rpms
/
elfutils
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

CI Gating: Use Regression and Sanity tests in automated runs

This commit is contained in:
Martin Cermak 2021-11-16 12:00:15 +01:00
parent 687db29356
commit 6c4fe493d4
78 changed files with 0 additions and 1942 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
tests/Security/CVE-2018-16062-elfutils-Heap-based-buffer-over-read/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /tools/elfutils/Security/CVE-2018-16062-elfutils-Heap-based-buffer-over-read
# Description: CVE-2018-16062-elfutils-Heap-based-buffer-over-read
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/tools/elfutils/Security/CVE-2018-16062-elfutils-Heap-based-buffer-over-read
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE addr2line-buffer-over-flow1
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Martin Cermak <mcermak@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: CVE-2018-16062-elfutils-Heap-based-buffer-over-read" >> $(METADATA)
@echo "Type: Security" >> $(METADATA)
@echo "TestTime: 48h" >> $(METADATA)
@echo "RunFor: elfutils" >> $(METADATA)
@echo "Requires: elfutils valgrind" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1625260" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

5
tests/Security/CVE-2018-16062-elfutils-Heap-based-buffer-over-read/PURPOSE
View File

@ -1,5 +0,0 @@
PURPOSE of /tools/elfutils/Security/CVE-2018-16062-elfutils-Heap-based-buffer-over-read
Description: CVE-2018-16062-elfutils-Heap-based-buffer-over-read
Author: Martin Cermak <mcermak@redhat.com>
Bug summary: 2 elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file [rhel-7]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1625260

BIN
tests/Security/CVE-2018-16062-elfutils-Heap-based-buffer-over-read/addr2line-buffer-over-flow1
View File

Binary file not shown.

16
tests/Security/CVE-2018-16062-elfutils-Heap-based-buffer-over-read/main.fmf
View File

@ -1,16 +0,0 @@
summary: CVE-2018-16062-elfutils-Heap-based-buffer-over-read
description: |
Bug summary: 2 elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file [rhel-7]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1625260
contact:
- Martin Cermak <mcermak@redhat.com>
component:
- elfutils
test: ./runtest.sh
framework: beakerlib
recommend:
- elfutils
- valgrind
duration: 48h
extra-summary: /tools/elfutils/Security/CVE-2018-16062-elfutils-Heap-based-buffer-over-read
extra-task: /tools/elfutils/Security/CVE-2018-16062-elfutils-Heap-based-buffer-over-read

39
tests/Security/CVE-2018-16062-elfutils-Heap-based-buffer-over-read/runtest.sh
View File

@ -1,39 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /tools/elfutils/Security/CVE-2018-16062-elfutils-Heap-based-buffer-over-read
# Description: CVE-2018-16062-elfutils-Heap-based-buffer-over-read
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="elfutils"
rlJournalStart
rlPhaseStartTest
# Reproduced with elfutils-0.172-2.el7.x86_64 valgrind-3.13.0-13.el7.x86_64
rlRun "valgrind -q --error-exitcode=99 eu-addr2line -e addr2line-buffer-over-flow1 -- 500 50 10 -1000"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

BIN
tests/Security/CVE-2018-16402-double-free-due-to-double-decompression/Double-free-libelf
View File

Binary file not shown.

65
tests/Security/CVE-2018-16402-double-free-due-to-double-decompression/Makefile
View File

@ -1,65 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /tools/elfutils/Security/CVE-2018-16402-double-free-due-to-double-decompression
# Description: CVE-2018-16402-double-free-due-to-double-decompression
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2018 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/tools/elfutils/Security/CVE-2018-16402-double-free-due-to-double-decompression
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE Double-free-libelf
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Martin Cermak <mcermak@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: CVE-2018-16402-double-free-due-to-double-decompression" >> $(METADATA)
@echo "Type: Security" >> $(METADATA)
@echo "TestTime: 48h" >> $(METADATA)
@echo "RunFor: nothing" >> $(METADATA)
@echo "Requires: elfutils" >> $(METADATA)
@echo "Requires: valgrind" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1625052" >> $(METADATA)
@echo "Releases: -RHEL4 -RHEL6 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

5
tests/Security/CVE-2018-16402-double-free-due-to-double-decompression/PURPOSE
View File

@ -1,5 +0,0 @@
PURPOSE of /tools/elfutils/Security/CVE-2018-16402-double-free-due-to-double-decompression
Description: CVE-2018-16402-double-free-due-to-double-decompression
Author: Martin Cermak <mcermak@redhat.com>
Bug summary: 2 elfutils: Double-free due to double decompression of sections in crafted ELF causes crash [rhel-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1625052

16
tests/Security/CVE-2018-16402-double-free-due-to-double-decompression/main.fmf
View File

@ -1,16 +0,0 @@
summary: CVE-2018-16402-double-free-due-to-double-decompression
description: |
Bug summary: 2 elfutils: Double-free due to double decompression of sections in crafted ELF causes crash [rhel-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1625052
contact:
- Martin Cermak <mcermak@redhat.com>
component:
- nothing
test: ./runtest.sh
framework: beakerlib
recommend:
- elfutils
- valgrind
duration: 48h
extra-summary: /tools/elfutils/Security/CVE-2018-16402-double-free-due-to-double-decompression
extra-task: /tools/elfutils/Security/CVE-2018-16402-double-free-due-to-double-decompression

42
tests/Security/CVE-2018-16402-double-free-due-to-double-decompression/runtest.sh
View File

@ -1,42 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /tools/elfutils/Security/CVE-2018-16402-double-free-due-to-double-decompression
# Description: CVE-2018-16402-double-free-due-to-double-decompression
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2018 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="elfutils"
rlJournalStart
rlPhaseStartTest
TMP=$(mktemp)
rlRun "valgrind -q eu-readelf -S ./Double-free-libelf |& tee $TMP"
rlRun "fgrep 'Invalid free()' $TMP" 1
rlRun "fgrep 'Section Headers:' $TMP"
rm -f $TMP
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

BIN
tests/Security/CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c/Buffer-over-readelf
View File

Binary file not shown.

