This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH] inet/tst-if_index-long: New test case for CVE-2018-19591 [BZ #23927]
* Rafal Luzynski:
> 27.11.2018 18:26 Florian Weimer <email@example.com> wrote:
>> diff --git a/inet/tst-if_index-long.c b/inet/tst-if_index-long.c
>> new file mode 100644
>> index 0000000000..3dc74874e5
>> --- /dev/null
>> +++ b/inet/tst-if_index-long.c
>> @@ -0,0 +1,61 @@
>> +/* Check for descriptor leak in if_nametoindex with a long interface
>> + Copyright (C) 2018 Free Software Foundation, Inc.
>> + This file is part of the GNU C Library.
>> + The GNU C Library is free software; you can redistribute it and/or
>> + modify it under the terms of the GNU Lesser General Public
>> + License as published by the Free Software Foundation; either
>> + version 2.1 of the License, or (at your option) any later version.
>> + The GNU C Library is distributed in the hope that it will be useful,
>> + but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
>> + Lesser General Public License for more details.
>> + You should have received a copy of the GNU Lesser General Public
>> + License along with the GNU C Library; if not, see
>> + <http://www.gnu.org/licenses/>. */
>> +/* This test checks for a descriptor leak in case of a long interface
>> + name (CVE-2018-19591, bug 23927). */
> These two lines look almost the same as the first line of the file.
> Are you sure you need this information repeated twice?
I think it's useful to reference the bug number somewhere in the test
case and stay within the length limit for the first line of the file.