diff options
| author | Larry Knox <lrknox@hdfgroup.org> | 2023-03-29 18:15:11 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-29 18:15:11 (GMT) |
| commit | abdc160a97c78b01580308fe43204a202d3a6951 (patch) | |
| tree | 92e828b43bc13be1560f531c9d1d964a5a963d39 /tools | |
| parent | ab1af79798985b57401596677f7db8eb186f55a1 (diff) | |
| download | hdf5-abdc160a97c78b01580308fe43204a202d3a6951.zip hdf5-abdc160a97c78b01580308fe43204a202d3a6951.tar.gz hdf5-abdc160a97c78b01580308fe43204a202d3a6951.tar.bz2 | |
Minor cherry-pick merges to 1.12 (#2581)
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/test/h5dump/CMakeTests.cmake | 5 | ||||
| -rw-r--r-- | tools/test/h5dump/testh5dump.sh.in | 5 | ||||
| -rw-r--r-- | tools/testfiles/tCVE-2021-37501_attr_decode.h5 | bin | 0 -> 48544 bytes |
3 files changed, 10 insertions, 0 deletions
diff --git a/tools/test/h5dump/CMakeTests.cmake b/tools/test/h5dump/CMakeTests.cmake index 2505e84..be1a414 100644 --- a/tools/test/h5dump/CMakeTests.cmake +++ b/tools/test/h5dump/CMakeTests.cmake @@ -339,6 +339,7 @@ ${HDF5_TOOLS_DIR}/testfiles/tCVE_2018_11206_fill_old.h5 ${HDF5_TOOLS_DIR}/testfiles/tCVE_2018_11206_fill_new.h5 ${HDF5_TOOLS_DIR}/testfiles/zerodim.h5 + ${HDF5_TOOLS_DIR}/testfiles/tCVE-2021-37501_attr_decode.h5 #STD_REF_OBJ files ${HDF5_TOOLS_DIR}/testfiles/trefer_attr.h5 ${HDF5_TOOLS_DIR}/testfiles/trefer_compat.h5 @@ -1187,6 +1188,10 @@ ADD_H5_TEST (tCVE_2018_11206_fill_old 1 tCVE_2018_11206_fill_old.h5) ADD_H5_TEST (tCVE_2018_11206_fill_new 1 tCVE_2018_11206_fill_new.h5) + # test to verify fix for CVE-2021-37501: multiplication overflow in H5O__attr_decode() + # https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.assets/poc + ADD_H5_TEST (tCVE-2021-37501_attr_decode 1 tCVE-2021-37501_attr_decode.h5) + ############################################################################## ### P L U G I N T E S T S ############################################################################## diff --git a/tools/test/h5dump/testh5dump.sh.in b/tools/test/h5dump/testh5dump.sh.in index 5d7ff88..ae5cc56 100644 --- a/tools/test/h5dump/testh5dump.sh.in +++ b/tools/test/h5dump/testh5dump.sh.in @@ -183,6 +183,7 @@ $SRC_H5DUMP_TESTFILES/tvms.h5 $SRC_H5DUMP_TESTFILES/err_attr_dspace.h5 $SRC_H5DUMP_TESTFILES/tCVE_2018_11206_fill_old.h5 $SRC_H5DUMP_TESTFILES/tCVE_2018_11206_fill_new.h5 +$SRC_H5DUMP_TESTFILES/tCVE-2021-37501_attr_decode.h5 " LIST_OTHER_TEST_FILES=" @@ -1485,6 +1486,10 @@ TOOLTEST err_attr_dspace.ddl err_attr_dspace.h5 TOOLTEST_FAIL tCVE_2018_11206_fill_old.h5 TOOLTEST_FAIL tCVE_2018_11206_fill_new.h5 +# test to verify fix for CVE-2021-37501: multiplication overflow in H5O__attr_decode() +# https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.assets/poc +TOOLTEST_FAIL tCVE-2021-37501_attr_decode.h5 + # Clean up temporary files/directories CLEAN_TESTFILES_AND_TESTDIR diff --git a/tools/testfiles/tCVE-2021-37501_attr_decode.h5 b/tools/testfiles/tCVE-2021-37501_attr_decode.h5 Binary files differnew file mode 100644 index 0000000..331b05b --- /dev/null +++ b/tools/testfiles/tCVE-2021-37501_attr_decode.h5 |