65
tests/Security/CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c/Makefile
View File

@ -1,65 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /tools/elfutils/Security/CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c
# Description: CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2018 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/tools/elfutils/Security/CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE Buffer-over-readelf bz1532205.supp
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Martin Cermak <mcermak@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c" >> $(METADATA)
@echo "Type: Security" >> $(METADATA)
@echo "TestTime: 48h" >> $(METADATA)
@echo "RunFor: nothing" >> $(METADATA)
@echo "Requires: elfutils" >> $(METADATA)
@echo "Requires: valgrind" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: yes" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1625057" >> $(METADATA)
@echo "Releases: -RHEL4 -RHEL6 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

5
tests/Security/CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c/PURPOSE
View File

@ -1,5 +0,0 @@
PURPOSE of /tools/elfutils/Security/CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c
Description: CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c
Author: Martin Cermak <mcermak@redhat.com>
Bug summary: 3 elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash [rhel-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1625057

25
tests/Security/CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c/bz1532205.supp
View File

@ -1,25 +0,0 @@
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:_nl_explode_name
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:_nl_make_l10nflist
}
{
<insert_a_suppression_name_here>
Memcheck:Addr4
fun:_nl_make_l10nflist
}
{
<insert_a_suppression_name_here>
Memcheck:Addr4
fun:new_composite_name
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:_nl_explode_name
}

16
tests/Security/CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c/main.fmf
View File

@ -1,16 +0,0 @@
summary: CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c
description: |
Bug summary: 3 elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash [rhel-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1625057
contact:
- Martin Cermak <mcermak@redhat.com>
component:
- nothing
test: ./runtest.sh
framework: beakerlib
recommend:
- elfutils
- valgrind
duration: 48h
extra-summary: /tools/elfutils/Security/CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c
extra-task: /tools/elfutils/Security/CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c

43
tests/Security/CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c/runtest.sh
View File

@ -1,43 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /tools/elfutils/Security/CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c
# Description: CVE-2018-16403-heap-based-buffer-over-read-in-libdw-dwarf_getabbrev-c
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2018 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="elfutils"
rlJournalStart
rlPhaseStartTest
arch | grep -q ppc64le && VGSUPP='--suppressions=bz1532205.supp' || VGSUPP=''
TMP=$(mktemp)
rlRun "valgrind $VGSUPP -q eu-readelf --debug-dump=abbrev ./Buffer-over-readelf |& tee $TMP"
rlRun "fgrep 'Invalid read of size' $TMP" 1
rlRun "fgrep 'Abbreviation section at offset' $TMP"
rm -f $TMP
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

64
tests/Security/CVE-2018-18310-elfutils-invalid-memory-address-dereference/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /tools/elfutils/Security/CVE-2018-18310-elfutils-invalid-memory-address-dereference
# Description: CVE-2018-18310-elfutils-invalid-memory-address-dereference
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/tools/elfutils/Security/CVE-2018-18310-elfutils-invalid-memory-address-dereference
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE POC-stack
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Martin Cermak <mcermak@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: CVE-2018-18310-elfutils-invalid-memory-address-dereference" >> $(METADATA)
@echo "Type: Security" >> $(METADATA)
@echo "TestTime: 48h" >> $(METADATA)
@echo "RunFor: elfutils" >> $(METADATA)
@echo "Requires: elfutils" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1651567" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

BIN
tests/Security/CVE-2018-18310-elfutils-invalid-memory-address-dereference/POC-stack
View File

Binary file not shown.

5
tests/Security/CVE-2018-18310-elfutils-invalid-memory-address-dereference/PURPOSE
View File

@ -1,5 +0,0 @@
PURPOSE of /tools/elfutils/Security/CVE-2018-18310-elfutils-invalid-memory-address-dereference
Description: CVE-2018-18310-elfutils-invalid-memory-address-dereference
Author: Martin Cermak <mcermak@redhat.com>
Bug summary: 0 elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl [rhdts-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1651567

15
tests/Security/CVE-2018-18310-elfutils-invalid-memory-address-dereference/main.fmf
View File

@ -1,15 +0,0 @@
summary: CVE-2018-18310-elfutils-invalid-memory-address-dereference
description: |
Bug summary: 0 elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl [rhdts-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1651567
contact:
- Martin Cermak <mcermak@redhat.com>
component:
- elfutils
test: ./runtest.sh
framework: beakerlib
recommend:
- elfutils
duration: 48h
extra-summary: /tools/elfutils/Security/CVE-2018-18310-elfutils-invalid-memory-address-dereference
extra-task: /tools/elfutils/Security/CVE-2018-18310-elfutils-invalid-memory-address-dereference

