summaryrefslogtreecommitdiffstats
path: root/tools
diff options
context:
space:
mode:
authorLarry Knox <lrknox@hdfgroup.org>2023-03-18 01:25:04 (GMT)
committerGitHub <noreply@github.com>2023-03-18 01:25:04 (GMT)
commita01f570f97287295e960633feab4c3908ea318d7 (patch)
tree2e650c7046b014cd1b83942d8e902565fefc5895 /tools
parentaee6290441102864d7c9a74b2b1521a58a8c7649 (diff)
downloadhdf5-a01f570f97287295e960633feab4c3908ea318d7.zip
hdf5-a01f570f97287295e960633feab4c3908ea318d7.tar.gz
hdf5-a01f570f97287295e960633feab4c3908ea318d7.tar.bz2
Minor merges to 1.10 (#2579)
* Elaborate how cd_values get stored (#2522) * Enclose MESG in do...while loop (#2576) Enclose MSG macro in a do...while loop * Add a clang-format comment about permissions (#2577) * Check for overflow when calculating on-disk attribute data size (#2459) * Remove duplicate code Signed-off-by: Egbert Eich <eich@suse.com> * Add test case for CVE-2021-37501 Bogus sizes in this test case causes the on-disk data size calculation in H5O__attr_decode() to overflow so that the calculated size becomes 0. This causes the read to overflow and h5dump to segfault. This test case was crafted, the test file was not directly generated by HDF5. Test case from: https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.md --------- Co-authored-by: Mark (he/his) C. Miller <miller86@llnl.gov> Co-authored-by: glennsong09 <43005495+glennsong09@users.noreply.github.com> Co-authored-by: Dana Robinson <43805+derobins@users.noreply.github.com> Co-authored-by: Egbert Eich <eich@suse.com>
Diffstat (limited to 'tools')
-rw-r--r--tools/test/h5dump/CMakeTests.cmake4
-rw-r--r--tools/test/h5dump/testh5dump.sh.in5
-rw-r--r--tools/testfiles/tCVE-2021-37501_attr_decode.h5bin0 -> 48544 bytes
3 files changed, 9 insertions, 0 deletions
diff --git a/tools/test/h5dump/CMakeTests.cmake b/tools/test/h5dump/CMakeTests.cmake
index 8dc815a..509d29a 100644
--- a/tools/test/h5dump/CMakeTests.cmake
+++ b/tools/test/h5dump/CMakeTests.cmake
@@ -327,6 +327,7 @@
${HDF5_TOOLS_DIR}/testfiles/tCVE_2018_11206_fill_old.h5
${HDF5_TOOLS_DIR}/testfiles/tCVE_2018_11206_fill_new.h5
${HDF5_TOOLS_DIR}/testfiles/zerodim.h5
+ ${HDF5_TOOLS_DIR}/testfiles/tCVE-2021-37501_attr_decode.h5
)
set (HDF5_ERROR_REFERENCE_TEST_FILES
${PROJECT_SOURCE_DIR}/errfiles/filter_fail.err
@@ -1145,6 +1146,9 @@
# test to verify HDFFV-10480: out of bounds read in H5O_fill_new[old]_decode
ADD_H5_TEST (tCVE_2018_11206_fill_old 1 tCVE_2018_11206_fill_old.h5)
ADD_H5_TEST (tCVE_2018_11206_fill_new 1 tCVE_2018_11206_fill_new.h5)
+ # test to verify fix for CVE-2021-37501: multiplication overflow in H5O__attr_decode()
+ # https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.assets/poc
+ ADD_H5_TEST (tCVE-2021-37501_attr_decode 1 tCVE-2021-37501_attr_decode.h5)
##############################################################################
### P L U G I N T E S T S
diff --git a/tools/test/h5dump/testh5dump.sh.in b/tools/test/h5dump/testh5dump.sh.in
index cf1b92d..8d0e03f 100644
--- a/tools/test/h5dump/testh5dump.sh.in
+++ b/tools/test/h5dump/testh5dump.sh.in
@@ -180,6 +180,7 @@ $SRC_H5DUMP_TESTFILES/tvlstr.h5
$SRC_H5DUMP_TESTFILES/tvms.h5
$SRC_H5DUMP_TESTFILES/tCVE_2018_11206_fill_old.h5
$SRC_H5DUMP_TESTFILES/tCVE_2018_11206_fill_new.h5
+$SRC_H5DUMP_TESTFILES/tCVE-2021-37501_attr_decode.h5
"
LIST_OTHER_TEST_FILES="
@@ -1475,6 +1476,10 @@ TOOLTEST3 non_existing.ddl --enable-error-stack tgroup.h5 non_existing.h5
TOOLTEST_FAIL tCVE_2018_11206_fill_old.h5
TOOLTEST_FAIL tCVE_2018_11206_fill_new.h5
+# test to verify fix for CVE-2021-37501: multiplication overflow in H5O__attr_decode()
+# https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.assets/poc
+TOOLTEST_FAIL tCVE-2021-37501_attr_decode.h5
+
# Clean up temporary files/directories
CLEAN_TESTFILES_AND_TESTDIR
diff --git a/tools/testfiles/tCVE-2021-37501_attr_decode.h5 b/tools/testfiles/tCVE-2021-37501_attr_decode.h5
new file mode 100644
index 0000000..331b05b
--- /dev/null
+++ b/tools/testfiles/tCVE-2021-37501_attr_decode.h5
Binary files differ