d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fusefs: fix a buffer overflow in the tests

Browse Source 
The actual overflow occured in the ReadAhead.readahead test.
Surprisingly it has never segfaulted or resulted in any bad behavior.

MFC after:	1 week
Sponsored by:	Axcient
Reviewed by:	emaste
Differential Revision: https://reviews.freebsd.org/D38718
This commit is contained in:
Alan Somers 2023-02-21 17:13:56 -07:00
parent ce7db385f5
commit 0c9df4afc2
7 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tests/sys/fs/fusefs/bmap.cc
View File

@ -210,6 +210,8 @@ TEST_P(BmapEof, eof)
_)
).WillOnce(Invoke(ReturnImmediate([=](auto in, auto& out) {
size_t osize = in.body.read.size;
assert(osize < sizeof(out.body.bytes));
out.header.len = sizeof(struct fuse_out_header) + osize;
bzero(out.body.bytes, osize);
})));

3
tests/sys/fs/fusefs/fallocate.cc
View File

@ -70,6 +70,7 @@ void expect_vop_stddeallocate(uint64_t ino, uint64_t off, uint64_t length)
}, Eq(true)),
_)
).WillOnce(Invoke(ReturnImmediate([=](auto in, auto& out) {
assert(in.body.read.size <= sizeof(out.body.bytes));
out.header.len = sizeof(struct fuse_out_header) +
in.body.read.size;
memset(out.body.bytes, 'X', in.body.read.size);
@ -79,6 +80,8 @@ void expect_vop_stddeallocate(uint64_t ino, uint64_t off, uint64_t length)
const char *buf = (const char*)in.body.bytes +
sizeof(struct fuse_write_in);
assert(length <= sizeof(in.body.bytes) -
sizeof(struct fuse_write_in));
return (in.header.opcode == FUSE_WRITE &&
in.header.nodeid == ino &&
in.body.write.offset == off &&

3
tests/sys/fs/fusefs/io.cc
View File

@ -141,6 +141,8 @@ void SetUp()
ssize_t isize = in.body.write.size;
off_t iofs = in.body.write.offset;
assert((size_t)isize <= sizeof(in.body.bytes) -
sizeof(struct fuse_write_in));
ASSERT_EQ(isize, pwrite(m_backing_fd, buf, isize, iofs))
<< strerror(errno);
SET_OUT_HEADER_LEN(out, write);
@ -158,6 +160,7 @@ void SetUp()
void *buf = out.body.bytes;
ssize_t osize;
assert((size_t)isize <= sizeof(out.body.bytes));
osize = pread(m_backing_fd, buf, isize, iofs);
ASSERT_LE(0, osize) << strerror(errno);
out.header.len = sizeof(struct fuse_out_header) + osize;

2
tests/sys/fs/fusefs/mockfs.hh
View File

@ -206,7 +206,7 @@ union fuse_payloads_out {
* The protocol places no limits on the size of bytes. Choose
* a size big enough for anything we'll test.
*/
uint8_t bytes[0x20000];
uint8_t bytes[0x40000];
fuse_entry_out entry;
fuse_entry_out_7_8 entry_7_8;
fuse_lk_out getlk;

1
tests/sys/fs/fusefs/setattr.cc
View File

@ -530,6 +530,7 @@ TEST_F(Setattr, truncate_discards_cached_data) {
auto osize = std::min(
static_cast<uint64_t>(cur_size) - in.body.read.offset,
static_cast<uint64_t>(in.body.read.size));
assert(osize <= sizeof(out.body.bytes));
out.header.len = sizeof(struct fuse_out_header) + osize;
if (should_have_data)
memset(out.body.bytes, 'X', osize);

6
tests/sys/fs/fusefs/utils.cc
View File

@ -400,6 +400,7 @@ void FuseTest::expect_read(uint64_t ino, uint64_t offset, uint64_t isize,
}, Eq(true)),
_)
).WillOnce(Invoke(ReturnImmediate([=](auto in __unused, auto& out) {
assert(osize <= sizeof(out.body.bytes));
out.header.len = sizeof(struct fuse_out_header) + osize;
memmove(out.body.bytes, contents, osize);
}))).RetiresOnSaturation();
@ -502,6 +503,8 @@ void FuseTest::expect_write(uint64_t ino, uint64_t offset, uint64_t isize,
bool pid_ok;
uint32_t wf = in.body.write.write_flags;
assert(isize <= sizeof(in.body.bytes) -
sizeof(struct fuse_write_in));
if (wf & FUSE_WRITE_CACHE)
pid_ok = true;
else
@ -534,6 +537,9 @@ void FuseTest::expect_write_7_8(uint64_t ino, uint64_t offset, uint64_t isize,
const char *buf = (const char*)in.body.bytes +
FUSE_COMPAT_WRITE_IN_SIZE;
bool pid_ok = (pid_t)in.header.pid == getpid();
assert(isize <= sizeof(in.body.bytes) -
FUSE_COMPAT_WRITE_IN_SIZE);
return (in.header.opcode == FUSE_WRITE &&
in.header.nodeid == ino &&
in.body.write.fh == FH &&

2
tests/sys/fs/fusefs/write.cc
View File

@ -97,6 +97,8 @@ void maybe_expect_write(uint64_t ino, uint64_t offset, uint64_t size,
const char *buf = (const char*)in.body.bytes +
sizeof(struct fuse_write_in);
assert(size <= sizeof(in.body.bytes) -
sizeof(struct fuse_write_in));
return (in.header.opcode == FUSE_WRITE &&
in.header.nodeid == ino &&
in.body.write.offset == offset &&