39
tests/Security/CVE-2018-18310-elfutils-invalid-memory-address-dereference/runtest.sh
View File

@ -1,39 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /tools/elfutils/Security/CVE-2018-18310-elfutils-invalid-memory-address-dereference
# Description: CVE-2018-18310-elfutils-invalid-memory-address-dereference
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="elfutils"
rlJournalStart
rlPhaseStartTest
# Expect exitcode 2, unfixed package segfaults (139)
rlRun "eu-stack --core=POC-stack" 2
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

64
tests/Security/CVE-2018-18310-invalid-memory-address-dereference/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /tools/elfutils/Security/CVE-2018-18310-invalid-memory-address-dereference
# Description: CVE-2018-18310-invalid-memory-address-dereference
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2018 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/tools/elfutils/Security/CVE-2018-18310-invalid-memory-address-dereference
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE POC-stack bz1532205.supp
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Martin Cermak <mcermak@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: CVE-2018-18310-invalid-memory-address-dereference" >> $(METADATA)
@echo "Type: Security" >> $(METADATA)
@echo "TestTime: 48h" >> $(METADATA)
@echo "RunFor: nothing" >> $(METADATA)
@echo "Requires: elfutils valgrind" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1642606" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6" >> $(METADATA)
rhts-lint $(METADATA)

BIN
tests/Security/CVE-2018-18310-invalid-memory-address-dereference/POC-stack
View File

Binary file not shown.

5
tests/Security/CVE-2018-18310-invalid-memory-address-dereference/PURPOSE
View File

@ -1,5 +0,0 @@
PURPOSE of /tools/elfutils/Security/CVE-2018-18310-invalid-memory-address-dereference
Description: CVE-2018-18310-invalid-memory-address-dereference
Author: Martin Cermak <mcermak@redhat.com>
Bug summary: 0 elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl [rhel-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1642606

25
tests/Security/CVE-2018-18310-invalid-memory-address-dereference/bz1532205.supp
View File

@ -1,25 +0,0 @@
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:_nl_explode_name
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:_nl_make_l10nflist
}
{
<insert_a_suppression_name_here>
Memcheck:Addr4
fun:_nl_make_l10nflist
}
{
<insert_a_suppression_name_here>
Memcheck:Addr4
fun:new_composite_name
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:_nl_explode_name
}

16
tests/Security/CVE-2018-18310-invalid-memory-address-dereference/main.fmf
View File

@ -1,16 +0,0 @@
summary: CVE-2018-18310-invalid-memory-address-dereference
description: |
Bug summary: 0 elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl [rhel-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1642606
contact:
- Martin Cermak <mcermak@redhat.com>
component:
- nothing
test: ./runtest.sh
framework: beakerlib
recommend:
- elfutils
- valgrind
duration: 48h
extra-summary: /tools/elfutils/Security/CVE-2018-18310-invalid-memory-address-dereference
extra-task: /tools/elfutils/Security/CVE-2018-18310-invalid-memory-address-dereference

42
tests/Security/CVE-2018-18310-invalid-memory-address-dereference/runtest.sh
View File

@ -1,42 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /tools/elfutils/Security/CVE-2018-18310-invalid-memory-address-dereference
# Description: CVE-2018-18310-invalid-memory-address-dereference
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2018 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="elfutils"
rlJournalStart
rlPhaseStartTest
arch | grep -q ppc64le && VGSUPP='--suppressions=bz1532205.supp' || VGSUPP=''
TMP=$(mktemp)
rlRun "valgrind $VGSUPP -q eu-stack --core=./POC-stack |& tee $TMP"
rlRun "fgrep 'Invalid read of size' $TMP" 1
rm -f $TMP
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

64
tests/Security/CVE-2018-18520-elfutils-eu-size-cannot-handle-recursive-ar-files/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /tools/elfutils/Security/CVE-2018-18520-elfutils-eu-size-cannot-handle-recursive-ar-files
# Description: CVE-2018-18520-elfutils-eu-size-cannot-handle-recursive-ar-files
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/tools/elfutils/Security/CVE-2018-18520-elfutils-eu-size-cannot-handle-recursive-ar-files
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE POC1
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Martin Cermak <mcermak@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: CVE-2018-18520-elfutils-eu-size-cannot-handle-recursive-ar-files" >> $(METADATA)
@echo "Type: Security" >> $(METADATA)
@echo "TestTime: 48h" >> $(METADATA)
@echo "RunFor: elfutils" >> $(METADATA)
@echo "Requires: elfutils" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1651200" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

BIN
tests/Security/CVE-2018-18520-elfutils-eu-size-cannot-handle-recursive-ar-files/POC1
View File

Binary file not shown.

