[PATCH 2/8] tests: check decoding of NETLINK_SOCK_DIAG AF_NETLINK messages

Tue Jun 13 20:21:33 UTC 2017

On Tue, Jun 13, 2017 at 10:13:19PM +0800, JingPiao Chen wrote:
> * tests/netlink_sock_diag.c: Include <linux/netlink_diag.h>.
> (test_netlink_diag_req, test_netlink_diag_msg): New functions.
> (main): Use them.
> 
> Co-authored-by: Fabien Siron <fabien.siron at epita.fr>
> ---
>  tests/netlink_sock_diag.c | 242 ++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 242 insertions(+)
> 
> diff --git a/tests/netlink_sock_diag.c b/tests/netlink_sock_diag.c
> index 63e7c3f..87a6d00 100644
> --- a/tests/netlink_sock_diag.c
> +++ b/tests/netlink_sock_diag.c
> @@ -35,6 +35,7 @@
>  #include <sys/socket.h>
>  #include <netinet/tcp.h>
>  #include <linux/netlink.h>
> +#include <linux/netlink_diag.h>
>  #include <linux/sock_diag.h>
>  #include <linux/unix_diag.h>
>  
> @@ -314,6 +315,245 @@ test_unix_diag_msg(const int fd)
>  	       sprintrc(rc));
>  }
>  
> +static void
> +test_netlink_diag_req(const int fd)
> +{
> +	struct nlmsghdr *nlh;
> +	struct netlink_diag_req *req;
> +	uint8_t *family;
> +	void *const nlh0 = tail_alloc(NLMSG_HDRLEN);
> +	long rc;
> +
> +	/* print family only */
> +	nlh = nlh0 - sizeof(*family);
> +	*nlh = (struct nlmsghdr) {
> +		.nlmsg_len = NLMSG_HDRLEN + sizeof(*family),
> +		.nlmsg_type = SOCK_DIAG_BY_FAMILY,
> +		.nlmsg_flags = NLM_F_REQUEST,
> +	};
> +	family = NLMSG_DATA(nlh);
> +	*family = AF_NETLINK;
> +
> +	rc = sendto(fd, nlh, NLMSG_HDRLEN + sizeof(*family), MSG_DONTWAIT,
> +		    NULL, 0);
> +
> +	printf("sendto(%d, {{len=%u, type=SOCK_DIAG_BY_FAMILY"
> +	       ", flags=NLM_F_REQUEST, seq=0, pid=0}, {family=AF_NETLINK}}"
> +	       ", %u, MSG_DONTWAIT, NULL, 0) = %s\n",
> +	       fd, NLMSG_HDRLEN + (unsigned int) sizeof(*family),
> +	       NLMSG_HDRLEN + (unsigned int) sizeof(*family),
> +	       sprintrc(rc));
> +
> +	/* print unknown family */
> +	*family = 0xff;
> +
> +	rc = sendto(fd, nlh, NLMSG_HDRLEN + sizeof(*family), MSG_DONTWAIT,
> +		    NULL, 0);
> +
> +	printf("sendto(%d, {{len=%u, type=SOCK_DIAG_BY_FAMILY"
> +	       ", flags=NLM_F_REQUEST, seq=0, pid=0}, {family=0xff /* AF_??? */}}"
> +	       ", %u, MSG_DONTWAIT, NULL, 0) = %s\n",
> +	       fd, NLMSG_HDRLEN + (unsigned int) sizeof(*family),
> +	       NLMSG_HDRLEN + (unsigned int) sizeof(*family),
> +	       sprintrc(rc));
> +
> +	/* short read of family */
> +	memmove(nlh0, nlh, NLMSG_HDRLEN);
> +	nlh = nlh0;
> +
> +	rc = sendto(fd, nlh, NLMSG_HDRLEN + sizeof(*family), MSG_DONTWAIT,
> +		    NULL, 0);
> +
