Testing tools or test-suites for testing of glibc-2.2.4
From:
Balraj Dahiya
Subject:
Testing tools or test-suites for testing of glibc-2.2.4
Date:
Mon, 25 Nov 2002 16:43:14 +0530
Hello
We have added a patch for the xdr_array buffer overflow vulnerability in
our glibc version 2.2.4.The basic purpose of the patch is to
implement boundary checking before allocating buffers for the the
received data.The patch is as follows.
@@ -76,7 +82,11 @@
return FALSE;
}
c = *sizep;
- if ((c > maxsize) && (xdrs->x_op !=
XDR_FREE))
+ /*
+ * XXX: Let the overflow possibly happen with XDR_FREE
because mem_free()
+ * doesn't actually use its second argument anyway.
+ */
+ if ((c > maxsize || c > UINT_MAX / elsize) &&
(xdrs->x_op != XDR_FREE))
{
return FALSE;
}
Have you got any test cases for testing this particular patch in
glibc-2.2.4.
I didn't find any testing tools or test-case for testing glibc* on
url http://www.gnu.org/.
Also I downloaded source code of glibc-2.2.4 from
ftp://ftp.gnu.org/gnu/glibc/.
But I didn't find any information regarding test program which is
used for testing glibc-2.2.4 or
for testing some specific code of glibc*.
Can anyone suggest me how we test this specific area in
glibc-2.2.4?
Thanks & Regards,
Balraj Dahiya
--------------------------------------------------------------------------------------------------------------------------------
Balraj Dahiya
The SCO Group,
56, 2nd floor, Janpath,
New Delhi, India-110 001,
Phone No - 91-11-3736466 Extn - 2254.
"You see things and say : WHY?
But I dream of things that never were, and say : WHY NOT ?
- Bernard Shaw "
[Prev in Thread]
Current Thread
[Next in Thread]
Testing tools or test-suites for testing of glibc-2.2.4,
Balraj Dahiya<=