3
tests/Security/CVE-2018-18520-elfutils-eu-size-cannot-handle-recursive-ar-files/PURPOSE
View File

@ -1,3 +0,0 @@
PURPOSE of /tools/elfutils/Security/CVE-2018-18520-elfutils-eu-size-cannot-handle-recursive-ar-files
Description: CVE-2018-18520-elfutils-eu-size-cannot-handle-recursive-ar-files
Author: Martin Cermak <mcermak@redhat.com>

13
tests/Security/CVE-2018-18520-elfutils-eu-size-cannot-handle-recursive-ar-files/main.fmf
View File

@ -1,13 +0,0 @@
summary: CVE-2018-18520-elfutils-eu-size-cannot-handle-recursive-ar-files
description: ''
contact:
- Martin Cermak <mcermak@redhat.com>
component:
- elfutils
test: ./runtest.sh
framework: beakerlib
recommend:
- elfutils
duration: 48h
extra-summary: /tools/elfutils/Security/CVE-2018-18520-elfutils-eu-size-cannot-handle-recursive-ar-files
extra-task: /tools/elfutils/Security/CVE-2018-18520-elfutils-eu-size-cannot-handle-recursive-ar-files

38
tests/Security/CVE-2018-18520-elfutils-eu-size-cannot-handle-recursive-ar-files/runtest.sh
View File

@ -1,38 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /tools/elfutils/Security/CVE-2018-18520-elfutils-eu-size-cannot-handle-recursive-ar-files
# Description: CVE-2018-18520-elfutils-eu-size-cannot-handle-recursive-ar-files
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="elfutils"
rlJournalStart
rlPhaseStartTest
rlRun "eu-size POC1"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

64
tests/Security/CVE-2018-18520-eu-size-cannot-handle-recursive-ar-files/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /tools/elfutils/Security/CVE-2018-18520-eu-size-cannot-handle-recursive-ar-files
# Description: CVE-2018-18520-eu-size-cannot-handle-recursive-ar-files
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2018 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/tools/elfutils/Security/CVE-2018-18520-eu-size-cannot-handle-recursive-ar-files
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE POC2
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Martin Cermak <mcermak@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: CVE-2018-18520-eu-size-cannot-handle-recursive-ar-files" >> $(METADATA)
@echo "Type: Security" >> $(METADATA)
@echo "TestTime: 48h" >> $(METADATA)
@echo "RunFor: elfutils" >> $(METADATA)
@echo "Requires: elfutils valgrind" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1646479" >> $(METADATA)
@echo "Releases: -RHEL4 -RHEL6 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

BIN
tests/Security/CVE-2018-18520-eu-size-cannot-handle-recursive-ar-files/POC2
View File

Binary file not shown.

5
tests/Security/CVE-2018-18520-eu-size-cannot-handle-recursive-ar-files/PURPOSE
View File

@ -1,5 +0,0 @@
PURPOSE of /tools/elfutils/Security/CVE-2018-18520-eu-size-cannot-handle-recursive-ar-files
Description: CVE-2018-18520-eu-size-cannot-handle-recursive-ar-files
Author: Martin Cermak <mcermak@redhat.com>
Bug summary: 0 elfutils: eu-size cannot handle recursive ar files [rhel-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1646479

16
tests/Security/CVE-2018-18520-eu-size-cannot-handle-recursive-ar-files/main.fmf
View File

@ -1,16 +0,0 @@
summary: CVE-2018-18520-eu-size-cannot-handle-recursive-ar-files
description: |
Bug summary: 0 elfutils: eu-size cannot handle recursive ar files [rhel-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1646479
contact:
- Martin Cermak <mcermak@redhat.com>
component:
- elfutils
test: ./runtest.sh
framework: beakerlib
recommend:
- elfutils
- valgrind
duration: 48h
extra-summary: /tools/elfutils/Security/CVE-2018-18520-eu-size-cannot-handle-recursive-ar-files
extra-task: /tools/elfutils/Security/CVE-2018-18520-eu-size-cannot-handle-recursive-ar-files

42
tests/Security/CVE-2018-18520-eu-size-cannot-handle-recursive-ar-files/runtest.sh
View File

@ -1,42 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /tools/elfutils/Security/CVE-2018-18520-eu-size-cannot-handle-recursive-ar-files
# Description: CVE-2018-18520-eu-size-cannot-handle-recursive-ar-files
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2018 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="elfutils"
rlJournalStart
rlPhaseStartTest
TMP=$(mktemp)
rlRun "valgrind -q eu-size ./POC2 |& tee $TMP"
rlRun "fgrep 'Process terminating with default action of signal 11' $TMP" 1
rm -f $TMP
rlRun "eu-size ./POC2"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

64
tests/Security/CVE-2018-18521-divide-by-zero/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /tools/elfutils/Security/CVE-2018-18521-divide-by-zero
# Description: CVE-2018-18521-divide-by-zero
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2018 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/tools/elfutils/Security/CVE-2018-18521-divide-by-zero
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE POC2
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Martin Cermak <mcermak@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: CVE-2018-18521-divide-by-zero" >> $(METADATA)
@echo "Type: Security" >> $(METADATA)
@echo "TestTime: 48h" >> $(METADATA)
@echo "RunFor: elfutils" >> $(METADATA)
@echo "Requires: elfutils valgrind" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1646484" >> $(METADATA)
@echo "Releases: -RHEL4 -RHEL6 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

BIN
tests/Security/CVE-2018-18521-divide-by-zero/POC2
View File

Binary file not shown.

