From 246e18b22463d48f85f0966eb07fb60a68050181 Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Wed, 17 Apr 2019 16:45:35 +0000 Subject: [PATCH] pf tests: Try to provoke the panic with invalid DIOCRSETTFLAGS There was an issue with copyin() on DIOCRSETTFLAGS, which would panic if pfrio_buffer was NULL. Test for the issue fixed in r346319. MFC after: 1 week Event: Aberdeen hackathon 2019 --- tests/sys/netpfil/pf/ioctl/validation.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/sys/netpfil/pf/ioctl/validation.c b/tests/sys/netpfil/pf/ioctl/validation.c index 1f713138a47d..1b759aaa9e46 100644 --- a/tests/sys/netpfil/pf/ioctl/validation.c +++ b/tests/sys/netpfil/pf/ioctl/validation.c @@ -305,6 +305,11 @@ ATF_TC_BODY(settflags, tc) io.pfrio_size = 1 << 28; if (ioctl(dev, DIOCRSETTFLAGS, &io) != 0) atf_tc_fail("Request with size 1 << 24 failed"); + + /* NULL buffer */ + io.pfrio_buffer = NULL; + if (ioctl(dev, DIOCRSETTFLAGS, &io) != -1) + atf_tc_fail("Request with NULL buffer succeeded"); } ATF_TC_CLEANUP(settflags, tc)