about summary refs log tree commit diff
path: root/posix
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2019-10-08 13:04:15 +0200
committerFlorian Weimer <fweimer@redhat.com>2019-10-08 16:11:13 +0200
commit32036901707cc86e16b8d9f65bb4686a9bbb0a5c (patch)
tree6561e14fbcc02fe5d7d943d721662e2d1eeaaae1 /posix
parentca602c1536ce2777f95c07525f3c42d78812e665 (diff)
downloadglibc-32036901707cc86e16b8d9f65bb4686a9bbb0a5c.tar.gz
glibc-32036901707cc86e16b8d9f65bb4686a9bbb0a5c.tar.xz
glibc-32036901707cc86e16b8d9f65bb4686a9bbb0a5c.zip
wordexp: Split out command execution tests from posix/wordexp-test
Once wordexp switches to posix_spawn, testing for command execution
based on fork handlers will not work anymore.  Therefore, move these
subtests into  a new test, posix/tst-wordexp-nocmd, which uses a
different form of command execution detection, based on PID
namespaces.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
Diffstat (limited to 'posix')
-rw-r--r--posix/Makefile3
-rw-r--r--posix/tst-wordexp-nocmd.c179
-rw-r--r--posix/wordexp-test.c83
3 files changed, 181 insertions, 84 deletions
diff --git a/posix/Makefile b/posix/Makefile
index 0579596d9e..fe031eb450 100644
--- a/posix/Makefile
+++ b/posix/Makefile
@@ -100,7 +100,8 @@ tests		:= test-errno tstgetopt testfnm runtests runptests \
 		   tst-posix_fadvise tst-posix_fadvise64 \
 		   tst-sysconf-empty-chroot tst-glob_symlinks tst-fexecve \
 		   tst-glob-tilde test-ssize-max tst-spawn4 bug-regex37 \
-		   bug-regex38 tst-regcomp-truncated tst-spawn-chdir
+		   bug-regex38 tst-regcomp-truncated tst-spawn-chdir \
+		   tst-wordexp-nocmd
 tests-internal	:= bug-regex5 bug-regex20 bug-regex33 \
 		   tst-rfc3484 tst-rfc3484-2 tst-rfc3484-3 \
 		   tst-glob_lstat_compat tst-spawn4-compat
diff --git a/posix/tst-wordexp-nocmd.c b/posix/tst-wordexp-nocmd.c
new file mode 100644
index 0000000000..b2f64c819f
--- /dev/null
+++ b/posix/tst-wordexp-nocmd.c
@@ -0,0 +1,179 @@
+/* Test for (lack of) command execution in wordexp.
+   Copyright (C) 1997-2019 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+/* This test optionally counts PIDs in a PID namespace to detect
+   forks.  Without kernel support for that, it will merely look at the
+   error codes from wordexp to check that no command execution
+   happens.  */
+
+#include <sched.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <support/check.h>
+#include <support/namespace.h>
+#include <support/xunistd.h>
+#include <wordexp.h>
+
+/* Set to true if the test runs in a PID namespace and can therefore
+   use next_pid below.  */
+static bool pid_tests_supported;
+
+/* The next PID, as returned from next_pid below.  Only meaningful if
+   pid_tests_supported.  */
+static pid_t expected_pid;
+
+/* Allocate the next PID and return it.  The process is terminated.
+   Note that the test itself advances the next PID.  */
+static pid_t
+next_pid (void)
+{
+  pid_t pid = xfork ();
+  if (pid == 0)
+    _exit (0);
+  xwaitpid (pid, NULL, 0);
+  return pid;
+}
+
+/* Check that evaluating PATTERN with WRDE_NOCMD results in
+   EXPECTED_ERROR.  */
+static void
+expect_failure (const char *pattern, int expected_error)
+{
+  printf ("info: testing pattern: %s\n", pattern);
+  wordexp_t w;
+  TEST_COMPARE (wordexp (pattern, &w, WRDE_NOCMD), expected_error);
+  if (pid_tests_supported)
+    TEST_COMPARE (expected_pid++, next_pid ());
+}
+
+/* Run all the tests.  Invoked with different IFS values.  */
