1 /*
2 * Copyright (C) 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <stdbool.h>
18 #include <dlfcn.h>
19 #include <fcntl.h>
20 #include <ipp.h>
21 #include "../includes/common.h"
22
23 bool isInitialized = false;
24
25 bool isVulnerable = false;
26
27 bool isTestInProgress = false;
28
29 const char *kExposedLanguageString = "en-us";
30
31 static size_t (*realStrlen)(const char *str) = NULL;
32
init()33 void init() {
34 realStrlen = (size_t(*)(const char *))dlsym(RTLD_NEXT, "strlen");
35 if (realStrlen == NULL) {
36 return;
37 }
38 isInitialized = true;
39 }
40
strlen(const char * str)41 size_t strlen(const char *str) {
42 if (!isInitialized) {
43 init();
44 }
45 if (isTestInProgress && (strcmp(str, kExposedLanguageString) == 0)) {
46 isVulnerable = true;
47 }
48 return realStrlen(str);
49 }
50
main(int argc,char ** argv)51 int main(int argc, char **argv) {
52 FAIL_CHECK(argc > 1);
53 int fileDescriptor = open((const char *)argv[1], O_RDONLY);
54 FAIL_CHECK(fileDescriptor >= 0);
55 ipp_t *job = ippNew();
56 if (!job) {
57 close(fileDescriptor);
58 FAIL_CHECK(job != NULL);
59 }
60 isTestInProgress = true;
61 ippReadFile(fileDescriptor, job);
62 isTestInProgress = false;
63 free(job);
64 close(fileDescriptor);
65 return (isVulnerable) ? EXIT_VULNERABLE : EXIT_SUCCESS;
66 }
67