From 14e5342e996ff122875a2306ba8d84dac096a48a Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@altlinux.org>
Date: Thu, 3 Jan 2019 23:36:22 +0000
Subject: [PATCH 15/27] tests: use tail_alloc instead of calloc in
 bpf-obj_get_info_by_fd-prog*

This guarantees that map_info and prog_info objects are not accessed
out of bounds.

* tests/bpf-obj_get_info_by_fd.c: Include <string.h>.
(main): Use tail_alloc instead of calloc for map_info and prog_info.

Conflicts:
	tests/bpf-obj_get_info_by_fd.c

Additional changes:
	tests-m32/bpf-obj_get_info_by_fd.c (copy of tests/bpf-obj_get_info_by_fd.c)
	tests-mx32/bpf-obj_get_info_by_fd.c (copy of tests/bpf-obj_get_info_by_fd.c)

---
 tests/bpf-obj_get_info_by_fd.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

Index: strace-4.24/tests/bpf-obj_get_info_by_fd.c
===================================================================
--- strace-4.24.orig/tests/bpf-obj_get_info_by_fd.c	2019-03-10 05:19:26.164412164 +0100
+++ strace-4.24/tests/bpf-obj_get_info_by_fd.c	2019-03-10 05:35:03.618024803 +0100
@@ -18,6 +18,7 @@
 #include <stdio.h>
 #include <stdint.h>
 #include <stdlib.h>
+#include <string.h>
 #include <unistd.h>
 #include <sys/sysmacros.h>
 #include <asm/unistd.h>
@@ -274,13 +275,14 @@
 	 * initializer element is not constant.
 	 */
 	#define  MAP_INFO_SZ (sizeof(*map_info) + 64)
-	struct bpf_map_info_struct *map_info = calloc(1, MAP_INFO_SZ);
+	struct bpf_map_info_struct *map_info = tail_alloc(MAP_INFO_SZ);
 	struct BPF_OBJ_GET_INFO_BY_FD_struct bpf_map_get_info_attr = {
 		.bpf_fd   = map_fd,
 		.info_len = MAP_INFO_SZ,
 		.info     = (uintptr_t) map_info,
 	};
 
+	memset(map_info, 0, MAP_INFO_SZ);
 	int ret = sys_bpf(BPF_OBJ_GET_INFO_BY_FD, &bpf_map_get_info_attr,
 			  sizeof(bpf_map_get_info_attr));
 	if (ret < 0)
@@ -330,7 +332,7 @@
 	 * initializer element is not constant.
 	 */
 	#define  PROG_INFO_SZ (sizeof(*prog_info) + 64)
-	struct bpf_prog_info_struct *prog_info = calloc(1, PROG_INFO_SZ);
+	struct bpf_prog_info_struct *prog_info = tail_alloc(PROG_INFO_SZ);
 	struct bpf_insn *xlated_prog = tail_alloc(sizeof(*xlated_prog) * 42);
 	uint32_t *map_ids = tail_alloc(sizeof(*map_ids) * 2);
 	struct BPF_OBJ_GET_INFO_BY_FD_struct bpf_prog_get_info_attr = {
@@ -340,6 +342,7 @@
 	};
 	size_t old_prog_info_len = PROG_INFO_SZ;
 
+	memset(prog_info, 0, PROG_INFO_SZ);
 	for (unsigned int i = 0; i < 4; i++) {
 		prog_info->jited_prog_len = 0;
 		switch (i) {
Index: strace-4.24/tests-m32/bpf-obj_get_info_by_fd.c
===================================================================
--- strace-4.24.orig/tests-m32/bpf-obj_get_info_by_fd.c	2018-06-04 03:11:05.000000000 +0200
+++ strace-4.24/tests-m32/bpf-obj_get_info_by_fd.c	2019-03-10 05:35:43.934621086 +0100
@@ -4,27 +4,7 @@
  * Copyright (c) 2018 The strace developers.
  * All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- *    derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * SPDX-License-Identifier: GPL-2.0-or-later
  */
 
 #include "tests.h"
@@ -38,6 +18,7 @@
 #include <stdio.h>
 #include <stdint.h>
 #include <stdlib.h>
+#include <string.h>
 #include <unistd.h>
 #include <sys/sysmacros.h>
 #include <asm/unistd.h>
@@ -294,13 +275,14 @@
 	 * initializer element is not constant.
 	 */
 	#define  MAP_INFO_SZ (sizeof(*map_info) + 64)
-	struct bpf_map_info_struct *map_info = calloc(1, MAP_INFO_SZ);
+	struct bpf_map_info_struct *map_info = tail_alloc(MAP_INFO_SZ);
 	struct BPF_OBJ_GET_INFO_BY_FD_struct bpf_map_get_info_attr = {
 		.bpf_fd   = map_fd,
 		.info_len = MAP_INFO_SZ,
 		.info     = (uintptr_t) map_info,
 	};
 
