Date: Fri, 6 Apr 2018 15:57:21 +0000 (UTC) From: Kristof Provost <kp@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r332108 - head/tests/sys/netpfil/pf/ioctl Message-ID: <201804061557.w36FvLRZ017550@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kp Date: Fri Apr 6 15:57:20 2018 New Revision: 332108 URL: https://svnweb.freebsd.org/changeset/base/332108 Log: pf tests: Basic ioctl validation for DIOCRGETTABLES, DIOCRGETTSTATS, DIOCRCLRTSTATS and DIOCRSETTFLAGS Validate the DIOCRGETTABLES, DIOCRGETTSTATS, DIOCRCLRTSTATS and DIOCRSETTFLAGS ioctls with invalid values. These may succeed (because the kernel uses the minimally required size, not the specified size), but should not trigger kernel panics. MFC after: 1 week Modified: head/tests/sys/netpfil/pf/ioctl/validation.c Modified: head/tests/sys/netpfil/pf/ioctl/validation.c ============================================================================== --- head/tests/sys/netpfil/pf/ioctl/validation.c Fri Apr 6 15:54:30 2018 (r332107) +++ head/tests/sys/netpfil/pf/ioctl/validation.c Fri Apr 6 15:57:20 2018 (r332108) @@ -51,6 +51,16 @@ static int dev; #define COMMON_CLEANUP() \ close(dev); +void +common_init_tbl(struct pfr_table *tbl) +{ + bzero(tbl, sizeof(struct pfr_table)); + strcpy(tbl->pfrt_anchor, "anchor"); + strcpy(tbl->pfrt_name, "name"); + tbl->pfrt_flags = 0; + tbl->pfrt_fback = 0; +} + ATF_TC_WITHOUT_HEAD(addtables); ATF_TC_BODY(addtables, tc) { @@ -121,10 +131,138 @@ ATF_TC_BODY(deltables, tc) COMMON_CLEANUP(); } +ATF_TC_WITHOUT_HEAD(gettables); +ATF_TC_BODY(gettables, tc) +{ + struct pfioc_table io; + struct pfr_table tbl; + int flags; + + COMMON_HEAD(); + + flags = 0; + + bzero(&io, sizeof(io)); + io.pfrio_flags = flags; + io.pfrio_buffer = &tbl; + io.pfrio_esize = sizeof(tbl); + + /* Negative size. This will succeed, because the kernel will not copy + * tables than it has. */ + io.pfrio_size = -1; + if (ioctl(dev, DIOCRGETTABLES, &io) != 0) + atf_tc_fail("Request with size -1 failed"); + + /* Overly large size. See above. */ + io.pfrio_size = 1 << 24; + if (ioctl(dev, DIOCRGETTABLES, &io) != 0) + atf_tc_fail("Request with size 1 << 24 failed"); + + COMMON_CLEANUP(); +} + +ATF_TC_WITHOUT_HEAD(gettstats); +ATF_TC_BODY(gettstats, tc) +{ + struct pfioc_table io; + struct pfr_tstats stats; + int flags; + + COMMON_HEAD(); + + flags = 0; + + bzero(&io, sizeof(io)); + io.pfrio_flags = flags; + io.pfrio_buffer = &stats; + io.pfrio_esize = sizeof(stats); + + /* Negative size. This will succeed, because the kernel will not copy + * tables than it has. */ + io.pfrio_size = -1; + if (ioctl(dev, DIOCRGETTSTATS, &io) != 0) + atf_tc_fail("Request with size -1 failed"); + + /* Overly large size. See above. */ + io.pfrio_size = 1 << 24; + if (ioctl(dev, DIOCRGETTSTATS, &io) != 0) + atf_tc_fail("Request with size 1 << 24 failed"); + + COMMON_CLEANUP(); +} + +ATF_TC_WITHOUT_HEAD(clrtstats); +ATF_TC_BODY(clrtstats, tc) +{ + struct pfioc_table io; + struct pfr_table tbl; + int flags; + + COMMON_HEAD(); + + flags = 0; + + common_init_tbl(&tbl); + + bzero(&io, sizeof(io)); + io.pfrio_flags = flags; + io.pfrio_buffer = &tbl; + io.pfrio_esize = sizeof(tbl); + + /* Negative size. This will succeed, because the kernel will not copy + * tables than it has. */ + io.pfrio_size = -1; + if (ioctl(dev, DIOCRCLRTSTATS, &io) != 0) + atf_tc_fail("Request with size -1 failed "); + + /* Overly large size. See above. */ + io.pfrio_size = 1 << 24; + if (ioctl(dev, DIOCRCLRTSTATS, &io) != 0) + atf_tc_fail("Request with size 1 << 24 failed"); + + COMMON_CLEANUP(); +} + +ATF_TC_WITHOUT_HEAD(settflags); +ATF_TC_BODY(settflags, tc) +{ + struct pfioc_table io; + struct pfr_table tbl; + int flags; + + COMMON_HEAD(); + + flags = 0; + + common_init_tbl(&tbl); + + bzero(&io, sizeof(io)); + io.pfrio_flags = flags; + io.pfrio_buffer = &tbl; + io.pfrio_esize = sizeof(tbl); + + /* Negative size. This will succeed, because the kernel will not copy + * tables than it has. */ + io.pfrio_size = -1; + if (ioctl(dev, DIOCRSETTFLAGS, &io) != 0) + atf_tc_fail("Request with size -1 failed"); + + /* Overly large size. See above. */ + io.pfrio_size = 1 << 28; + if (ioctl(dev, DIOCRSETTFLAGS, &io) != 0) + atf_tc_fail("Request with size 1 << 24 failed"); + + COMMON_CLEANUP(); +} + ATF_TP_ADD_TCS(tp) { ATF_TP_ADD_TC(tp, addtables); ATF_TP_ADD_TC(tp, deltables); + ATF_TP_ADD_TC(tp, gettables); + ATF_TP_ADD_TC(tp, gettstats); + ATF_TP_ADD_TC(tp, clrtstats); + ATF_TP_ADD_TC(tp, settflags); return (atf_no_error()); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804061557.w36FvLRZ017550>