 uint8_t padding_r;
1026 } __stack;
1027 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (1);
1028 const size_t __len = sizeof(struct sockaddr) - 1;
1029 const size_t __idx __unused = __len - 1;
1030 int sock[2] = { -1, -1 };
1031 struct msghdr msg;
1032
1033 __stack.__buf = malloc(__bufsz);
1034 memset(&msg, 0, sizeof(msg));
1035 msg.msg_name = BUF;
1036 msg.msg_namelen = __len;
1037
1038 recvmsg(sock[0], &msg, 0);
1039 #undef BUF
1040
1041 }
1042
1043 ATF_TC(recvmsg_msg_name_heap_end);
ATF_TC_HEAD(recvmsg_msg_name_heap_end,tc)1044 ATF_TC_HEAD(recvmsg_msg_name_heap_end, tc)
1045 {
1046 }
ATF_TC_BODY(recvmsg_msg_name_heap_end,tc)1047 ATF_TC_BODY(recvmsg_msg_name_heap_end, tc)
1048 {
1049 #define BUF __stack.__buf
1050 struct {
1051 uint8_t padding_l;
1052 struct sockaddr * __buf;
1053 uint8_t padding_r;
1054 } __stack;
1055 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (1);
1056 const size_t __len = sizeof(struct sockaddr);
1057 const size_t __idx __unused = __len - 1;
1058 int sock[2] = { -1, -1 };
1059 struct msghdr msg;
1060
1061 __stack.__buf = malloc(__bufsz);
1062 memset(&msg, 0, sizeof(msg));
1063 msg.msg_name = BUF;
1064 msg.msg_namelen = __len;
1065
1066 recvmsg(sock[0], &msg, 0);
1067 #undef BUF
1068
1069 }
1070
1071 ATF_TC(recvmsg_msg_name_heap_after_end);
ATF_TC_HEAD(recvmsg_msg_name_heap_after_end,tc)1072 ATF_TC_HEAD(recvmsg_msg_name_heap_after_end, tc)
1073 {
1074 }
ATF_TC_BODY(recvmsg_msg_name_heap_after_end,tc)1075 ATF_TC_BODY(recvmsg_msg_name_heap_after_end, tc)
1076 {
1077 #define BUF __stack.__buf
1078 struct {
1079 uint8_t padding_l;
1080 struct sockaddr * __buf;
1081 uint8_t padding_r;
1082 } __stack;
1083 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (1);
1084 const size_t __len = sizeof(struct sockaddr) + 1;
1085 const size_t __idx __unused = __len - 1;
1086 pid_t __child;
1087 int __status;
1088 int sock[2] = { -1, -1 };
1089 struct msghdr msg;
1090
1091 __child = fork();
1092 ATF_REQUIRE(__child >= 0);
1093 if (__child > 0)
1094 goto monitor;
1095
1096 /* Child */
1097 disable_coredumps();
1098 __stack.__buf = malloc(__bufsz);
1099 memset(&msg, 0, sizeof(msg));
1100 msg.msg_name = BUF;
1101 msg.msg_namelen = __len;
1102
1103 recvmsg(sock[0], &msg, 0);
1104 _exit(EX_SOFTWARE); /* Should have aborted. */
1105
1106 monitor:
1107 while (waitpid(__child, &__status, 0) != __child) {
1108 ATF_REQUIRE_EQ(EINTR, errno);
1109 }
1110
1111 if (!WIFSIGNALED(__status)) {
1112 switch (WEXITSTATUS(__status)) {
1113 case EX_SOFTWARE:
1114 atf_tc_fail("FORTIFY_SOURCE failed to abort");
1115 break;
1116 case EX_OSERR:
1117 atf_tc_fail("setrlimit(2) failed");
1118 break;
1119 default:
1120 atf_tc_fail("child exited with status %d",
1121 WEXITSTATUS(__status));
1122 }
1123 } else {
1124 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1125 }
1126 #undef BUF
1127
1128 }
1129
1130 ATF_TC(recvmsg_msg_iov_before_end);
ATF_TC_HEAD(recvmsg_msg_iov_before_end,tc)1131 ATF_TC_HEAD(recvmsg_msg_iov_before_end, tc)
1132 {
1133 }
ATF_TC_BODY(recvmsg_msg_iov_before_end,tc)1134 ATF_TC_BODY(recvmsg_msg_iov_before_end, tc)
1135 {
1136 #define BUF &__stack.__buf
1137 struct {
1138 uint8_t padding_l;
1139 unsigned char __buf[42];
1140 uint8_t padding_r;
1141 } __stack;
1142 const size_t __bufsz __unused = sizeof(__stack.__buf);
1143 const size_t __len = 42 - 1;
1144 const size_t __idx __unused = __len - 1;
1145 int sock[2] = { -1, -1 };
1146 struct msghdr msg;
1147 struct iovec iov[2];
1148
1149 memset(&msg, 0, sizeof(msg));
1150 memset(&iov[0], 0, sizeof(iov));
1151
1152 /*
1153 * We position the buffer second just so that we can confirm that the
1154 * fortification bits are traversing the iovec correctly.