+	memset(map_info, 0, MAP_INFO_SZ);
 	int ret = sys_bpf(BPF_OBJ_GET_INFO_BY_FD, &bpf_map_get_info_attr,
 			  sizeof(bpf_map_get_info_attr));
 	if (ret < 0)
@@ -350,7 +332,7 @@
 	 * initializer element is not constant.
 	 */
 	#define  PROG_INFO_SZ (sizeof(*prog_info) + 64)
-	struct bpf_prog_info_struct *prog_info = calloc(1, PROG_INFO_SZ);
+	struct bpf_prog_info_struct *prog_info = tail_alloc(PROG_INFO_SZ);
 	struct bpf_insn *xlated_prog = tail_alloc(sizeof(*xlated_prog) * 42);
 	uint32_t *map_ids = tail_alloc(sizeof(*map_ids) * 2);
 	struct BPF_OBJ_GET_INFO_BY_FD_struct bpf_prog_get_info_attr = {
@@ -360,6 +342,7 @@
 	};
 	size_t old_prog_info_len = PROG_INFO_SZ;
 
+	memset(prog_info, 0, PROG_INFO_SZ);
 	for (unsigned int i = 0; i < 4; i++) {
 		prog_info->jited_prog_len = 0;
 		switch (i) {
Index: strace-4.24/tests-mx32/bpf-obj_get_info_by_fd.c
===================================================================
--- strace-4.24.orig/tests-mx32/bpf-obj_get_info_by_fd.c	2018-06-04 03:11:05.000000000 +0200
+++ strace-4.24/tests-mx32/bpf-obj_get_info_by_fd.c	2019-03-10 05:35:48.837571989 +0100
@@ -4,27 +4,7 @@
  * Copyright (c) 2018 The strace developers.
  * All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- *    derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * SPDX-License-Identifier: GPL-2.0-or-later
  */
 
 #include "tests.h"
@@ -38,6 +18,7 @@
 #include <stdio.h>
 #include <stdint.h>
 #include <stdlib.h>
+#include <string.h>
 #include <unistd.h>
 #include <sys/sysmacros.h>
 #include <asm/unistd.h>
@@ -294,13 +275,14 @@
 	 * initializer element is not constant.
 	 */
 	#define  MAP_INFO_SZ (sizeof(*map_info) + 64)
-	struct bpf_map_info_struct *map_info = calloc(1, MAP_INFO_SZ);
+	struct bpf_map_info_struct *map_info = tail_alloc(MAP_INFO_SZ);
 	struct BPF_OBJ_GET_INFO_BY_FD_struct bpf_map_get_info_attr = {
 		.bpf_fd   = map_fd,
 		.info_len = MAP_INFO_SZ,
 		.info     = (uintptr_t) map_info,
 	};
 
+	memset(map_info, 0, MAP_INFO_SZ);
 	int ret = sys_bpf(BPF_OBJ_GET_INFO_BY_FD, &bpf_map_get_info_attr,
 			  sizeof(bpf_map_get_info_attr));
 	if (ret < 0)
@@ -350,7 +332,7 @@
 	 * initializer element is not constant.
 	 */
 	#define  PROG_INFO_SZ (sizeof(*prog_info) + 64)
-	struct bpf_prog_info_struct *prog_info = calloc(1, PROG_INFO_SZ);
+	struct bpf_prog_info_struct *prog_info = tail_alloc(PROG_INFO_SZ);
 	struct bpf_insn *xlated_prog = tail_alloc(sizeof(*xlated_prog) * 42);
 	uint32_t *map_ids = tail_alloc(sizeof(*map_ids) * 2);
 	struct BPF_OBJ_GET_INFO_BY_FD_struct bpf_prog_get_info_attr = {
@@ -360,6 +342,7 @@
 	};
 	size_t old_prog_info_len = PROG_INFO_SZ;
 
+	memset(prog_info, 0, PROG_INFO_SZ);
 	for (unsigned int i = 0; i < 4; i++) {
 		prog_info->jited_prog_len = 0;
 		switch (i) {