Date: Mon, 04 May 2026 17:28:22 +0000 From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 41b03932e590 - main - tests: Add a simple regression test for an execve overflow bug Message-ID: <69f8d736.322ba.1871d479@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=41b03932e59068decf03b7975889841f71c73ec4 commit 41b03932e59068decf03b7975889841f71c73ec4 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2026-05-04 15:39:55 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2026-05-04 17:28:02 +0000 tests: Add a simple regression test for an execve overflow bug MFC after: 2 weeks --- tests/sys/kern/Makefile | 1 + tests/sys/kern/execve_overflow.c | 46 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/tests/sys/kern/Makefile b/tests/sys/kern/Makefile index a5a2af67e39d..a06e8702f16d 100644 --- a/tests/sys/kern/Makefile +++ b/tests/sys/kern/Makefile @@ -17,6 +17,7 @@ ATF_TESTS_C+= kern_copyin ATF_TESTS_C+= kern_descrip_test # One test modifies the maxfiles limit, which can cause spurious test failures. TEST_METADATA.kern_descrip_test+= is_exclusive="true" +PLAIN_TESTS_C+= execve_overflow ATF_TESTS_C+= exterr_test ATF_TESTS_C+= fdgrowtable_test ATF_TESTS_C+= getdirentries_test diff --git a/tests/sys/kern/execve_overflow.c b/tests/sys/kern/execve_overflow.c new file mode 100644 index 000000000000..462f36ac5154 --- /dev/null +++ b/tests/sys/kern/execve_overflow.c @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2026 Mark Johnston <markj@FreeBSD.org> + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +/* + * A minimal regression test for FreeBSD-SA-26:13.exec. + */ + +#include <err.h> +#include <fcntl.h> +#include <limits.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define SCRIPTNAME "script" +#define SCRIPTBODY "#!/bin/sh\nexit 0\n" + +int +main(void) +{ + char *argv; + size_t size; + int fd; + + fd = open(SCRIPTNAME, O_WRONLY | O_CREAT | O_TRUNC, 0700); + if (fd == -1) + err(1, "open"); + if (write(fd, SCRIPTBODY, sizeof(SCRIPTBODY) - 1) != + sizeof(SCRIPTBODY) - 1) + err(1, "write"); + close(fd); + + size = ARG_MAX / 2; + argv = malloc(size); + if (argv == NULL) + err(1, "malloc"); + memset(argv, 'a', size - 1); + argv[size - 1] = '\0'; + + execve(SCRIPTNAME, (char *[]){ argv, NULL }, (char *[]){ NULL }); + + exit(1); +}home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69f8d736.322ba.1871d479>