1155 */
1156 iov[1].iov_base = BUF;
1157 iov[1].iov_len = __len;
1158
1159 msg.msg_iov = &iov[0];
1160 msg.msg_iovlen = nitems(iov);
1161
1162 recvmsg(sock[0], &msg, 0);
1163 #undef BUF
1164
1165 }
1166
1167 ATF_TC(recvmsg_msg_iov_end);
ATF_TC_HEAD(recvmsg_msg_iov_end,tc)1168 ATF_TC_HEAD(recvmsg_msg_iov_end, tc)
1169 {
1170 }
ATF_TC_BODY(recvmsg_msg_iov_end,tc)1171 ATF_TC_BODY(recvmsg_msg_iov_end, tc)
1172 {
1173 #define BUF &__stack.__buf
1174 struct {
1175 uint8_t padding_l;
1176 unsigned char __buf[42];
1177 uint8_t padding_r;
1178 } __stack;
1179 const size_t __bufsz __unused = sizeof(__stack.__buf);
1180 const size_t __len = 42;
1181 const size_t __idx __unused = __len - 1;
1182 int sock[2] = { -1, -1 };
1183 struct msghdr msg;
1184 struct iovec iov[2];
1185
1186 memset(&msg, 0, sizeof(msg));
1187 memset(&iov[0], 0, sizeof(iov));
1188
1189 /*
1190 * We position the buffer second just so that we can confirm that the
1191 * fortification bits are traversing the iovec correctly.
1192 */
1193 iov[1].iov_base = BUF;
1194 iov[1].iov_len = __len;
1195
1196 msg.msg_iov = &iov[0];
1197 msg.msg_iovlen = nitems(iov);
1198
1199 recvmsg(sock[0], &msg, 0);
1200 #undef BUF
1201
1202 }
1203
1204 ATF_TC(recvmsg_msg_iov_heap_before_end);
ATF_TC_HEAD(recvmsg_msg_iov_heap_before_end,tc)1205 ATF_TC_HEAD(recvmsg_msg_iov_heap_before_end, tc)
1206 {
1207 }
ATF_TC_BODY(recvmsg_msg_iov_heap_before_end,tc)1208 ATF_TC_BODY(recvmsg_msg_iov_heap_before_end, tc)
1209 {
1210 #define BUF __stack.__buf
1211 struct {
1212 uint8_t padding_l;
1213 unsigned char * __buf;
1214 uint8_t padding_r;
1215 } __stack;
1216 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1217 const size_t __len = 42 - 1;
1218 const size_t __idx __unused = __len - 1;
1219 int sock[2] = { -1, -1 };
1220 struct msghdr msg;
1221 struct iovec iov[2];
1222
1223 __stack.__buf = malloc(__bufsz);
1224 memset(&msg, 0, sizeof(msg));
1225 memset(&iov[0], 0, sizeof(iov));
1226
1227 /*
1228 * We position the buffer second just so that we can confirm that the
1229 * fortification bits are traversing the iovec correctly.
1230 */
1231 iov[1].iov_base = BUF;
1232 iov[1].iov_len = __len;
1233
1234 msg.msg_iov = &iov[0];
1235 msg.msg_iovlen = nitems(iov);
1236
1237 recvmsg(sock[0], &msg, 0);
1238 #undef BUF
1239
1240 }
1241
1242 ATF_TC(recvmsg_msg_iov_heap_end);
ATF_TC_HEAD(recvmsg_msg_iov_heap_end,tc)1243 ATF_TC_HEAD(recvmsg_msg_iov_heap_end, tc)
1244 {
1245 }
ATF_TC_BODY(recvmsg_msg_iov_heap_end,tc)1246 ATF_TC_BODY(recvmsg_msg_iov_heap_end, tc)
1247 {
1248 #define BUF __stack.__buf
1249 struct {
1250 uint8_t padding_l;
1251 unsigned char * __buf;
1252 uint8_t padding_r;
1253 } __stack;
1254 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1255 const size_t __len = 42;
1256 const size_t __idx __unused = __len - 1;
1257 int sock[2] = { -1, -1 };
1258 struct msghdr msg;
1259 struct iovec iov[2];
1260
1261 __stack.__buf = malloc(__bufsz);
1262 memset(&msg, 0, sizeof(msg));
1263 memset(&iov[0], 0, sizeof(iov));
1264
1265 /*
1266 * We position the buffer second just so that we can confirm that the
1267 * fortification bits are traversing the iovec correctly.
