Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20110410044515.GB13185@brightrain.aerifal.cx>
Date: Sun, 10 Apr 2011 00:45:15 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Simple testing task - string functions

Here's a testing task (particularly for Luka who's applied for SoC)
I'd like to see written. It's based on a recent bug that turned up in
strchr. The interfaces to be tested are strlen, strchr, strcspn,
strspn, memchr, etc. - any string/memory function that scans a range
of memory and needs to stop when it hits a byte matching certain
conditions. We're looking to detect invalid memory access past the end
of the object, and tests should go something like:

1. Allocate two pages of memory with mmap and make the second one
unreadable and unwritable using mprotect.

2. Arrange for the byte that stops the scan to be either the last byte
of the first page, or one of the previous 7 bytes (try them all). Note
that for some interfaces, there are more than one way the scan can be
terminated (e.g. either a matching character of a null terminator) in
which case you want to test both.

3. For each choice of terminator location and type in 2, you want to
test every possible length and alignment leading up to it. You should
test starting the scan exactly at the terminator, one byte before it,
2 bytes before it, ... all the way back to the beginning of the page.

4. Make sure you test both with high and low bytes (8th bit on or off)
as both the non-terminating and terminating bytes, in order to also
catch any errors due to signedness of char.

A signal handler for SIGSEGV, along with siglongjmp to exit the signal
handler, may be convenient for allowing the tests to continue in the
event of a failure or at least reporting which test the failure
occurred in.

Please don't spend time developing any fancy framework for this. It
should take just a few hours to get something working, and most of the
code can be in main() for all I care as long as it works. Part of the
criterion for working is that it should detect the strchr misaligned
read bug in 0.7.6 that was fixed in 0.7.7, and the signedness bug in
0.7.5 that was fixed in 0.7.6.


Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.