diff options
| author | Havoc Pennington <hp@redhat.com> | 2003-02-01 05:16:31 +0000 |
|---|---|---|
| committer | Havoc Pennington <hp@redhat.com> | 2003-02-01 05:16:31 +0000 |
| commit | f43cd524c74048c459a10230e512b0e3ac0addaa (patch) | |
| tree | 14ae2a1640f878d71632e2e96af2bad02a5a19c3 | |
| parent | e0ffb6eb1472e6766d79346e1fae418c129ef536 (diff) | |
2003-02-01 Havoc Pennington <hp@pobox.com>
* dbus/dbus-break-loader.c (randomly_modify_length): change
a 4-byte value in the message as if it were a length
* dbus/dbus-sysdeps.c (_dbus_string_save_to_file): don't set
execute bit on saved files
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | dbus/dbus-break-loader.c | 57 | ||||
| -rw-r--r-- | dbus/dbus-sysdeps.c | 2 |
3 files changed, 64 insertions, 3 deletions
@@ -1,5 +1,13 @@ 2003-02-01 Havoc Pennington <hp@pobox.com> + * dbus/dbus-break-loader.c (randomly_modify_length): change + a 4-byte value in the message as if it were a length + + * dbus/dbus-sysdeps.c (_dbus_string_save_to_file): don't set + execute bit on saved files + +2003-02-01 Havoc Pennington <hp@pobox.com> + * dbus/dbus-break-loader.c (main): new program to find messages that break the loader. diff --git a/dbus/dbus-break-loader.c b/dbus/dbus-break-loader.c index 941b7e59..c27299c9 100644 --- a/dbus/dbus-break-loader.c +++ b/dbus/dbus-break-loader.c @@ -25,6 +25,7 @@ #include "dbus-test.h" #include "dbus-internals.h" #include "dbus-sysdeps.h" +#include "dbus-marshal.h" #include <sys/stat.h> #include <sys/types.h> #include <fcntl.h> @@ -135,7 +136,7 @@ try_mutated_data (const DBusString *data) { if (WEXITSTATUS (status) != 0) { - _dbus_string_append (&filename, "exited-"); + _dbus_string_append (&filename, "-exited-"); _dbus_string_append_int (&filename, WEXITSTATUS (status)); failed = TRUE; } @@ -152,6 +153,8 @@ try_mutated_data (const DBusString *data) const char *filename_c; DBusResultCode result; + _dbus_string_append (&filename, ".message-raw"); + _dbus_string_get_const_data (&filename, &filename_c); printf ("Child failed, writing %s\n", filename_c); @@ -284,6 +287,46 @@ randomly_add_one_byte (const DBusString *orig_data, } static void +randomly_modify_length (const DBusString *orig_data, + DBusString *mutated) +{ + int i; + int byte_order; + const char *d; + dbus_uint32_t orig; + int delta; + + if (orig_data != mutated) + { + _dbus_string_set_length (mutated, 0); + + if (!_dbus_string_copy (orig_data, 0, mutated, 0)) + _dbus_assert_not_reached ("out of mem"); + } + + if (_dbus_string_get_length (mutated) < 12) + return; + + _dbus_string_get_const_data (mutated, &d); + + if (!(*d == DBUS_LITTLE_ENDIAN || + *d == DBUS_BIG_ENDIAN)) + return; + + byte_order = *d; + + i = random_int_in_range (4, _dbus_string_get_length (mutated) - 8); + i = _DBUS_ALIGN_VALUE (i, 4); + + orig = _dbus_demarshal_uint32 (mutated, byte_order, i, NULL); + + delta = random_int_in_range (-10, 10); + + _dbus_marshal_set_uint32 (mutated, byte_order, i, + (unsigned) (orig + delta)); +} + +static void randomly_do_n_things (const DBusString *orig_data, DBusString *mutated, int n) @@ -295,7 +338,8 @@ randomly_do_n_things (const DBusString *orig_data, randomly_shorten_or_lengthen, randomly_change_one_byte, randomly_add_one_byte, - randomly_remove_one_byte + randomly_remove_one_byte, + randomly_modify_length }; _dbus_string_set_length (mutated, 0); @@ -357,6 +401,15 @@ find_breaks_based_on (const DBusString *filename, i = 0; while (i < 50) { + randomly_modify_length (&orig_data, &mutated); + try_mutated_data (&mutated); + + ++i; + } + + i = 0; + while (i < 50) + { randomly_remove_one_byte (&orig_data, &mutated); try_mutated_data (&mutated); diff --git a/dbus/dbus-sysdeps.c b/dbus/dbus-sysdeps.c index 17445a8f..db5118a5 100644 --- a/dbus/dbus-sysdeps.c +++ b/dbus/dbus-sysdeps.c @@ -1159,7 +1159,7 @@ _dbus_string_save_to_file (const DBusString *str, _dbus_string_get_const_data (filename, &filename_c); fd = open (filename_c, O_WRONLY | O_BINARY | O_EXCL | O_CREAT, - 0700); + 0600); if (fd < 0) return _dbus_result_from_errno (errno); |