1268 */
1269 iov[1].iov_base = BUF;
1270 iov[1].iov_len = __len;
1271
1272 msg.msg_iov = &iov[0];
1273 msg.msg_iovlen = nitems(iov);
1274
1275 recvmsg(sock[0], &msg, 0);
1276 #undef BUF
1277
1278 }
1279
1280 ATF_TC(recvmsg_msg_iov_heap_after_end);
ATF_TC_HEAD(recvmsg_msg_iov_heap_after_end,tc)1281 ATF_TC_HEAD(recvmsg_msg_iov_heap_after_end, tc)
1282 {
1283 }
ATF_TC_BODY(recvmsg_msg_iov_heap_after_end,tc)1284 ATF_TC_BODY(recvmsg_msg_iov_heap_after_end, tc)
1285 {
1286 #define BUF __stack.__buf
1287 struct {
1288 uint8_t padding_l;
1289 unsigned char * __buf;
1290 uint8_t padding_r;
1291 } __stack;
1292 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1293 const size_t __len = 42 + 1;
1294 const size_t __idx __unused = __len - 1;
1295 pid_t __child;
1296 int __status;
1297 int sock[2] = { -1, -1 };
1298 struct msghdr msg;
1299 struct iovec iov[2];
1300
1301 __child = fork();
1302 ATF_REQUIRE(__child >= 0);
1303 if (__child > 0)
1304 goto monitor;
1305
1306 /* Child */
1307 disable_coredumps();
1308 __stack.__buf = malloc(__bufsz);
1309 memset(&msg, 0, sizeof(msg));
1310 memset(&iov[0], 0, sizeof(iov));
1311
1312 /*
1313 * We position the buffer second just so that we can confirm that the
1314 * fortification bits are traversing the iovec correctly.
1315 */
1316 iov[1].iov_base = BUF;
1317 iov[1].iov_len = __len;
1318
1319 msg.msg_iov = &iov[0];
1320 msg.msg_iovlen = nitems(iov);
1321
1322 recvmsg(sock[0], &msg, 0);
1323 _exit(EX_SOFTWARE); /* Should have aborted. */
1324
1325 monitor:
1326 while (waitpid(__child, &__status, 0) != __child) {
1327 ATF_REQUIRE_EQ(EINTR, errno);
1328 }
1329
1330 if (!WIFSIGNALED(__status)) {
1331 switch (WEXITSTATUS(__status)) {
1332 case EX_SOFTWARE:
1333 atf_tc_fail("FORTIFY_SOURCE failed to abort");
1334 break;
1335 case EX_OSERR:
1336 atf_tc_fail("setrlimit(2) failed");
1337 break;
1338 default:
1339 atf_tc_fail("child exited with status %d",
1340 WEXITSTATUS(__status));
1341 }
1342 } else {
1343 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1344 }
1345 #undef BUF
1346
1347 }
1348
1349 ATF_TC(recvmsg_msg_control_before_end);
ATF_TC_HEAD(recvmsg_msg_control_before_end,tc)1350 ATF_TC_HEAD(recvmsg_msg_control_before_end, tc)
1351 {
1352 }
ATF_TC_BODY(recvmsg_msg_control_before_end,tc)1353 ATF_TC_BODY(recvmsg_msg_control_before_end, tc)
1354 {
1355 #define BUF &__stack.__buf
1356 struct {
1357 uint8_t padding_l;
1358 unsigned char __buf[CMSG_SPACE(sizeof(int))];
1359 uint8_t padding_r;
1360 } __stack;
1361 const size_t __bufsz __unused = sizeof(__stack.__buf);
1362 const size_t __len = CMSG_SPACE(sizeof(int)) - 1;
1363 const size_t __idx __unused = __len - 1;
1364 int sock[2] = { -1, -1 };
1365 struct msghdr msg;
1366
1367 memset(&msg, 0, sizeof(msg));
1368
1369 msg.msg_control = BUF;
1370 msg.msg_controllen = __len;
1371
1372 recvmsg(sock[0], &msg, 0);
1373 #undef BUF
1374
1375 }
1376
1377 ATF_TC(recvmsg_msg_control_end);
ATF_TC_HEAD(recvmsg_msg_control_end,tc)1378 ATF_TC_HEAD(recvmsg_msg_control_end, tc)
1379 {
1380 }
ATF_TC_BODY(recvmsg_msg_control_end,tc)1381 ATF_TC_BODY(recvmsg_msg_control_end, tc)
1382 {
1383 #define BUF &__stack.__buf
1384 struct {
1385 uint8_t padding_l;
1386 unsigned char __buf[CMSG_SPACE(sizeof(int))];
1387 uint8_t padding_r;
1388 } __stack;
1389 const size_t __bufsz __unused = sizeof(__stack.__buf);
1390 const size_t __len = CMSG_SPACE(sizeof(int));
1391 const size_t __idx __unused = __len - 1;
1392 int sock[2] = { -1, -1 };
1393 struct msghdr msg;
1394
1395 memset(&msg, 0, sizeof(msg));
1396
1397 msg.msg_control = BUF;
