1 /* Check for descriptor leak in if_nametoindex with a long interface name.
2    Copyright (C) 2018-2021 Free Software Foundation, Inc.
3    This file is part of the GNU C Library.
4 
5    The GNU C Library is free software; you can redistribute it and/or
6    modify it under the terms of the GNU Lesser General Public
7    License as published by the Free Software Foundation; either
8    version 2.1 of the License, or (at your option) any later version.
9 
10    The GNU C Library is distributed in the hope that it will be useful,
11    but WITHOUT ANY WARRANTY; without even the implied warranty of
12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13    Lesser General Public License for more details.
14 
15    You should have received a copy of the GNU Lesser General Public
16    License along with the GNU C Library; if not, see
17    <https://www.gnu.org/licenses/>.  */
18 
19 /* This test checks for a descriptor leak in case of a long interface
20    name (CVE-2018-19591, bug 23927).  */
21 
22 #include <errno.h>
23 #include <net/if.h>
24 #include <netdb.h>
25 #include <string.h>
26 #include <support/check.h>
27 #include <support/descriptors.h>
28 #include <support/support.h>
29 
30 static int
do_test(void)31 do_test (void)
32 {
33   struct support_descriptors *descrs = support_descriptors_list ();
34 
35   /* Prepare a name which is just as long as required for trigging the
36      bug.  */
37   char name[IFNAMSIZ + 1];
38   memset (name, 'A', IFNAMSIZ);
39   name[IFNAMSIZ] = '\0';
40   TEST_COMPARE (strlen (name), IFNAMSIZ);
41   struct ifreq ifr;
42   TEST_COMPARE (strlen (name), sizeof (ifr.ifr_name));
43 
44   /* Test directly via if_nametoindex.  */
45   TEST_COMPARE (if_nametoindex (name), 0);
46   TEST_COMPARE (errno, ENODEV);
47   support_descriptors_check (descrs);
48 
49   /* Same test via getaddrinfo.  */
50   char *host = xasprintf ("fea0::%%%s", name);
51   struct addrinfo hints = { .ai_flags = AI_NUMERICHOST, };
52   struct addrinfo *ai;
53   TEST_COMPARE (getaddrinfo (host, NULL, &hints, &ai), EAI_NONAME);
54   support_descriptors_check (descrs);
55 
56   support_descriptors_free (descrs);
57 
58   return 0;
59 }
60 
61 #include <support/test-driver.c>
62