+static void
+run_tests (void)
+{
+  /* Integer overflow in division.  */
+  {
+    static const char *const numbers[] = {
+      "0",
+      "1",
+      "65536",
+      "2147483648",
+      "4294967296"
+      "9223372036854775808",
+      "18446744073709551616",
+      "170141183460469231731687303715884105728",
+      "340282366920938463463374607431768211456",
+      NULL
+    };
+
+    for (const char *const *num = numbers; *num != NULL; ++num)
+      {
+        wordexp_t w;
+        char pattern[256];
+        snprintf (pattern, sizeof (pattern), "$[(-%s)/(-1)]", *num);
+        int ret = wordexp (pattern, &w, WRDE_NOCMD);
+        if (ret == 0)
+          {
+            /* If the call is successful, the result must match the
+               original number.  */
+            TEST_COMPARE (w.we_wordc, 1);
+            TEST_COMPARE_STRING (w.we_wordv[0], *num);
+            TEST_COMPARE_STRING (w.we_wordv[1], NULL);
+            wordfree (&w);
+          }
+        else
+          /* Otherwise, the test must fail with a syntax error.  */
+          TEST_COMPARE (ret, WRDE_SYNTAX);
+
+        /* In both cases, command execution is not permitted.  */
+        if (pid_tests_supported)
+          TEST_COMPARE (expected_pid++, next_pid ());
+      }
+  }
+
+  /* (Lack of) command execution tests.  */
+
+  expect_failure ("$(ls)", WRDE_CMDSUB);
+
+  /* Test for CVE-2014-7817. We test 3 combinations of command
+     substitution inside an arithmetic expression to make sure that
+     no commands are executed and error is returned.  */
+  expect_failure ("$((`echo 1`))", WRDE_CMDSUB);
+  expect_failure ("$((1+`echo 1`))", WRDE_CMDSUB);
+  expect_failure ("$((1+$((`echo 1`))))", WRDE_CMDSUB);
+
+  expect_failure ("$[1/0]", WRDE_SYNTAX); /* BZ 18100.  */
+}
+
+static void
+subprocess (void *closure)
+{
+  expected_pid = 2;
+  if (pid_tests_supported)
+    TEST_COMPARE (expected_pid++, next_pid ());
+
+  /* Check that triggering command execution via wordexp results in a
+     PID increase.  */
+  if (pid_tests_supported)
+    {
+      wordexp_t w;
+      TEST_COMPARE (wordexp ("$(echo Test)", &w, 0), 0);
+      TEST_COMPARE (w.we_wordc, 1);
+      TEST_COMPARE_STRING (w.we_wordv[0], "Test");
+      TEST_COMPARE_STRING (w.we_wordv[1], NULL);
+      wordfree (&w);
+
+      pid_t n = next_pid ();
+      printf ("info: self-test resulted in PID %d (processes created: %d)\n",
+              (int) n, (int) (n - expected_pid));
+      TEST_VERIFY (n > expected_pid);
+      expected_pid = n + 1;
+  }
+
+  puts ("info: testing without IFS");
+  unsetenv ("IFS");
+  run_tests ();
+
+  puts ("info: testing with IFS");
+  TEST_COMPARE (setenv ("IFS", " \t\n", 1), 0);
+  run_tests ();
+}
+
+static int
+do_test (void)
+{
+  support_become_root ();
+
+#ifdef CLONE_NEWPID
+  if (unshare (CLONE_NEWPID) != 0)
+    printf ("warning: unshare (CLONE_NEW_PID) failed: %m\n"
+            "warning: This leads to reduced test coverage.\n");
+  else
+    pid_tests_supported = true;
+#else
+  printf ("warning: CLONE_NEW_PID not available.\n"
+          "warning: This leads to reduced test coverage.\n");
+#endif
+
+  /* CLONE_NEWPID only has an effect after fork.  */
+  support_isolate_in_subprocess (subprocess, NULL);
+
+  return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
index 957184cf47..a4d8bcf1da 100644
--- a/posix/wordexp-test.c
+++ b/posix/wordexp-test.c
@@ -31,23 +31,6 @@
 