1398 msg.msg_controllen = __len;
1399
1400 recvmsg(sock[0], &msg, 0);
1401 #undef BUF
1402
1403 }
1404
1405 ATF_TC(recvmsg_msg_control_heap_before_end);
ATF_TC_HEAD(recvmsg_msg_control_heap_before_end,tc)1406 ATF_TC_HEAD(recvmsg_msg_control_heap_before_end, tc)
1407 {
1408 }
ATF_TC_BODY(recvmsg_msg_control_heap_before_end,tc)1409 ATF_TC_BODY(recvmsg_msg_control_heap_before_end, tc)
1410 {
1411 #define BUF __stack.__buf
1412 struct {
1413 uint8_t padding_l;
1414 unsigned char * __buf;
1415 uint8_t padding_r;
1416 } __stack;
1417 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (CMSG_SPACE(sizeof(int)));
1418 const size_t __len = CMSG_SPACE(sizeof(int)) - 1;
1419 const size_t __idx __unused = __len - 1;
1420 int sock[2] = { -1, -1 };
1421 struct msghdr msg;
1422
1423 __stack.__buf = malloc(__bufsz);
1424 memset(&msg, 0, sizeof(msg));
1425
1426 msg.msg_control = BUF;
1427 msg.msg_controllen = __len;
1428
1429 recvmsg(sock[0], &msg, 0);
1430 #undef BUF
1431
1432 }
1433
1434 ATF_TC(recvmsg_msg_control_heap_end);
ATF_TC_HEAD(recvmsg_msg_control_heap_end,tc)1435 ATF_TC_HEAD(recvmsg_msg_control_heap_end, tc)
1436 {
1437 }
ATF_TC_BODY(recvmsg_msg_control_heap_end,tc)1438 ATF_TC_BODY(recvmsg_msg_control_heap_end, tc)
1439 {
1440 #define BUF __stack.__buf
1441 struct {
1442 uint8_t padding_l;
1443 unsigned char * __buf;
1444 uint8_t padding_r;
1445 } __stack;
1446 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (CMSG_SPACE(sizeof(int)));
1447 const size_t __len = CMSG_SPACE(sizeof(int));
1448 const size_t __idx __unused = __len - 1;
1449 int sock[2] = { -1, -1 };
1450 struct msghdr msg;
1451
1452 __stack.__buf = malloc(__bufsz);
1453 memset(&msg, 0, sizeof(msg));
1454
1455 msg.msg_control = BUF;
1456 msg.msg_controllen = __len;
1457
1458 recvmsg(sock[0], &msg, 0);
1459 #undef BUF
1460
1461 }
1462
1463 ATF_TC(recvmsg_msg_control_heap_after_end);
ATF_TC_HEAD(recvmsg_msg_control_heap_after_end,tc)1464 ATF_TC_HEAD(recvmsg_msg_control_heap_after_end, tc)
1465 {
1466 }
ATF_TC_BODY(recvmsg_msg_control_heap_after_end,tc)1467 ATF_TC_BODY(recvmsg_msg_control_heap_after_end, tc)
1468 {
1469 #define BUF __stack.__buf
1470 struct {
1471 uint8_t padding_l;
1472 unsigned char * __buf;
1473 uint8_t padding_r;
1474 } __stack;
1475 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (CMSG_SPACE(sizeof(int)));
1476 const size_t __len = CMSG_SPACE(sizeof(int)) + 1;
1477 const size_t __idx __unused = __len - 1;
1478 pid_t __child;
1479 int __status;
1480 int sock[2] = { -1, -1 };
1481 struct msghdr msg;
1482
1483 __child = fork();
1484 ATF_REQUIRE(__child >= 0);
1485 if (__child > 0)
1486 goto monitor;
1487
1488 /* Child */
1489 disable_coredumps();
1490 __stack.__buf = malloc(__bufsz);
1491 memset(&msg, 0, sizeof(msg));
1492
1493 msg.msg_control = BUF;
1494 msg.msg_controllen = __len;
1495
1496 recvmsg(sock[0], &msg, 0);
1497 _exit(EX_SOFTWARE); /* Should have aborted. */
1498
1499 monitor:
1500 while (waitpid(__child, &__status, 0) != __child) {
1501 ATF_REQUIRE_EQ(EINTR, errno);
1502 }
1503
1504 if (!WIFSIGNALED(__status)) {
1505 switch (WEXITSTATUS(__status)) {
1506 case EX_SOFTWARE:
1507 atf_tc_fail("FORTIFY_SOURCE failed to abort");
1508 break;
1509 case EX_OSERR:
1510 atf_tc_fail("setrlimit(2) failed");
1511 break;
1512 default:
1513 atf_tc_fail("child exited with status %d",
1514 WEXITSTATUS(__status));
1515 }
1516 } else {
1517 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1518 }
1519 #undef BUF
1520
1521 }
1522
1523 ATF_TC(recvmmsg_msgvec_before_end);
