diff options
author | Larry Knox <lrknox@hdfgroup.org> | 2023-04-04 17:36:27 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-04 17:36:27 (GMT) |
commit | 37a8e3024e1be71325b752d3001a02389f60434c (patch) | |
tree | 282156b2c42f7b75ff01643d16e20e9b45894ac2 /tools/test/h5dump/testh5dump.sh.in | |
parent | 101210c16ee978f51a9effcc56813f00c16cb1cd (diff) | |
download | hdf5-37a8e3024e1be71325b752d3001a02389f60434c.zip hdf5-37a8e3024e1be71325b752d3001a02389f60434c.tar.gz hdf5-37a8e3024e1be71325b752d3001a02389f60434c.tar.bz2 |
Minor cherry-pick merges to 1.14 (#2582)
* Enclose MESG in do...while loop (#2576)
Enclose MSG macro in a do...while loop
* Add a clang-format comment about permissions (#2577)
* Remove an obsolete comment from the MDS test (#2578)
The seed is now broadcast from rank 0, so the warning about multiple
machines having different seeds is unnecessary.
* Subfiling VFD - fix issues with I/O concentrator selection strategies (#2571)
Fix multiple bugs with the SELECT_IOC_EVERY_NTH_RANK and
SELECT_IOC_TOTAL I/O concentrator selection strategies and add a
regression test for them
* Check for overflow when calculating on-disk attribute data size (#2459)
* Remove duplicate code
Signed-off-by: Egbert Eich <eich@suse.com>
* Add test case for CVE-2021-37501
Bogus sizes in this test case causes the on-disk data size
calculation in H5O__attr_decode() to overflow so that the
calculated size becomes 0. This causes the read to overflow
and h5dump to segfault.
This test case was crafted, the test file was not directly
generated by HDF5.
Test case from:
https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.md
---------
Co-authored-by: glennsong09 <43005495+glennsong09@users.noreply.github.com>
Co-authored-by: Dana Robinson <43805+derobins@users.noreply.github.com>
Co-authored-by: jhendersonHDF <jhenderson@hdfgroup.org>
Co-authored-by: Egbert Eich <eich@suse.com>
Diffstat (limited to 'tools/test/h5dump/testh5dump.sh.in')
-rw-r--r-- | tools/test/h5dump/testh5dump.sh.in | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/tools/test/h5dump/testh5dump.sh.in b/tools/test/h5dump/testh5dump.sh.in index 24807cb..6ea410b 100644 --- a/tools/test/h5dump/testh5dump.sh.in +++ b/tools/test/h5dump/testh5dump.sh.in @@ -183,6 +183,7 @@ $SRC_H5DUMP_TESTFILES/tvms.h5 $SRC_H5DUMP_TESTFILES/err_attr_dspace.h5 $SRC_H5DUMP_TESTFILES/tCVE_2018_11206_fill_old.h5 $SRC_H5DUMP_TESTFILES/tCVE_2018_11206_fill_new.h5 +$SRC_H5DUMP_TESTFILES/tCVE-2021-37501_attr_decode.h5 $SRC_H5DUMP_TESTFILES/tst_onion_objs.h5 $SRC_H5DUMP_TESTFILES/tst_onion_objs.h5.onion $SRC_H5DUMP_TESTFILES/tst_onion_dset_ext.h5 @@ -1495,6 +1496,10 @@ TOOLTEST err_attr_dspace.ddl err_attr_dspace.h5 TOOLTEST_FAIL tCVE_2018_11206_fill_old.h5 TOOLTEST_FAIL tCVE_2018_11206_fill_new.h5 +# test to verify fix for CVE-2021-37501: multiplication overflow in H5O__attr_decode() +# https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.assets/poc +TOOLTEST_FAIL tCVE-2021-37501_attr_decode.h5 + # test Onion VFD TOOLTEST tst_onion_objs.ddl --enable-error-stack --vfd-name onion --vfd-info 3 tst_onion_objs.h5 TOOLTEST tst_onion_dset_ext.ddl --enable-error-stack --vfd-name onion --vfd-info 1 tst_onion_dset_ext.h5 |