gethostbyname_r01: check whether a system is vulnerable or not.

Qualys security researchers discovered a serious weakness in the Linux glibc
library:
https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt

We write this test to check wherher a system is vulnerable or not.

Signed-off-by: Zeng Linggang <[email protected]>
Acked-by: Cyril Hrubis <[email protected]>
Acked-by: Jan Stancek <[email protected]>

runtest/syscalls

@@ -361,6 +361,8 @@ getgroups01_16 getgroups01_16
 getgroups03 getgroups03
 getgroups03_16 getgroups03_16
 
+gethostbyname_r01 gethostbyname_r01
+
 gethostid01 gethostid01
 
 gethostname01 gethostname01

testcases/kernel/syscalls/.gitignore

@@ -304,6 +304,7 @@
 /getgroups/getgroups03_16
 /getgroups/getgroups04
 /getgroups/getgroups04_16
+/gethostbyname_r/gethostbyname_r01
 /gethostid/gethostid01
 /gethostname/gethostname01
 /getitimer/getitimer01

testcases/kernel/syscalls/gethostbyname_r/Makefile

@@ -0,0 +1,19 @@
+#
+#  Copyright (c) 2015 Fujitsu Ltd.
+#
+#  This program is free software;  you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY;  without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+#  the GNU General Public License for more details.
+#
+
+top_srcdir		?= ../../../..
+
+include $(top_srcdir)/include/mk/testcases.mk
+
+include $(top_srcdir)/include/mk/generic_leaf_target.mk

testcases/kernel/syscalls/gethostbyname_r/gethostbyname_r01.c

@@ -0,0 +1,102 @@
+/*
+ *   Copyright (c) 2015 Fujitsu Ltd.
+ *   Author: Zeng Linggang <[email protected]>
+ *
+ *   This program is free software;  you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ *   This program is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY;  without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ *   the GNU General Public License for more details.
+ */
+
+/*
+ * This is a test for glibc bug:
+ * https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
+ */
+
+#include <netdb.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include "test.h"
+
+#define CANARY "in_the_coal_mine"
+
+static void setup(void);
+static void check_vulnerable(void);
+
+static struct {
+	char buffer[1024];
+	char canary[sizeof(CANARY)];
+} temp = {
+	"buffer",
+	CANARY,
+};
+
+char *TCID = "gethostbyname_r01";
+int TST_TOTAL = 1;
+
+int main(int ac, char **av)
+{
+	int lc;
+	const char *msg;
+
+	msg = parse_opts(ac, av, NULL, NULL);
+	if (msg != NULL)
+		tst_brkm(TBROK, NULL, "OPTION PARSING ERROR - %s", msg);
+
+	setup();
+
+	for (lc = 0; TEST_LOOPING(lc); lc++) {
+		tst_count = 0;
+		check_vulnerable();
+	}
+
+	tst_exit();
+}
+
+static void setup(void)
+{
+	tst_sig(NOFORK, DEF_HANDLER, NULL);
+	TEST_PAUSE;
+}
+
+static void check_vulnerable(void)
+{
+	struct hostent resbuf;
+	struct hostent *result;
+	int herrno;
+	int retval;
+	char name[sizeof(temp.buffer)];
+	size_t len;
+
+	/*
+	 * <glibc>/nss/digits_dots.c:
+	 * strlen(name) = size_needed - sizeof(*host_addr) -
+	 *                sizeof(*h_addr_ptrs) - 1;
+	 */
+	len = sizeof(temp.buffer) - 16 - 2 * sizeof(char *) - 1;
+	memset(name, '0', len);
+	name[len] = '\0';
+
+	retval = gethostbyname_r(name, &resbuf, temp.buffer,
+				 sizeof(temp.buffer), &result, &herrno);
+
+	if (strcmp(temp.canary, CANARY) != 0) {
+		tst_resm(TFAIL, "vulnerable");
+		return;
+	}
+
+	if (retval == ERANGE) {
+		tst_resm(TPASS, "not vulnerable");
+		return;
+	}
+
+	tst_resm(TFAIL, "gethostbyname_r() returned %s, expected ERANGE",
+		 tst_strerrno(retval));
+}