5
tests/Security/CVE-2018-18521-divide-by-zero/PURPOSE
View File

@ -1,5 +0,0 @@
PURPOSE of /tools/elfutils/Security/CVE-2018-18521-divide-by-zero
Description: CVE-2018-18521-divide-by-zero
Author: Martin Cermak <mcermak@redhat.com>
Bug summary: 1 elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c [rhel-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1646484

16
tests/Security/CVE-2018-18521-divide-by-zero/main.fmf
View File

@ -1,16 +0,0 @@
summary: CVE-2018-18521-divide-by-zero
description: |
Bug summary: 1 elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c [rhel-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1646484
contact:
- Martin Cermak <mcermak@redhat.com>
component:
- elfutils
test: ./runtest.sh
framework: beakerlib
recommend:
- elfutils
- valgrind
duration: 48h
extra-summary: /tools/elfutils/Security/CVE-2018-18521-divide-by-zero
extra-task: /tools/elfutils/Security/CVE-2018-18521-divide-by-zero

43
tests/Security/CVE-2018-18521-divide-by-zero/runtest.sh
View File

@ -1,43 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /tools/elfutils/Security/CVE-2018-18521-divide-by-zero
# Description: CVE-2018-18521-divide-by-zero
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2018 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="elfutils"
rlJournalStart
rlPhaseStartTest
# This doesn't reproduce on ppach64 and ppc64le.
TMP=$(mktemp)
rlRun "valgrind -q eu-ranlib ./POC2 |& tee $TMP"
rlRun "fgrep 'Process terminating with default action of signal 8' $TMP" 1
rm -f $TMP
rlRun "eu-ranlib ./POC2"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

64
tests/Security/CVE-2018-18521-elfutils-Divide-by-zero-in-arlib_add_symbols-function-in-arlib-c/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /tools/elfutils/Security/CVE-2018-18521-elfutils-Divide-by-zero-in-arlib_add_symbols-function-in-arlib-c
# Description: CVE-2018-18521-elfutils-Divide-by-zero-in-arlib_add_symbols-function-in-arlib-c
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/tools/elfutils/Security/CVE-2018-18521-elfutils-Divide-by-zero-in-arlib_add_symbols-function-in-arlib-c
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE POC2
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Martin Cermak <mcermak@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: CVE-2018-18521-elfutils-Divide-by-zero-in-arlib_add_symbols-function-in-arlib-c" >> $(METADATA)
@echo "Type: Security" >> $(METADATA)
@echo "TestTime: 48h" >> $(METADATA)
@echo "RunFor: elfutils" >> $(METADATA)
@echo "Requires: elfutils" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1651203" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

BIN
tests/Security/CVE-2018-18521-elfutils-Divide-by-zero-in-arlib_add_symbols-function-in-arlib-c/POC2
View File

Binary file not shown.

5
tests/Security/CVE-2018-18521-elfutils-Divide-by-zero-in-arlib_add_symbols-function-in-arlib-c/PURPOSE
View File

@ -1,5 +0,0 @@
PURPOSE of /tools/elfutils/Security/CVE-2018-18521-elfutils-Divide-by-zero-in-arlib_add_symbols-function-in-arlib-c
Description: CVE-2018-18521-elfutils-Divide-by-zero-in-arlib_add_symbols-function-in-arlib-c
Author: Martin Cermak <mcermak@redhat.com>
Bug summary: 1 elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c [rhdts-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1651203

15
tests/Security/CVE-2018-18521-elfutils-Divide-by-zero-in-arlib_add_symbols-function-in-arlib-c/main.fmf
View File

@ -1,15 +0,0 @@
summary: CVE-2018-18521-elfutils-Divide-by-zero-in-arlib_add_symbols-function-in-arlib-c
description: |
Bug summary: 1 elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c [rhdts-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1651203
contact:
- Martin Cermak <mcermak@redhat.com>
component:
- elfutils
test: ./runtest.sh
framework: beakerlib
recommend:
- elfutils
duration: 48h
extra-summary: /tools/elfutils/Security/CVE-2018-18521-elfutils-Divide-by-zero-in-arlib_add_symbols-function-in-arlib-c
extra-task: /tools/elfutils/Security/CVE-2018-18521-elfutils-Divide-by-zero-in-arlib_add_symbols-function-in-arlib-c

38
tests/Security/CVE-2018-18521-elfutils-Divide-by-zero-in-arlib_add_symbols-function-in-arlib-c/runtest.sh
View File

@ -1,38 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /tools/elfutils/Security/CVE-2018-18521-elfutils-Divide-by-zero-in-arlib_add_symbols-function-in-arlib-c
# Description: CVE-2018-18521-elfutils-Divide-by-zero-in-arlib_add_symbols-function-in-arlib-c
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="elfutils"
rlJournalStart
rlPhaseStartTest
rlRun "eu-ranlib POC2"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

64
tests/Security/CVE-2019-7146/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /tools/elfutils/Security/CVE-2019-7146
# Description: CVE-2019-7146
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/tools/elfutils/Security/CVE-2019-7146
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE poc
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Martin Cermak <mcermak@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: CVE-2019-7146" >> $(METADATA)
@echo "Type: Security" >> $(METADATA)
@echo "TestTime: 48h" >> $(METADATA)
@echo "RunFor: elfutils" >> $(METADATA)
@echo "Requires: elfutils" >> $(METADATA)
@echo "Requires: valgrind" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

3
tests/Security/CVE-2019-7146/PURPOSE
View File

@ -1,3 +0,0 @@
PURPOSE of /tools/elfutils/Security/CVE-2019-7146
Description: CVE-2019-7146
Author: Martin Cermak <mcermak@redhat.com>

14
tests/Security/CVE-2019-7146/main.fmf
View File

@ -1,14 +0,0 @@
summary: CVE-2019-7146
description: ''
contact:
- Martin Cermak <mcermak@redhat.com>
component:
- elfutils
test: ./runtest.sh
framework: beakerlib
recommend:
- elfutils
- valgrind
duration: 48h
extra-summary: /tools/elfutils/Security/CVE-2019-7146
extra-task: /tools/elfutils/Security/CVE-2019-7146

BIN
tests/Security/CVE-2019-7146/poc
View File

Binary file not shown.

