[PATCH v3] tests: extend for decoding of udev_monitor_netlink_header
Harsha Sharma
harshasharmaiitr at gmail.com
Mon Mar 19 11:27:21 UTC 2018
On Mon, Mar 12, 2018 at 4:52 AM, Dmitry V. Levin <ldv at altlinux.org> wrote:
> On Mon, Mar 12, 2018 at 12:31:12AM +0530, Harsha Sharma wrote:
>> * tests/netlink_kobject_uevent.c: Add test_nlmsg_type_udev.
>> ---
>> Changes in v3:
>> * change format type
>>
>> Changes in v2:
>> * Add decoding of kernel messages
>> * initialize udev_monitor_netlink_header with non-zero values
>> * cover case for length exceeding size of structure
>>
>> tests/netlink_kobject_uevent.c | 65 ++++++++++++++++++++++++++++++++++++++++++
>> 1 file changed, 65 insertions(+)
>>
>> diff --git a/tests/netlink_kobject_uevent.c b/tests/netlink_kobject_uevent.c
>> index cacab5fd..39b8c436 100644
>> --- a/tests/netlink_kobject_uevent.c
>> +++ b/tests/netlink_kobject_uevent.c
>> @@ -27,9 +27,72 @@
>> */
>>
>> #include "tests.h"
>> +#include <string.h>
>> #include <stdio.h>
>> #include <sys/socket.h>
>> +#include <arpa/inet.h>
>> #include "netlink.h"
>> +#include "netlink_kobject_uevent.h"
>> +
>> +static void
>> +test_nlmsg_type_udev(const int fd)
>> +{
>> + long ret;
>> + unsigned int offset = 8;
>> + struct udev_monitor_netlink_header uh = {
>> + .prefix = "libudev",
>> + .magic = htonl(0xfeedcafe),
>> + .header_size = sizeof(uh),
>> + .properties_off = 40,
>> + .properties_len = 299,
>> + .filter_subsystem_hash = htonl(0xc370b302),
>> + .filter_devtype_hash = htonl(0x10800000),
>> + .filter_tag_bloom_hi = htonl(0x2000400),
>> + .filter_tag_bloom_lo = htonl(0x10800000),
>> + };
>> + unsigned int len = sizeof(uh);
>> +
>> + ret = sendto(fd, &uh, len + offset, MSG_DONTWAIT, NULL, 0);
>
> Here you are sending "len + offset" bytes, that is, the whole "uh" object
> and "offset" bytes of garbage on stack.
>
>> + printf("sendto(%d, {{prefix=\"%s\", magic=htonl(%#x)"
>> + ", header_size=%u, properties_off=%u, properties_len=%u"
>> + ", filter_subsystem_hash=htonl(%#x)"
>> + ", filter_devtype_hash=htonl(%#x)"
>> + ", filter_tag_bloom_hi=htonl(%#x)"
>> + ", filter_tag_bloom_lo=htonl(%#x)}, "
>> + , fd, uh.prefix,
>> + ntohl(uh.magic), uh.header_size, uh.properties_off,
>> + uh.properties_len, ntohl(uh.filter_subsystem_hash),
>> + ntohl(uh.filter_devtype_hash), ntohl(uh.filter_tag_bloom_hi),
>> + ntohl(uh.filter_tag_bloom_lo));
>> + char buf[len + offset];
>> + memcpy(buf, &uh, len + offset);
>
> Here you are copying "offset" bytes of garbage from stack to stack.
> Garbage in - garbage out.
>
>> + print_quoted_memory(buf + len, offset);
>
> Here you are printing the garbage copied earlier. What are the chances
> this garbage is the same that was sent earlier to the kernel?
>
>> + printf("}, %u, MSG_DONTWAIT, NULL, 0) = %s\n",
>> + len + offset, sprintrc(ret));
>
> Note that at this point errno may be already clobbered by earlier printf
> calls, and sprintrc(ret) may print garbage. sprintrc has to be invoked
> before the first printf call, and its return code saved for future use.
Hello,
Sorry for the delay (I was having my examinations in college). I'll
try to correct this in next patch.
Thanks for your time to review.
Regards,
Harsha Sharma
>
> --
> ldv
More information about the Strace-devel
mailing list