ATF_TC_HEAD(recvmmsg_msgvec_before_end,tc)1524 ATF_TC_HEAD(recvmmsg_msgvec_before_end, tc)
1525 {
1526 }
ATF_TC_BODY(recvmmsg_msgvec_before_end,tc)1527 ATF_TC_BODY(recvmmsg_msgvec_before_end, tc)
1528 {
1529 #define BUF &__stack.__buf
1530 struct {
1531 uint8_t padding_l;
1532 struct mmsghdr __buf[2];
1533 uint8_t padding_r;
1534 } __stack;
1535 const size_t __bufsz __unused = sizeof(__stack.__buf);
1536 const size_t __len = 2 - 1;
1537 const size_t __idx __unused = __len - 1;
1538 int sock[2] = { -1, -1 };
1539
1540 recvmmsg(sock[0], __stack.__buf, __len, 0, NULL);
1541 #undef BUF
1542
1543 }
1544
1545 ATF_TC(recvmmsg_msgvec_end);
ATF_TC_HEAD(recvmmsg_msgvec_end,tc)1546 ATF_TC_HEAD(recvmmsg_msgvec_end, tc)
1547 {
1548 }
ATF_TC_BODY(recvmmsg_msgvec_end,tc)1549 ATF_TC_BODY(recvmmsg_msgvec_end, tc)
1550 {
1551 #define BUF &__stack.__buf
1552 struct {
1553 uint8_t padding_l;
1554 struct mmsghdr __buf[2];
1555 uint8_t padding_r;
1556 } __stack;
1557 const size_t __bufsz __unused = sizeof(__stack.__buf);
1558 const size_t __len = 2;
1559 const size_t __idx __unused = __len - 1;
1560 int sock[2] = { -1, -1 };
1561
1562 recvmmsg(sock[0], __stack.__buf, __len, 0, NULL);
1563 #undef BUF
1564
1565 }
1566
1567 ATF_TC(recvmmsg_msgvec_after_end);
ATF_TC_HEAD(recvmmsg_msgvec_after_end,tc)1568 ATF_TC_HEAD(recvmmsg_msgvec_after_end, tc)
1569 {
1570 }
ATF_TC_BODY(recvmmsg_msgvec_after_end,tc)1571 ATF_TC_BODY(recvmmsg_msgvec_after_end, tc)
1572 {
1573 #define BUF &__stack.__buf
1574 struct {
1575 uint8_t padding_l;
1576 struct mmsghdr __buf[2];
1577 uint8_t padding_r;
1578 } __stack;
1579 const size_t __bufsz __unused = sizeof(__stack.__buf);
1580 const size_t __len = 2 + 1;
1581 const size_t __idx __unused = __len - 1;
1582 pid_t __child;
1583 int __status;
1584 int sock[2] = { -1, -1 };
1585
1586 __child = fork();
1587 ATF_REQUIRE(__child >= 0);
1588 if (__child > 0)
1589 goto monitor;
1590
1591 /* Child */
1592 disable_coredumps();
1593 recvmmsg(sock[0], __stack.__buf, __len, 0, NULL);
1594 _exit(EX_SOFTWARE); /* Should have aborted. */
1595
1596 monitor:
1597 while (waitpid(__child, &__status, 0) != __child) {
1598 ATF_REQUIRE_EQ(EINTR, errno);
1599 }
1600
1601 if (!WIFSIGNALED(__status)) {
1602 switch (WEXITSTATUS(__status)) {
1603 case EX_SOFTWARE:
1604 atf_tc_fail("FORTIFY_SOURCE failed to abort");
1605 break;
1606 case EX_OSERR:
1607 atf_tc_fail("setrlimit(2) failed");
1608 break;
1609 default:
1610 atf_tc_fail("child exited with status %d",
1611 WEXITSTATUS(__status));
1612 }
1613 } else {
1614 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1615 }
1616 #undef BUF
1617
1618 }
1619
1620 ATF_TC(recvmmsg_msgvec_heap_before_end);
ATF_TC_HEAD(recvmmsg_msgvec_heap_before_end,tc)1621 ATF_TC_HEAD(recvmmsg_msgvec_heap_before_end, tc)
1622 {
1623 }
ATF_TC_BODY(recvmmsg_msgvec_heap_before_end,tc)1624 ATF_TC_BODY(recvmmsg_msgvec_heap_before_end, tc)
1625 {
1626 #define BUF __stack.__buf
1627 struct {
1628 uint8_t padding_l;
1629 struct mmsghdr * __buf;
1630 uint8_t padding_r;
1631 } __stack;
1632 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (2);
1633 const size_t __len = 2 - 1;
1634 const size_t __idx __unused = __len - 1;
1635 int sock[2] = { -1, -1 };
1636
1637 __stack.__buf = malloc(__bufsz);
1638
1639 recvmmsg(sock[0], __stack.__buf, __len, 0, NULL);
1640 #undef BUF
1641
1642 }
1643
1644 ATF_TC(recvmmsg_msgvec_heap_end);
ATF_TC_HEAD(recvmmsg_msgvec_heap_end,tc)1645 ATF_TC_HEAD(recvmmsg_msgvec_heap_end, tc)
1646 {
1647 }
ATF_TC_BODY(recvmmsg_msgvec_heap_end,tc)1648 ATF_TC_BODY(recvmmsg_msgvec_heap_end, tc)
1649 {
1650 #define BUF __stack.__buf
