summaryrefslogtreecommitdiffstats
path: root/tools
diff options
context:
space:
mode:
authorLarry Knox <lrknox@hdfgroup.org>2023-03-29 18:15:11 (GMT)
committerGitHub <noreply@github.com>2023-03-29 18:15:11 (GMT)
commitabdc160a97c78b01580308fe43204a202d3a6951 (patch)
tree92e828b43bc13be1560f531c9d1d964a5a963d39 /tools
parentab1af79798985b57401596677f7db8eb186f55a1 (diff)
downloadhdf5-abdc160a97c78b01580308fe43204a202d3a6951.zip
hdf5-abdc160a97c78b01580308fe43204a202d3a6951.tar.gz
hdf5-abdc160a97c78b01580308fe43204a202d3a6951.tar.bz2
Minor cherry-pick merges to 1.12 (#2581)
Diffstat (limited to 'tools')
-rw-r--r--tools/test/h5dump/CMakeTests.cmake5
-rw-r--r--tools/test/h5dump/testh5dump.sh.in5
-rw-r--r--tools/testfiles/tCVE-2021-37501_attr_decode.h5bin0 -> 48544 bytes
3 files changed, 10 insertions, 0 deletions
diff --git a/tools/test/h5dump/CMakeTests.cmake b/tools/test/h5dump/CMakeTests.cmake
index 2505e84..be1a414 100644
--- a/tools/test/h5dump/CMakeTests.cmake
+++ b/tools/test/h5dump/CMakeTests.cmake
@@ -339,6 +339,7 @@
${HDF5_TOOLS_DIR}/testfiles/tCVE_2018_11206_fill_old.h5
${HDF5_TOOLS_DIR}/testfiles/tCVE_2018_11206_fill_new.h5
${HDF5_TOOLS_DIR}/testfiles/zerodim.h5
+ ${HDF5_TOOLS_DIR}/testfiles/tCVE-2021-37501_attr_decode.h5
#STD_REF_OBJ files
${HDF5_TOOLS_DIR}/testfiles/trefer_attr.h5
${HDF5_TOOLS_DIR}/testfiles/trefer_compat.h5
@@ -1187,6 +1188,10 @@
ADD_H5_TEST (tCVE_2018_11206_fill_old 1 tCVE_2018_11206_fill_old.h5)
ADD_H5_TEST (tCVE_2018_11206_fill_new 1 tCVE_2018_11206_fill_new.h5)
+ # test to verify fix for CVE-2021-37501: multiplication overflow in H5O__attr_decode()
+ # https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.assets/poc
+ ADD_H5_TEST (tCVE-2021-37501_attr_decode 1 tCVE-2021-37501_attr_decode.h5)
+
##############################################################################
### P L U G I N T E S T S
##############################################################################
diff --git a/tools/test/h5dump/testh5dump.sh.in b/tools/test/h5dump/testh5dump.sh.in
index 5d7ff88..ae5cc56 100644
--- a/tools/test/h5dump/testh5dump.sh.in
+++ b/tools/test/h5dump/testh5dump.sh.in
@@ -183,6 +183,7 @@ $SRC_H5DUMP_TESTFILES/tvms.h5
$SRC_H5DUMP_TESTFILES/err_attr_dspace.h5
$SRC_H5DUMP_TESTFILES/tCVE_2018_11206_fill_old.h5
$SRC_H5DUMP_TESTFILES/tCVE_2018_11206_fill_new.h5
+$SRC_H5DUMP_TESTFILES/tCVE-2021-37501_attr_decode.h5
"
LIST_OTHER_TEST_FILES="
@@ -1485,6 +1486,10 @@ TOOLTEST err_attr_dspace.ddl err_attr_dspace.h5
TOOLTEST_FAIL tCVE_2018_11206_fill_old.h5
TOOLTEST_FAIL tCVE_2018_11206_fill_new.h5
+# test to verify fix for CVE-2021-37501: multiplication overflow in H5O__attr_decode()
+# https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.assets/poc
+TOOLTEST_FAIL tCVE-2021-37501_attr_decode.h5
+
# Clean up temporary files/directories
CLEAN_TESTFILES_AND_TESTDIR
diff --git a/tools/testfiles/tCVE-2021-37501_attr_decode.h5 b/tools/testfiles/tCVE-2021-37501_attr_decode.h5
new file mode 100644
index 0000000..331b05b
--- /dev/null
+++ b/tools/testfiles/tCVE-2021-37501_attr_decode.h5
Binary files differ