> +	printf("sendto(%d, {{len=%u, type=SOCK_DIAG_BY_FAMILY"
> +	       ", flags=NLM_F_REQUEST, seq=0, pid=0}, %p}"
> +	       ", %u, MSG_DONTWAIT, NULL, 0) = %s\n",
> +	       fd, NLMSG_HDRLEN + (unsigned int) sizeof(*family),
> +	       NLMSG_DATA(nlh),
> +	       NLMSG_HDRLEN + (unsigned int) sizeof(*family),
> +	       sprintrc(rc));
> +
> +	/* print family and string */
> +	nlh = nlh0 - (sizeof(*family) + 4);
> +	*nlh = (struct nlmsghdr) {
> +		.nlmsg_len = NLMSG_HDRLEN + sizeof(*family) + 4,
> +		.nlmsg_type = SOCK_DIAG_BY_FAMILY,
> +		.nlmsg_flags = NLM_F_REQUEST,
> +	};
> +	family = NLMSG_DATA(nlh);
> +	*family = AF_NETLINK;
> +	memcpy(family + 1, "1234", 4);
> +
> +	rc = sendto(fd, nlh, NLMSG_HDRLEN + sizeof(*family) + 4, MSG_DONTWAIT,
> +		    NULL, 0);
> +
> +	printf("sendto(%d, {{len=%u, type=SOCK_DIAG_BY_FAMILY"
> +	       ", flags=NLM_F_REQUEST, seq=0, pid=0}"
> +	       ", {family=AF_NETLINK, \"1234\"}}"
> +	       ", %u, MSG_DONTWAIT, NULL, 0) = %s\n",
> +	       fd, NLMSG_HDRLEN + (unsigned int) sizeof(*family) + 4,
> +	       NLMSG_HDRLEN + (unsigned int) sizeof(*family) + 4,
> +	       sprintrc(rc));
> +
> +	/* print netlink_diag_req */
> +	nlh = nlh0 - sizeof(*req);
> +	*nlh = (struct nlmsghdr) {
> +		.nlmsg_len = NLMSG_HDRLEN + sizeof(*req),
> +		.nlmsg_type = SOCK_DIAG_BY_FAMILY,
> +		.nlmsg_flags = NLM_F_REQUEST,
> +	};
> +	req = NLMSG_DATA(nlh);
> +	*req = (struct netlink_diag_req) {
> +		.sdiag_family = AF_NETLINK,
> +		.sdiag_protocol = NDIAG_PROTO_ALL,
> +		.ndiag_show = NDIAG_SHOW_MEMINFO,
> +	};
> +
> +
> +	rc = sendto(fd, nlh, nlh->nlmsg_len, MSG_DONTWAIT, NULL, 0);
> +
> +	printf("sendto(%d, {{len=%u, type=SOCK_DIAG_BY_FAMILY"
> +	       ", flags=NLM_F_REQUEST, seq=0, pid=0}"
> +	       ", {sdiag_family=AF_NETLINK, sdiag_protocol=NDIAG_PROTO_ALL"
> +	       ", ndiag_ino=0, ndiag_show=NDIAG_SHOW_MEMINFO"
> +	       ", ndiag_cookie=[0, 0]}}, %u, MSG_DONTWAIT, NULL, 0) = %s\n",
> +	       fd, nlh->nlmsg_len, nlh->nlmsg_len, sprintrc(rc));

I think we should try to check decoding of all fields of struct
netlink_diag_req.  Let's initialize all numeric fields to some non-zero
magic numbers with most significant bit set.  This applies to other
diag_req/diag_msg structs, too.

> +
> +	/* short read of netlink_diag_req */
> +	nlh = nlh0 - sizeof(*family);
> +	memmove(nlh, nlh0 - sizeof(*req), NLMSG_HDRLEN + sizeof(*family));

I'd prefer if this short read was just 1 byte shorter than required.

-- 
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20170613/267d9169/attachment.bin>