1651 struct {
1652 uint8_t padding_l;
1653 struct mmsghdr * __buf;
1654 uint8_t padding_r;
1655 } __stack;
1656 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (2);
1657 const size_t __len = 2;
1658 const size_t __idx __unused = __len - 1;
1659 int sock[2] = { -1, -1 };
1660
1661 __stack.__buf = malloc(__bufsz);
1662
1663 recvmmsg(sock[0], __stack.__buf, __len, 0, NULL);
1664 #undef BUF
1665
1666 }
1667
1668 ATF_TC(recvmmsg_msgvec_heap_after_end);
ATF_TC_HEAD(recvmmsg_msgvec_heap_after_end,tc)1669 ATF_TC_HEAD(recvmmsg_msgvec_heap_after_end, tc)
1670 {
1671 }
ATF_TC_BODY(recvmmsg_msgvec_heap_after_end,tc)1672 ATF_TC_BODY(recvmmsg_msgvec_heap_after_end, tc)
1673 {
1674 #define BUF __stack.__buf
1675 struct {
1676 uint8_t padding_l;
1677 struct mmsghdr * __buf;
1678 uint8_t padding_r;
1679 } __stack;
1680 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (2);
1681 const size_t __len = 2 + 1;
1682 const size_t __idx __unused = __len - 1;
1683 pid_t __child;
1684 int __status;
1685 int sock[2] = { -1, -1 };
1686
1687 __child = fork();
1688 ATF_REQUIRE(__child >= 0);
1689 if (__child > 0)
1690 goto monitor;
1691
1692 /* Child */
1693 disable_coredumps();
1694 __stack.__buf = malloc(__bufsz);
1695
1696 recvmmsg(sock[0], __stack.__buf, __len, 0, NULL);
1697 _exit(EX_SOFTWARE); /* Should have aborted. */
1698
1699 monitor:
1700 while (waitpid(__child, &__status, 0) != __child) {
1701 ATF_REQUIRE_EQ(EINTR, errno);
1702 }
1703
1704 if (!WIFSIGNALED(__status)) {
1705 switch (WEXITSTATUS(__status)) {
1706 case EX_SOFTWARE:
1707 atf_tc_fail("FORTIFY_SOURCE failed to abort");
1708 break;
1709 case EX_OSERR:
1710 atf_tc_fail("setrlimit(2) failed");
1711 break;
1712 default:
1713 atf_tc_fail("child exited with status %d",
1714 WEXITSTATUS(__status));
1715 }
1716 } else {
1717 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1718 }
1719 #undef BUF
1720
1721 }
1722
1723 ATF_TC(recvmmsg_msghdr_before_end);
ATF_TC_HEAD(recvmmsg_msghdr_before_end,tc)1724 ATF_TC_HEAD(recvmmsg_msghdr_before_end, tc)
1725 {
1726 }
ATF_TC_BODY(recvmmsg_msghdr_before_end,tc)1727 ATF_TC_BODY(recvmmsg_msghdr_before_end, tc)
1728 {
1729 #define BUF &__stack.__buf
1730 struct {
1731 uint8_t padding_l;
1732 unsigned char __buf[42];
1733 uint8_t padding_r;
1734 } __stack;
1735 const size_t __bufsz __unused = sizeof(__stack.__buf);
1736 const size_t __len = 42 - 1;
1737 const size_t __idx __unused = __len - 1;
1738 int sock[2] = { -1, -1 };
1739 struct mmsghdr msgvec[2];
1740
1741 memset(&msgvec[0], 0, sizeof(msgvec));
1742
1743 /*
1744 * Same as above, make sure fortification isn't ignoring n > 1 elements
1745 * of the msgvec.
1746 */
1747 msgvec[1].msg_hdr.msg_control = BUF;
1748 msgvec[1].msg_hdr.msg_controllen = __len;
1749
1750 recvmmsg(sock[0], &msgvec[0], nitems(msgvec), 0, NULL);
1751 #undef BUF
1752
1753 }
1754
1755 ATF_TC(recvmmsg_msghdr_end);
ATF_TC_HEAD(recvmmsg_msghdr_end,tc)1756 ATF_TC_HEAD(recvmmsg_msghdr_end, tc)
1757 {
1758 }
ATF_TC_BODY(recvmmsg_msghdr_end,tc)1759 ATF_TC_BODY(recvmmsg_msghdr_end, tc)
1760 {
1761 #define BUF &__stack.__buf
1762 struct {
1763 uint8_t padding_l;
1764 unsigned char __buf[42];
1765 uint8_t padding_r;
1766 } __stack;
1767 const size_t __bufsz __unused = sizeof(__stack.__buf);
1768 const size_t __len = 42;
1769 const size_t __idx __unused = __len - 1;
1770 int sock[2] = { -1, -1 };
1771 struct mmsghdr msgvec[2];
1772
1773 memset(&msgvec[0], 0, sizeof(msgvec));
1774
1775 /*
1776 * Same as above, make sure fortification isn't ignoring n > 1 elements
1777 * of the msgvec.