41
tests/Security/CVE-2019-7146/runtest.sh
View File

@ -1,41 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /tools/elfutils/Security/CVE-2019-7146
# Description: CVE-2019-7146
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="elfutils"
rlJournalStart
rlPhaseStartTest
# https://svn.devel.redhat.com/repos/srtvulns/trunk/components/elfutils/CVE-2019-7146/
# Expected Output
# An error instead of segfault.
rlRun "valgrind -q --error-exitcode=99 eu-readelf -a ./poc" 1
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

64
tests/Security/CVE-2019-7149-elfutils-heap-based-buffer-over-read/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /tools/elfutils/Security/CVE-2019-7149-elfutils-heap-based-buffer-over-read
# Description: CVE-2019-7149-elfutils-heap-based-buffer-over-read
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/tools/elfutils/Security/CVE-2019-7149-elfutils-heap-based-buffer-over-read
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE POC1
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Martin Cermak <mcermak@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: CVE-2019-7149-elfutils-heap-based-buffer-over-read" >> $(METADATA)
@echo "Type: Security" >> $(METADATA)
@echo "TestTime: 48h" >> $(METADATA)
@echo "RunFor: elfutils" >> $(METADATA)
@echo "Requires: elfutils valgrind" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1680056" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

BIN
tests/Security/CVE-2019-7149-elfutils-heap-based-buffer-over-read/POC1
View File

Binary file not shown.

5
tests/Security/CVE-2019-7149-elfutils-heap-based-buffer-over-read/PURPOSE
View File

@ -1,5 +0,0 @@
PURPOSE of /tools/elfutils/Security/CVE-2019-7149-elfutils-heap-based-buffer-over-read
Description: CVE-2019-7149-elfutils-heap-based-buffer-over-read
Author: Martin Cermak <mcermak@redhat.com>
Bug summary: elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw [rhdts-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1680056

16
tests/Security/CVE-2019-7149-elfutils-heap-based-buffer-over-read/main.fmf
View File

@ -1,16 +0,0 @@
summary: CVE-2019-7149-elfutils-heap-based-buffer-over-read
description: |
Bug summary: elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw [rhdts-8]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1680056
contact:
- Martin Cermak <mcermak@redhat.com>
component:
- elfutils
test: ./runtest.sh
framework: beakerlib
recommend:
- elfutils
- valgrind
duration: 48h
extra-summary: /tools/elfutils/Security/CVE-2019-7149-elfutils-heap-based-buffer-over-read
extra-task: /tools/elfutils/Security/CVE-2019-7149-elfutils-heap-based-buffer-over-read

43
tests/Security/CVE-2019-7149-elfutils-heap-based-buffer-over-read/runtest.sh
View File

@ -1,43 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /tools/elfutils/Security/CVE-2019-7149-elfutils-heap-based-buffer-over-read
# Description: CVE-2019-7149-elfutils-heap-based-buffer-over-read
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="elfutils"
rlJournalStart
rlPhaseStartTest
rlRun "which valgrind eu-nm"
# With RHEL I saw the invalid read of size 1 on aarch64 and ppc64le
# using devtoolset-7-elfutils-0.170-5.el7. I also saw it on x86_64
# with base rhel elfutils-0.172-2.el7.x86_64.
# IOW - It doesn't reproduce "everywhere".
rlRun "valgrind -q --error-exitcode=99 eu-nm -C POC1"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

64
tests/Security/CVE-2019-7150-segmentation-fault-in-elf64_xlatetom/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /tools/elfutils/Security/CVE-2019-7150-segmentation-fault-in-elf64_xlatetom
# Description: CVE-2019-7150-segmentation-fault-in-elf64_xlatetom
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/tools/elfutils/Security/CVE-2019-7150-segmentation-fault-in-elf64_xlatetom
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE POC2
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Martin Cermak <mcermak@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: CVE-2019-7150-segmentation-fault-in-elf64_xlatetom" >> $(METADATA)
@echo "Type: Security" >> $(METADATA)
@echo "TestTime: 48h" >> $(METADATA)
@echo "RunFor: elfutils" >> $(METADATA)
@echo "Requires: elfutils valgrind" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1680046" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

BIN
tests/Security/CVE-2019-7150-segmentation-fault-in-elf64_xlatetom/POC1
View File

Binary file not shown.

BIN
tests/Security/CVE-2019-7150-segmentation-fault-in-elf64_xlatetom/POC2
View File

Binary file not shown.

