1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) 2017 Richard Palethorpe <[email protected]>
4 */
5 /*
6 * Test for CVE-2017-6951, original reproducer can be found here:
7 * http://www.spinics.net/lists/keyrings/msg01845.html
8 *
9 * request_key() is not in glibc, so we just use the syscall directly instead
10 * of linking to keyutils.
11 */
12
13 #include <unistd.h>
14 #include <sys/syscall.h>
15
16 #include "tst_test.h"
17 #include "lapi/syscalls.h"
18
19 #define ATTEMPTS 0x100
20
run(void)21 static void run(void)
22 {
23 int i;
24
25 tst_res(TINFO, "Requesting dead key");
26 for (i = 0; i < ATTEMPTS; i++)
27 tst_syscall(__NR_request_key, "dead", "abc", "abc", 0, 0, 0);
28
29 tst_res(TPASS, "No crash after %d attempts", ATTEMPTS);
30 }
31
32 static struct tst_test test = {
33 .test_all = run,
34 .tags = (const struct tst_tag[]) {
35 {"CVE", "2017-6951"},
36 {}
37 }
38 };
39