1778 */
1779 msgvec[1].msg_hdr.msg_control = BUF;
1780 msgvec[1].msg_hdr.msg_controllen = __len;
1781
1782 recvmmsg(sock[0], &msgvec[0], nitems(msgvec), 0, NULL);
1783 #undef BUF
1784
1785 }
1786
1787 ATF_TC(recvmmsg_msghdr_heap_before_end);
ATF_TC_HEAD(recvmmsg_msghdr_heap_before_end,tc)1788 ATF_TC_HEAD(recvmmsg_msghdr_heap_before_end, tc)
1789 {
1790 }
ATF_TC_BODY(recvmmsg_msghdr_heap_before_end,tc)1791 ATF_TC_BODY(recvmmsg_msghdr_heap_before_end, tc)
1792 {
1793 #define BUF __stack.__buf
1794 struct {
1795 uint8_t padding_l;
1796 unsigned char * __buf;
1797 uint8_t padding_r;
1798 } __stack;
1799 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1800 const size_t __len = 42 - 1;
1801 const size_t __idx __unused = __len - 1;
1802 int sock[2] = { -1, -1 };
1803 struct mmsghdr msgvec[2];
1804
1805 __stack.__buf = malloc(__bufsz);
1806 memset(&msgvec[0], 0, sizeof(msgvec));
1807
1808 /*
1809 * Same as above, make sure fortification isn't ignoring n > 1 elements
1810 * of the msgvec.
1811 */
1812 msgvec[1].msg_hdr.msg_control = BUF;
1813 msgvec[1].msg_hdr.msg_controllen = __len;
1814
1815 recvmmsg(sock[0], &msgvec[0], nitems(msgvec), 0, NULL);
1816 #undef BUF
1817
1818 }
1819
1820 ATF_TC(recvmmsg_msghdr_heap_end);
ATF_TC_HEAD(recvmmsg_msghdr_heap_end,tc)1821 ATF_TC_HEAD(recvmmsg_msghdr_heap_end, tc)
1822 {
1823 }
ATF_TC_BODY(recvmmsg_msghdr_heap_end,tc)1824 ATF_TC_BODY(recvmmsg_msghdr_heap_end, tc)
1825 {
1826 #define BUF __stack.__buf
1827 struct {
1828 uint8_t padding_l;
1829 unsigned char * __buf;
1830 uint8_t padding_r;
1831 } __stack;
1832 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1833 const size_t __len = 42;
1834 const size_t __idx __unused = __len - 1;
1835 int sock[2] = { -1, -1 };
1836 struct mmsghdr msgvec[2];
1837
1838 __stack.__buf = malloc(__bufsz);
1839 memset(&msgvec[0], 0, sizeof(msgvec));
1840
1841 /*
1842 * Same as above, make sure fortification isn't ignoring n > 1 elements
1843 * of the msgvec.
1844 */
1845 msgvec[1].msg_hdr.msg_control = BUF;
1846 msgvec[1].msg_hdr.msg_controllen = __len;
1847
1848 recvmmsg(sock[0], &msgvec[0], nitems(msgvec), 0, NULL);
1849 #undef BUF
1850
1851 }
1852
1853 ATF_TC(recvmmsg_msghdr_heap_after_end);
ATF_TC_HEAD(recvmmsg_msghdr_heap_after_end,tc)1854 ATF_TC_HEAD(recvmmsg_msghdr_heap_after_end, tc)
1855 {
1856 }
ATF_TC_BODY(recvmmsg_msghdr_heap_after_end,tc)1857 ATF_TC_BODY(recvmmsg_msghdr_heap_after_end, tc)
1858 {
1859 #define BUF __stack.__buf
1860 struct {
1861 uint8_t padding_l;
1862 unsigned char * __buf;
1863 uint8_t padding_r;
1864 } __stack;
1865 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1866 const size_t __len = 42 + 1;
1867 const size_t __idx __unused = __len - 1;
1868 pid_t __child;
1869 int __status;
1870 int sock[2] = { -1, -1 };
1871 struct mmsghdr msgvec[2];
1872
1873 __child = fork();
1874 ATF_REQUIRE(__child >= 0);
1875 if (__child > 0)
1876 goto monitor;
1877
1878 /* Child */
1879 disable_coredumps();
1880 __stack.__buf = malloc(__bufsz);
1881 memset(&msgvec[0], 0, sizeof(msgvec));
1882
1883 /*
1884 * Same as above, make sure fortification isn't ignoring n > 1 elements
1885 * of the msgvec.
