generic: posix acl extended attribute memory corruption test
authorDarrick J. Wong <darrick.wong@oracle.com>
Wed, 13 Feb 2019 20:48:14 +0000 (12:48 -0800)
committerEryu Guan <guaneryu@gmail.com>
Sat, 16 Feb 2019 12:03:53 +0000 (20:03 +0800)
commite6897e32b83e2e54c592bd947805a788a3b1c7c8
tree564f5eb6022582b492b78a64cbbd529787dd26b3
parent26e4a81c78d7599b89493da4d7d65b901e6173c2
generic: posix acl extended attribute memory corruption test

XFS had a use-after-free bug when xfs_xattr_put_listent runs out of
listxattr buffer space while trying to store the name
"system.posix_acl_access" and then corrupts memory by not checking
the seen_enough state and then trying to shove
"trusted.SGI_ACL_FILE" into the buffer as well.

In order to tickle the bug in a user visible way we must have
already put a name in the buffer, so we take advantage of the fact
that "security.evm" sorts before "system.posix_acl_access" to make
sure this happens.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
.gitignore
src/Makefile
src/t_attr_corruption.c [new file with mode: 0644]
tests/generic/529 [new file with mode: 0755]
tests/generic/529.out [new file with mode: 0644]
tests/generic/group