1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) 2015 Fujitsu Ltd.
4 * Author: Zeng Linggang <[email protected]>
5 * Copyright (C) 2024 SUSE LLC Andrea Manzini <[email protected]>
6 */
7
8 /*\
9 * [Description]
10 *
11 * Test for GHOST: glibc vulnerability (CVE-2015-0235).
12 *
13 * https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
14 */
15
16 #include "tst_test.h"
17
18 #define CANARY "in_the_coal_mine"
19
20 static struct
21 {
22 char buffer[1024];
23 char canary[sizeof(CANARY)];
24 } temp = {
25 "buffer",
26 CANARY,
27 };
28
check_vulnerable(void)29 static void check_vulnerable(void)
30 {
31 struct hostent resbuf;
32 struct hostent *result;
33 int herrno;
34 int retval;
35 char name[sizeof(temp.buffer)];
36 size_t len;
37
38 /*
39 * <glibc>/nss/digits_dots.c:
40 * strlen(name) = size_needed - sizeof(*host_addr) -
41 * sizeof(*h_addr_ptrs) - 1;
42 */
43 len = sizeof(temp.buffer) - 16 - 2 * sizeof(char *) - 1;
44
45 memset(name, '0', len);
46 name[len] = '\0';
47 retval = gethostbyname_r(name, &resbuf, temp.buffer,
48 sizeof(temp.buffer), &result, &herrno);
49
50 /* has canary been overwritten? */
51 if (strcmp(temp.canary, CANARY) != 0)
52 tst_res(TFAIL, "GHOST CVE-2015-0235 vulnerable");
53 else
54 TST_EXP_EQ_LI(retval, ERANGE);
55 }
56
57 static struct tst_test test = {
58 .test_all = check_vulnerable,
59 .tags = (const struct tst_tag[]) {
60 {"glibc-git", "d5dd6189d506"},
61 {"CVE", "CVE-2015-0235"},
62 {}
63 }
64 };
65