This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH] inet/tst-if_index-long: New test case for CVE-2018-19591 [BZ #23927]
- From: Rafal Luzynski <digitalfreak at lingonborough dot com>
- To: Florian Weimer <fweimer at redhat dot com>, libc-alpha at sourceware dot org
- Date: Fri, 30 Nov 2018 10:12:26 +0100 (CET)
- Subject: Re: [PATCH] inet/tst-if_index-long: New test case for CVE-2018-19591 [BZ #23927]
- References: <email@example.com>
27.11.2018 18:26 Florian Weimer <firstname.lastname@example.org> wrote:
> diff --git a/inet/tst-if_index-long.c b/inet/tst-if_index-long.c
> new file mode 100644
> index 0000000000..3dc74874e5
> --- /dev/null
> +++ b/inet/tst-if_index-long.c
> @@ -0,0 +1,61 @@
> +/* Check for descriptor leak in if_nametoindex with a long interface
> + Copyright (C) 2018 Free Software Foundation, Inc.
> + This file is part of the GNU C Library.
> + The GNU C Library is free software; you can redistribute it and/or
> + modify it under the terms of the GNU Lesser General Public
> + License as published by the Free Software Foundation; either
> + version 2.1 of the License, or (at your option) any later version.
> + The GNU C Library is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + Lesser General Public License for more details.
> + You should have received a copy of the GNU Lesser General Public
> + License along with the GNU C Library; if not, see
> + <http://www.gnu.org/licenses/>. */
> +/* This test checks for a descriptor leak in case of a long interface
> + name (CVE-2018-19591, bug 23927). */
These two lines look almost the same as the first line of the file.
Are you sure you need this information repeated twice?
My review is very quick, I can only confirm that your patch applies,
builds and runs fine on x86_64, also it correctly fails if the commit
d527c86  is removed.