5
tests/Security/CVE-2019-7150-segmentation-fault-in-elf64_xlatetom/PURPOSE
View File

@ -1,5 +0,0 @@
PURPOSE of /tools/elfutils/Security/CVE-2019-7150-segmentation-fault-in-elf64_xlatetom
Description: CVE-2019-7150-segmentation-fault-in-elf64_xlatetom
Author: Martin Cermak <mcermak@redhat.com>
Bug summary: elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c [rhel-7]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1680046

16
tests/Security/CVE-2019-7150-segmentation-fault-in-elf64_xlatetom/main.fmf
View File

@ -1,16 +0,0 @@
summary: CVE-2019-7150-segmentation-fault-in-elf64_xlatetom
description: |
Bug summary: elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c [rhel-7]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1680046
contact:
- Martin Cermak <mcermak@redhat.com>
component:
- elfutils
test: ./runtest.sh
framework: beakerlib
recommend:
- elfutils
- valgrind
duration: 48h
extra-summary: /tools/elfutils/Security/CVE-2019-7150-segmentation-fault-in-elf64_xlatetom
extra-task: /tools/elfutils/Security/CVE-2019-7150-segmentation-fault-in-elf64_xlatetom

40
tests/Security/CVE-2019-7150-segmentation-fault-in-elf64_xlatetom/runtest.sh
View File

@ -1,40 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /tools/elfutils/Security/CVE-2019-7150-segmentation-fault-in-elf64_xlatetom
# Description: CVE-2019-7150-segmentation-fault-in-elf64_xlatetom
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="elfutils"
rlJournalStart
rlPhaseStartTest
# An error is expected (2), but a SEGV is not (139).
# Reproduced with elfutils-0.172-2.el7, verified with elfutils-0.176-1.el7
rlRun "valgrind -q --error-exitcode=99 eu-stack --core=POC2" 2
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

64
tests/Security/CVE-2019-7664-Out-of-bound-write-in-elf_cvt_note/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /tools/elfutils/Security/CVE-2019-7664-Out-of-bound-write-in-elf_cvt_note
# Description: CVE-2019-7664-Out-of-bound-write-in-elf_cvt_note
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/tools/elfutils/Security/CVE-2019-7664-Out-of-bound-write-in-elf_cvt_note
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE POC
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Martin Cermak <mcermak@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: CVE-2019-7664-Out-of-bound-write-in-elf_cvt_note" >> $(METADATA)
@echo "Type: Security" >> $(METADATA)
@echo "TestTime: 48h" >> $(METADATA)
@echo "RunFor: elfutils" >> $(METADATA)
@echo "Requires: elfutils valgrind" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1679071" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

BIN
tests/Security/CVE-2019-7664-Out-of-bound-write-in-elf_cvt_note/POC
View File

Binary file not shown.

5
tests/Security/CVE-2019-7664-Out-of-bound-write-in-elf_cvt_note/PURPOSE
View File

@ -1,5 +0,0 @@
PURPOSE of /tools/elfutils/Security/CVE-2019-7664-Out-of-bound-write-in-elf_cvt_note
Description: CVE-2019-7664-Out-of-bound-write-in-elf_cvt_note
Author: Martin Cermak <mcermak@redhat.com>
Bug summary: elfutils: Out of bound write in elf_cvt_note in libelf/note_xlate.h [rhel-7]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1679071

16
tests/Security/CVE-2019-7664-Out-of-bound-write-in-elf_cvt_note/main.fmf
View File

@ -1,16 +0,0 @@
summary: CVE-2019-7664-Out-of-bound-write-in-elf_cvt_note
description: |
Bug summary: elfutils: Out of bound write in elf_cvt_note in libelf/note_xlate.h [rhel-7]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1679071
contact:
- Martin Cermak <mcermak@redhat.com>
component:
- elfutils
test: ./runtest.sh
framework: beakerlib
recommend:
- elfutils
- valgrind
duration: 48h
extra-summary: /tools/elfutils/Security/CVE-2019-7664-Out-of-bound-write-in-elf_cvt_note
extra-task: /tools/elfutils/Security/CVE-2019-7664-Out-of-bound-write-in-elf_cvt_note

40
tests/Security/CVE-2019-7664-Out-of-bound-write-in-elf_cvt_note/runtest.sh
View File

@ -1,40 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /tools/elfutils/Security/CVE-2019-7664-Out-of-bound-write-in-elf_cvt_note
# Description: CVE-2019-7664-Out-of-bound-write-in-elf_cvt_note
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="elfutils"
rlJournalStart
rlPhaseStartTest
# Reproduced with elfutils-0.174-5.fc28.x86_64
# This is expected to fail (1), but not to segfault (139).
rlRun "valgrind -q --error-exitcode=99 eu-elflint -d POC" 1
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

64
tests/Security/CVE-2019-7665-heap-based-buffer-over-read-in-function-elf32_xlatetom/Makefile
View File

@ -1,64 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /tools/elfutils/Security/CVE-2019-7665-heap-based-buffer-over-read-in-function-elf32_xlatetom
# Description: CVE-2019-7665-heap-based-buffer-over-read-in-function-elf32_xlatetom
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/tools/elfutils/Security/CVE-2019-7665-heap-based-buffer-over-read-in-function-elf32_xlatetom
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE POC2
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Martin Cermak <mcermak@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: CVE-2019-7665-heap-based-buffer-over-read-in-function-elf32_xlatetom" >> $(METADATA)
@echo "Type: Security" >> $(METADATA)
@echo "TestTime: 48h" >> $(METADATA)
@echo "RunFor: elfutils" >> $(METADATA)
@echo "Requires: elfutils valgrind" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1679078" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

BIN
tests/Security/CVE-2019-7665-heap-based-buffer-over-read-in-function-elf32_xlatetom/POC2
View File

Binary file not shown.

