summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorLarry Knox <lrknox@hdfgroup.org>2021-09-15 19:16:15 (GMT)
committerGitHub <noreply@github.com>2021-09-15 19:16:15 (GMT)
commit4bf757e87bf1aa0d2e6fc5ee6128b795c535c27a (patch)
tree9ee2bdebe512e64b129f71792cc32f116eecf19a /test
parent3cf0d48272f0ec6afbec318c90c945e91b7ba56d (diff)
downloadhdf5-4bf757e87bf1aa0d2e6fc5ee6128b795c535c27a.zip
hdf5-4bf757e87bf1aa0d2e6fc5ee6128b795c535c27a.tar.gz
hdf5-4bf757e87bf1aa0d2e6fc5ee6128b795c535c27a.tar.bz2
1.10 Fixes a bad memory read and unfreed memory in fsinfo code (#893) (#1013)
* Fixes a bad memory read and unfreed memory in fsinfo code (#893) * Fixes a bad memory read and unfreed memory in fsinfo code The segfault from CVE-2020-10810 was fixed some time ago, but the illegal memory read and unfreed memory were not. This fix tracks some buffer sizes and errors out gracefully on errors, ensuring buffers are cleaned up and avoiding the H5FL infinite loop + abort on library close. * Committing clang-format changes Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> * Committing clang-format changes Co-authored-by: Dana Robinson <43805+derobins@users.noreply.github.com> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Diffstat (limited to 'test')
-rw-r--r--test/cve_2020_10810.h5bin0 -> 1808 bytes
-rw-r--r--test/ohdr.c56
2 files changed, 56 insertions, 0 deletions
diff --git a/test/cve_2020_10810.h5 b/test/cve_2020_10810.h5
new file mode 100644
index 0000000..5cface3
--- /dev/null
+++ b/test/cve_2020_10810.h5
Binary files differ
diff --git a/test/ohdr.c b/test/ohdr.c
index 0fb75bb..fe188d6 100644
--- a/test/ohdr.c
+++ b/test/ohdr.c
@@ -456,6 +456,59 @@ error:
} /* test_ohdr_swmr() */
/*
+ * Tests bad object header messages.
+ *
+ * Currently tests for CVE-2020-10810 fixes but can be expanded to handle
+ * other CVE badness.
+ */
+
+/* This is a generated file that can be obtained from:
+ *
+ * https://nvd.nist.gov/vuln/detail/CVE-2020-10810
+ *
+ * It was formerly named H5AC_unpin_entry_POC
+ */
+#define CVE_2020_10810_FILENAME "cve_2020_10810.h5"
+
+static herr_t
+test_ohdr_badness(hid_t fapl)
+{
+ hid_t fid = H5I_INVALID_HID;
+
+ /* CVE-2020-10810 involved a malformed fsinfo message
+ * This test ensures the fundamental problem is fixed. Running it under
+ * valgrind et al. will ensure that the memory leaks and invalid access
+ * are fixed.
+ */
+ TESTING("Fix for CVE-2020-10810");
+
+ H5E_BEGIN_TRY
+ {
+ /* This should fail due to the malformed fsinfo message. It should
+ * fail gracefully and not segfault.
+ */
+ fid = H5Fopen(CVE_2020_10810_FILENAME, H5F_ACC_RDWR, fapl);
+ }
+ H5E_END_TRY;
+
+ if (fid >= 0)
+ FAIL_PUTS_ERROR("should not have been able to open malformed file");
+
+ PASSED();
+
+ return SUCCEED;
+
+error:
+ H5E_BEGIN_TRY
+ {
+ H5Fclose(fid);
+ }
+ H5E_END_TRY;
+
+ return FAIL;
+}
+
+/*
* To test objects with unknown messages in a file with:
* a) H5O_BOGUS_VALID_ID:
* --the bogus_id is within the range of H5O_msg_class_g[]
@@ -2046,6 +2099,9 @@ main(void)
} /* high */
} /* low */
+ /* Verify bad ohdr message fixes work */
+ test_ohdr_badness(fapl);
+
/* Verify symbol table messages are cached */
if (h5_verify_cached_stabs(FILENAME, fapl) < 0)
TEST_ERROR