Testing tools or test-suites for testing of glibc-2.2.4

[Balraj Dahiya]

Hello

We have added a patch for the xdr_array buffer overflow vulnerability in
our glibc version 2.2.4.The  basic purpose of the patch is to
implement boundary checking before allocating buffers for the  the
received data.The patch is as follows.

diff -uNr glibc-2.2.4.orig/sunrpc/xdr_array.c glibc-2.2.4/sunrpc/xdr_array.c
--- glibc-2.2.4.orig/sunrpc/xdr_array.c Mon Oct 28 17:23:51 2002
+++ glibc-2.2.4/sunrpc/xdr_array.c      Mon Oct 28 18:49:31 2002
@@ -44,6 +44,12 @@
 #include <string.h>
 #include <rpc/types.h>
 #include <rpc/xdr.h>
+#include <libintl.h>
+#include <limits.h>
+
+#ifdef USE_IN_LIBIO
+# include <wchar.h>
+#endif
 
 #define LASTUNSIGNED   ((u_int)0-1)
 
@@ -76,7 +82,11 @@
       return FALSE;
     }
   c = *sizep;
-  if ((c > maxsize) && (xdrs->x_op != XDR_FREE))
+  /*
+   * XXX: Let the overflow possibly happen with XDR_FREE because mem_free()
+   * doesn't actually use its second argument anyway.
+   */
+  if ((c > maxsize || c > UINT_MAX / elsize) && (xdrs->x_op != XDR_FREE))
     {
       return FALSE;
     }

Have you got any test cases for testing this particular patch in
glibc-2.2.4.

I didn't find any testing tools or test-case  for testing glibc* on
url
http://www.gnu.org/.

Also I downloaded source code of glibc-2.2.4 from
ftp://ftp.gnu.org/gnu/glibc/.
But I didn't find any information regarding test program  which is
used for testing glibc-2.2.4 or
for testing some specific code of glibc*.

Can anyone suggest me how we test this specific area in
glibc-2.2.4?

Thanks & Regards,
Balraj Dahiya

--------------------------------------------------------------------------------------------------------------------------------
 Balraj Dahiya    
 The SCO Group,
 56, 2nd floor, Janpath,
 New Delhi, India-110 001,
 Phone No -  91-11-3736466   Extn - 2254.
 
 "You see things and say : WHY? But I dream of things that never were, and say : WHY NOT ?
 - Bernard Shaw "