5
tests/Security/CVE-2019-7665-heap-based-buffer-over-read-in-function-elf32_xlatetom/PURPOSE
View File

@ -1,5 +0,0 @@
PURPOSE of /tools/elfutils/Security/CVE-2019-7665-heap-based-buffer-over-read-in-function-elf32_xlatetom
Description: CVE-2019-7665-heap-based-buffer-over-read-in-function-elf32_xlatetom
Author: Martin Cermak <mcermak@redhat.com>
Bug summary: elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c [rhel-7]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1679078

16
tests/Security/CVE-2019-7665-heap-based-buffer-over-read-in-function-elf32_xlatetom/main.fmf
View File

@ -1,16 +0,0 @@
summary: CVE-2019-7665-heap-based-buffer-over-read-in-function-elf32_xlatetom
description: |
Bug summary: elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c [rhel-7]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1679078
contact:
- Martin Cermak <mcermak@redhat.com>
component:
- elfutils
test: ./runtest.sh
framework: beakerlib
recommend:
- elfutils
- valgrind
duration: 48h
extra-summary: /tools/elfutils/Security/CVE-2019-7665-heap-based-buffer-over-read-in-function-elf32_xlatetom
extra-task: /tools/elfutils/Security/CVE-2019-7665-heap-based-buffer-over-read-in-function-elf32_xlatetom

41
tests/Security/CVE-2019-7665-heap-based-buffer-over-read-in-function-elf32_xlatetom/runtest.sh
View File

@ -1,41 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /tools/elfutils/Security/CVE-2019-7665-heap-based-buffer-over-read-in-function-elf32_xlatetom
# Description: CVE-2019-7665-heap-based-buffer-over-read-in-function-elf32_xlatetom
# Author: Martin Cermak <mcermak@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="elfutils"
rlJournalStart
rlPhaseStartTest
# We expect 1, but not 99 ...
# Reproduced with valgrind-3.13.0-13.el7 and elfutils-0.172-2.el7
# Verified with valgrind-3.14.0-16.el7 and elfutils-0.176-1.el7
rlRun "valgrind -q --error-exitcode=99 eu-readelf -a POC2" 1
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

63
tests/Security/bz1139128-CVE-2014-0172-elfutils-integer-overflow/Makefile
View File

@ -1,63 +0,0 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /tools/elfutils/Security/bz1139128-CVE-2014-0172-elfutils-integer-overflow
# Description: CVE-2014-0172 elfutils: integer overflow, leading to a heap-based buffer overflow in libdw
# Author: Vaclav Kadlcik <vkadlcik@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2014 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/tools/elfutils/Security/bz1139128-CVE-2014-0172-elfutils-integer-overflow
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE dwz-overflow.elf
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Vaclav Kadlcik <vkadlcik@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: CVE-2014-0172 elfutils: integer overflow, leading to a heap-based buffer overflow in libdw" >> $(METADATA)
@echo "Type: Security" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: elfutils" >> $(METADATA)
@echo "Requires: elfutils" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2+" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 1139128" >> $(METADATA)
rhts-lint $(METADATA)

5
tests/Security/bz1139128-CVE-2014-0172-elfutils-integer-overflow/PURPOSE
View File

@ -1,5 +0,0 @@
PURPOSE of /tools/elfutils/Security/bz1139128-CVE-2014-0172-elfutils-integer-overflow
Description: CVE-2014-0172 elfutils: integer overflow, leading to a heap-based buffer overflow in libdw
Author: Vaclav Kadlcik <vkadlcik@redhat.com>
Bug summary: elfutils: integer overflow, leading to a heap-based buffer overflow in libdw [rhel-6.6]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1139128

BIN
tests/Security/bz1139128-CVE-2014-0172-elfutils-integer-overflow/dwz-overflow.elf
View File

Binary file not shown.

16
tests/Security/bz1139128-CVE-2014-0172-elfutils-integer-overflow/main.fmf
View File

@ -1,16 +0,0 @@
summary: 'CVE-2014-0172 elfutils: integer overflow, leading to a heap-based buffer
overflow in libdw'
description: |
Bug summary: elfutils: integer overflow, leading to a heap-based buffer overflow in libdw [rhel-6.6]
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=1139128
contact:
- Vaclav Kadlcik <vkadlcik@redhat.com>
component:
- elfutils
test: ./runtest.sh
framework: beakerlib
recommend:
- elfutils
duration: 5m
extra-summary: /tools/elfutils/Security/bz1139128-CVE-2014-0172-elfutils-integer-overflow
extra-task: /tools/elfutils/Security/bz1139128-CVE-2014-0172-elfutils-integer-overflow

56
tests/Security/bz1139128-CVE-2014-0172-elfutils-integer-overflow/runtest.sh
View File

@ -1,56 +0,0 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /tools/elfutils/Security/bz1139128-CVE-2014-0172-elfutils-integer-overflow
# Description: CVE-2014-0172 elfutils: integer overflow, leading to a heap-based buffer overflow in libdw
# Author: Vaclav Kadlcik <vkadlcik@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2014 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="elfutils"
# Reproducer by Florian Weimer
REPRODUCING_FILE=dwz-overflow.elf
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "cp $REPRODUCING_FILE $TmpDir" 0
rlRun "pushd $TmpDir"
rlPhaseEnd
rlPhaseStartTest
# eu-readelf since 0.153 was vulnerable.
# The following crashed with "Segmentation fault"
# and exit value 139.
rlRun "eu-readelf -w $REPRODUCING_FILE" 0,1 'eu-readelf should not crash'
rlPhaseEnd
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd