xref: /freebsd/tools/test/stress2/misc/overflow3.sh (revision e2340276fc734a1f0bd0d2cf16fcfba7936c9462)
1#!/bin/sh
2
3#
4# SPDX-License-Identifier: BSD-2-Clause
5#
6# Copyright (c) 2021 Mark Johnston <markj@FreeBSD.org>
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11# 1. Redistributions of source code must retain the above copyright
12#    notice, this list of conditions and the following disclaimer.
13# 2. Redistributions in binary form must reproduce the above copyright
14#    notice, this list of conditions and the following disclaimer in the
15#    documentation and/or other materials provided with the distribution.
16#
17# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27# SUCH DAMAGE.
28#
29# Leaking fp references when truncating SCM_RIGHTS control messages
30# Fixed in r343784
31
32. ../default.cfg
33
34cd /tmp
35cat > overflow3.c <<EOF
36#include <sys/types.h>
37#include <sys/socket.h>
38
39#include <err.h>
40#include <stdlib.h>
41#include <string.h>
42#include <unistd.h>
43
44int
45main(void)
46{
47	struct iovec iov;
48	struct msghdr hdr, rhdr;
49	struct cmsghdr *chdr;
50	int nfds, sv[2];
51	char ch;
52
53	if (socketpair(PF_LOCAL, SOCK_STREAM, 0, sv) != 0)
54		err(1, "socketpair");
55
56	nfds = 253;
57
58	memset(&hdr, 0, sizeof(hdr));
59	ch = 'a';
60	iov.iov_base = &ch;
61	iov.iov_len = 1;
62	hdr.msg_iov = &iov;
63	hdr.msg_iovlen = 1;
64	hdr.msg_control = calloc(1, CMSG_SPACE(nfds * sizeof(int)));
65	hdr.msg_controllen = CMSG_SPACE(nfds * sizeof(int));
66
67	chdr = (struct cmsghdr *)hdr.msg_control;
68	chdr->cmsg_len = CMSG_LEN(nfds * sizeof(int));
69	chdr->cmsg_level = SOL_SOCKET;
70	chdr->cmsg_type = SCM_RIGHTS;
71
72	memset(&rhdr, 0, sizeof(rhdr));
73	rhdr.msg_iov = &iov;
74	rhdr.msg_iovlen = 1;
75	rhdr.msg_control = calloc(1, CMSG_SPACE(0));
76	rhdr.msg_controllen = CMSG_SPACE(0);
77
78	for (;;) {
79		if (sendmsg(sv[0], &hdr, 0) != 1)
80			err(1, "sendmsg");
81		if (recvmsg(sv[1], &rhdr, 0) != 1)
82			err(1, "recvmsg");
83		if ((rhdr.msg_flags & MSG_CTRUNC) == 0)
84			errx(1, "MSG_CTRUNC not set");
85	}
86
87	return (0);
88}
89EOF
90mycc -o overflow3 -Wall -Wextra -O2 overflow3.c || exit 1
91rm overflow3.c
92
93timeout 2m ./overflow3
94
95rm overflow3
96exit
97