1886 */
1887 msgvec[1].msg_hdr.msg_control = BUF;
1888 msgvec[1].msg_hdr.msg_controllen = __len;
1889
1890 recvmmsg(sock[0], &msgvec[0], nitems(msgvec), 0, NULL);
1891 _exit(EX_SOFTWARE); /* Should have aborted. */
1892
1893 monitor:
1894 while (waitpid(__child, &__status, 0) != __child) {
1895 ATF_REQUIRE_EQ(EINTR, errno);
1896 }
1897
1898 if (!WIFSIGNALED(__status)) {
1899 switch (WEXITSTATUS(__status)) {
1900 case EX_SOFTWARE:
1901 atf_tc_fail("FORTIFY_SOURCE failed to abort");
1902 break;
1903 case EX_OSERR:
1904 atf_tc_fail("setrlimit(2) failed");
1905 break;
1906 default:
1907 atf_tc_fail("child exited with status %d",
1908 WEXITSTATUS(__status));
1909 }
1910 } else {
1911 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1912 }
1913 #undef BUF
1914
1915 }
1916
ATF_TP_ADD_TCS(tp)1917 ATF_TP_ADD_TCS(tp)
1918 {
1919 ATF_TP_ADD_TC(tp, getpeername_before_end);
1920 ATF_TP_ADD_TC(tp, getpeername_end);
1921 ATF_TP_ADD_TC(tp, getpeername_heap_before_end);
1922 ATF_TP_ADD_TC(tp, getpeername_heap_end);
1923 ATF_TP_ADD_TC(tp, getpeername_heap_after_end);
1924 ATF_TP_ADD_TC(tp, getsockname_before_end);
1925 ATF_TP_ADD_TC(tp, getsockname_end);
1926 ATF_TP_ADD_TC(tp, getsockname_heap_before_end);
1927 ATF_TP_ADD_TC(tp, getsockname_heap_end);
1928 ATF_TP_ADD_TC(tp, getsockname_heap_after_end);
1929 ATF_TP_ADD_TC(tp, recv_before_end);
1930 ATF_TP_ADD_TC(tp, recv_end);
1931 ATF_TP_ADD_TC(tp, recv_heap_before_end);
1932 ATF_TP_ADD_TC(tp, recv_heap_end);
1933 ATF_TP_ADD_TC(tp, recv_heap_after_end);
1934 ATF_TP_ADD_TC(tp, recvfrom_before_end);
1935 ATF_TP_ADD_TC(tp, recvfrom_end);
1936 ATF_TP_ADD_TC(tp, recvfrom_heap_before_end);
1937 ATF_TP_ADD_TC(tp, recvfrom_heap_end);
1938 ATF_TP_ADD_TC(tp, recvfrom_heap_after_end);
1939 ATF_TP_ADD_TC(tp, recvfrom_sockaddr_before_end);
1940 ATF_TP_ADD_TC(tp, recvfrom_sockaddr_end);
1941 ATF_TP_ADD_TC(tp, recvfrom_sockaddr_heap_before_end);
1942 ATF_TP_ADD_TC(tp, recvfrom_sockaddr_heap_end);
1943 ATF_TP_ADD_TC(tp, recvfrom_sockaddr_heap_after_end);
1944 ATF_TP_ADD_TC(tp, recvmsg_msg_name_before_end);
1945 ATF_TP_ADD_TC(tp, recvmsg_msg_name_end);
1946 ATF_TP_ADD_TC(tp, recvmsg_msg_name_heap_before_end);
1947 ATF_TP_ADD_TC(tp, recvmsg_msg_name_heap_end);
1948 ATF_TP_ADD_TC(tp, recvmsg_msg_name_heap_after_end);
1949 ATF_TP_ADD_TC(tp, recvmsg_msg_iov_before_end);
1950 ATF_TP_ADD_TC(tp, recvmsg_msg_iov_end);
1951 ATF_TP_ADD_TC(tp, recvmsg_msg_iov_heap_before_end);
1952 ATF_TP_ADD_TC(tp, recvmsg_msg_iov_heap_end);
1953 ATF_TP_ADD_TC(tp, recvmsg_msg_iov_heap_after_end);
1954 ATF_TP_ADD_TC(tp, recvmsg_msg_control_before_end);
1955 ATF_TP_ADD_TC(tp, recvmsg_msg_control_end);
1956 ATF_TP_ADD_TC(tp, recvmsg_msg_control_heap_before_end);
1957 ATF_TP_ADD_TC(tp, recvmsg_msg_control_heap_end);
1958 ATF_TP_ADD_TC(tp, recvmsg_msg_control_heap_after_end);
1959 ATF_TP_ADD_TC(tp, recvmmsg_msgvec_before_end);
1960 ATF_TP_ADD_TC(tp, recvmmsg_msgvec_end);
1961 ATF_TP_ADD_TC(tp, recvmmsg_msgvec_after_end);
1962 ATF_TP_ADD_TC(tp, recvmmsg_msgvec_heap_before_end);
1963 ATF_TP_ADD_TC(tp, recvmmsg_msgvec_heap_end);
1964 ATF_TP_ADD_TC(tp, recvmmsg_msgvec_heap_after_end);
1965 ATF_TP_ADD_TC(tp, recvmmsg_msghdr_before_end);
1966 ATF_TP_ADD_TC(tp, recvmmsg_msghdr_end);
1967 ATF_TP_ADD_TC(tp, recvmmsg_msghdr_heap_before_end);
1968 ATF_TP_ADD_TC(tp, recvmmsg_msghdr_heap_end);
1969 ATF_TP_ADD_TC(tp, recvmmsg_msghdr_heap_after_end);
1970 return (atf_no_error());
1971 }
1972