 #define IFS " \n\t"
 
-extern int __register_atfork (void (*) (void), void (*) (void), void (*) (void), void *);
-
-static int __app_register_atfork (void (*prepare) (void), void (*parent) (void), void (*child) (void))
-{
-  return __register_atfork (prepare, parent, child, __dso_handle);
-}
-
-/* Number of forks seen.  */
-static int registered_forks;
-
-/* For each fork increment the fork count.  */
-static void
-register_fork (void)
-{
-  registered_forks++;
-}
-
 struct test_case_struct
 {
   int retval;
@@ -217,7 +200,6 @@ struct test_case_struct
     { WRDE_BADCHAR, NULL, "close-paren)", 0, 0, { NULL, }, IFS },
     { WRDE_BADCHAR, NULL, "{open-brace", 0, 0, { NULL, }, IFS },
     { WRDE_BADCHAR, NULL, "close-brace}", 0, 0, { NULL, }, IFS },
-    { WRDE_CMDSUB, NULL, "$(ls)", WRDE_NOCMD, 0, { NULL, }, IFS },
     { WRDE_BADVAL, NULL, "$var", WRDE_UNDEF, 0, { NULL, }, IFS },
     { WRDE_BADVAL, NULL, "$9", WRDE_UNDEF, 0, { NULL, }, IFS },
     { WRDE_SYNTAX, NULL, "$[50+20))", 0, 0, { NULL, }, IFS },
@@ -227,17 +209,10 @@ struct test_case_struct
     { WRDE_SYNTAX, NULL, "$((2+))", 0, 0, { NULL, }, IFS },
     { WRDE_SYNTAX, NULL, "`", 0, 0, { NULL, }, IFS },
     { WRDE_SYNTAX, NULL, "$((010+4+))", 0, 0, { NULL }, IFS },
-    /* Test for CVE-2014-7817. We test 3 combinations of command
-       substitution inside an arithmetic expression to make sure that
-       no commands are executed and error is returned.  */
-    { WRDE_CMDSUB, NULL, "$((`echo 1`))", WRDE_NOCMD, 0, { NULL, }, IFS },
-    { WRDE_CMDSUB, NULL, "$((1+`echo 1`))", WRDE_NOCMD, 0, { NULL, }, IFS },
-    { WRDE_CMDSUB, NULL, "$((1+$((`echo 1`))))", WRDE_NOCMD, 0, { NULL, }, IFS },
 
     { WRDE_SYNTAX, NULL, "`\\", 0, 0, { NULL, }, IFS },     /* BZ 18042  */
     { WRDE_SYNTAX, NULL, "${", 0, 0, { NULL, }, IFS },      /* BZ 18043  */
     { WRDE_SYNTAX, NULL, "L${a:", 0, 0, { NULL, }, IFS },   /* BZ 18043#c4  */
-    { WRDE_SYNTAX, NULL, "$[1/0]", WRDE_NOCMD, 0, {NULL, }, IFS }, /* BZ 18100 */
 
     { -1, NULL, NULL, 0, 0, { NULL, }, IFS },
   };
@@ -290,15 +265,6 @@ main (int argc, char *argv[])
 	  return -1;
     }
 
-  /* If we are not allowed to do command substitution, we install
-     fork handlers to verify that no forks happened.  No forks should
-     happen at all if command substitution is disabled.  */
-  if (__app_register_atfork (register_fork, NULL, NULL) != 0)
-    {
-      printf ("Failed to register fork handler.\n");
-      return -1;
-    }
-
   for (test = 0; test_case[test].retval != -1; test++)
     if (testit (&test_case[test]))
       ++fail;
@@ -363,45 +329,6 @@ main (int argc, char *argv[])
 	++fail;
     }
 
-  /* Integer overflow in division.  */
-  {
-    static const char *const numbers[] = {
-      "0",
-      "1",
-      "65536",
-      "2147483648",
-      "4294967296"
-      "9223372036854775808",
-      "18446744073709551616",
-      "170141183460469231731687303715884105728",
-      "340282366920938463463374607431768211456",
-      NULL
-    };
-
-    for (const char *const *num = numbers; *num; ++num)
-      {
-	wordexp_t p;
-	char pattern[256];
-	snprintf (pattern, sizeof (pattern), "$[(-%s)/(-1)]", *num);
-	int ret = wordexp (pattern, &p, WRDE_NOCMD);
-	if (ret == 0)
-	  {
-	    if (p.we_wordc != 1 || strcmp (p.we_wordv[0], *num) != 0)
-	      {
-		printf ("Integer overflow for \"%s\" failed", pattern);
-		++fail;
-	      }
-	    wordfree (&p);
-	  }
-	else if (ret != WRDE_SYNTAX)
-	  {
-	    printf ("Integer overflow for \"%s\" failed with %d",
-		    pattern, ret);
-	    ++fail;
-	  }
-      }
-  }
-
   puts ("tests completed, now cleaning up");
 
   /* Clean up */
@@ -472,9 +399,6 @@ testit (struct test_case_struct *tc)
   fflush (NULL);
   const char *words = at_page_end (tc->words);
 
-  if (tc->flags & WRDE_NOCMD)
-    registered_forks = 0;
-
   if (tc->flags & WRDE_APPEND)
     {
       /* initial wordexp() call, to be appended to */
@@ -486,13 +410,6 @@ testit (struct test_case_struct *tc)
     }
   retval = wordexp (words, &we, tc->flags);
 
-  if ((tc->flags & WRDE_NOCMD)
-      && (registered_forks > 0))
-    {
-	  printf ("FAILED fork called for WRDE_NOCMD\n");
-	  return 1;
-    }
-
   if (tc->flags & WRDE_DOOFFS)
       start_offs = sav_we.we_offs;