Xen Test Framework
tests
xsa-194
main.c
Go to the documentation of this file.
1
29
#include <xtf.h>
30
31
const
char
test_title
[] =
"XSA-194 PoC"
;
32
33
ELFNOTE
(Xen,
XEN_ELFNOTE_BSD_SYMTAB
,
".asciz \"yes\""
);
34
35
int
memcmpzero
(
const
void
*buf,
size_t
sz)
36
{
37
const
char
*ptr = buf;
38
size_t
i;
39
40
for
( i = 0; i < sz; ++i )
41
if
( ptr[i] != 0 )
42
return
ptr[i];
43
44
return
0;
45
}
46
47
void
test_main
(
void
)
48
{
49
bool
leak_detected =
false
;
50
uint32_t
*size =
_p
(
ROUNDUP
(
_u
(
_end
),
sizeof
(
unsigned
long
)));
51
Elf32_Ehdr
*ehdr =
_p
(size) + 4;
52
53
if
( !(ehdr->
e_ident
[
EI_MAG0
] ==
ELFMAG0
&&
54
ehdr->
e_ident
[
EI_MAG1
] ==
ELFMAG1
&&
55
ehdr->
e_ident
[
EI_MAG2
] ==
ELFMAG2
&&
56
ehdr->
e_ident
[
EI_MAG3
] ==
ELFMAG3
) )
57
return
xtf_error
(
"Error: Elf header not found\n"
);
58
59
if
( ehdr->
e_ident
[
EI_CLASS
] !=
ELFCLASS32
)
60
return
xtf_error
(
"Error: Unexpected ELF type %u\n"
,
61
ehdr->
e_ident
[
EI_CLASS
]);
62
63
if
( ehdr->
e_shnum
!= 3 )
64
return
xtf_error
(
"Error: Expected 3 section headers\n"
);
65
66
/*
67
* libelf has some padding between an Elf32_Ehdr and the start of the
68
* section header list it writes. (Specifically, the padding until the
69
* end of a Elf64_Ehdr).
70
*/
71
if
( ehdr->
e_ehsize
< ehdr->
e_shoff
)
72
{
73
if
(
memcmpzero
(
_p
(ehdr) + ehdr->
e_ehsize
,
74
ehdr->
e_shoff
- ehdr->
e_ehsize
) )
75
{
76
leak_detected =
true
;
77
xtf_failure
(
"Fail: Data leaked after EHDR\n"
);
78
}
79
}
80
81
if
( !leak_detected )
82
xtf_success
(
"Success: No leak detected\n"
);
83
}
84
85
/*
86
* Local variables:
87
* mode: C
88
* c-file-style: "BSD"
89
* c-basic-offset: 4
90
* tab-width: 4
91
* indent-tabs-mode: nil
92
* End:
93
*/
_end
char _end[]
Definition:
xtf.h:19
test_main
void test_main(void)
To be implemented by each test, as its entry point.
Definition:
main.c:110
test_title
const char test_title[]
The title of the test.
Definition:
main.c:24
EI_MAG2
#define EI_MAG2
Definition:
elf.h:22
ELFMAG0
#define ELFMAG0
Definition:
elf.h:27
ELFMAG3
#define ELFMAG3
Definition:
elf.h:30
EI_MAG1
#define EI_MAG1
Definition:
elf.h:21
EI_CLASS
#define EI_CLASS
Definition:
elf.h:24
ELFCLASS32
#define ELFCLASS32
Definition:
elf.h:33
ELFMAG1
#define ELFMAG1
Definition:
elf.h:28
ELFMAG2
#define ELFMAG2
Definition:
elf.h:29
EI_MAG0
#define EI_MAG0
Definition:
elf.h:20
EI_MAG3
#define EI_MAG3
Definition:
elf.h:23
XEN_ELFNOTE_BSD_SYMTAB
#define XEN_ELFNOTE_BSD_SYMTAB
Definition:
elfnote.h:15
ROUNDUP
#define ROUNDUP(x, a)
Definition:
lib.h:44
_p
#define _p(v)
Express an abitrary integer v as void *.
Definition:
numbers.h:48
_u
#define _u(v)
Express an arbitrary value v as unsigned long.
Definition:
numbers.h:53
xtf_failure
void xtf_failure(const char *fmt,...)
Report a test failure.
Definition:
report.c:94
xtf_error
void xtf_error(const char *fmt,...)
Report a test error.
Definition:
report.c:80
xtf_success
void xtf_success(const char *fmt,...)
Report test success.
Definition:
report.c:38
uint32_t
__UINT32_TYPE__ uint32_t
Definition:
stdint.h:16
Elf32_Ehdr
Definition:
elf.h:37
Elf32_Ehdr::e_shnum
Elf32_Half e_shnum
Definition:
elf.h:50
Elf32_Ehdr::e_ident
unsigned char e_ident[EI_NIDENT]
Definition:
elf.h:38
Elf32_Ehdr::e_ehsize
Elf32_Half e_ehsize
Definition:
elf.h:46
Elf32_Ehdr::e_shoff
Elf32_Off e_shoff
Definition:
elf.h:44
memcmpzero
int memcmpzero(const void *buf, size_t sz)
Definition:
main.c:35
ELFNOTE
ELFNOTE(Xen, XEN_ELFNOTE_BSD_SYMTAB, ".asciz \"yes\"")
Generated by
1.9.4
