debian/patches/CVE-2014-8xxx/0017-Add-request-length-checking-test-cases-for-some-Xinp.patch

   1 From 0b199c0b23aecfdce53c28ea653c9342217d6f33 Mon Sep 17 00:00:00 2001
   2 From: Alan Coopersmith <alan.coopersmith@oracle.com>
   3 Date: Sun, 9 Feb 2014 21:27:27 -0800
   4 Subject: [PATCH 17/33] Add request length checking test cases for some Xinput
   5  1.x requests
   6
   7 Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
   8 Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
   9 ---
  10  configure.ac                             |    1 +
  11  test/Makefile.am                         |    2 +-
  12  test/xi1/Makefile.am                     |   34 +++++++++
  13  test/xi1/protocol-xchangedevicecontrol.c |  122 ++++++++++++++++++++++++++++++
  14  4 files changed, 158 insertions(+), 1 deletion(-)
  15  create mode 100644 test/xi1/Makefile.am
  16  create mode 100644 test/xi1/protocol-xchangedevicecontrol.c
  17
  18 --- a/configure.ac
  19 +++ b/configure.ac
  20 @@ -2553,6 +2553,7 @@ hw/kdrive/fbdev/Makefile
  21  hw/kdrive/linux/Makefile
  22  hw/kdrive/src/Makefile
  23  test/Makefile
  24 +test/xi1/Makefile
  25  test/xi2/Makefile
  26  xserver.ent
  27  xorg-server.pc
  28 --- /dev/null
  29 +++ b/test/xi1/Makefile.am
  30 @@ -0,0 +1,34 @@
  31 +if ENABLE_UNIT_TESTS
  32 +if HAVE_LD_WRAP
  33 +noinst_PROGRAMS =  \
  34 +       protocol-xchangedevicecontrol
  35 +
  36 +TESTS=$(noinst_PROGRAMS)
  37 +TESTS_ENVIRONMENT = $(XORG_MALLOC_DEBUG_ENV)
  38 +
  39 +AM_CFLAGS = $(DIX_CFLAGS) @XORG_CFLAGS@
  40 +AM_CPPFLAGS = @XORG_INCS@ -I$(srcdir)/../xi2
  41 +TEST_LDADD=../libxservertest.la $(XORG_SYS_LIBS) $(XSERVER_SYS_LIBS) $(GLX_SYS_LIBS)
  42 +COMMON_SOURCES=$(srcdir)/../xi2/protocol-common.c
  43 +
  44 +if SPECIAL_DTRACE_OBJECTS
  45 +TEST_LDADD += $(OS_LIB) $(DIX_LIB)
  46 +endif
  47 +
  48 +protocol_xchangedevicecontrol_LDADD=$(TEST_LDADD)
  49 +
  50 +protocol_xchangedevicecontrol_LDFLAGS=$(AM_LDFLAGS) -Wl,-wrap,WriteToClient
  51 +
  52 +protocol_xchangedevicecontrol_SOURCES=$(COMMON_SOURCES) protocol-xchangedevicecontrol.c
  53 +
  54 +else
  55 +# Print that xi1-tests were skipped (exit code 77 for automake test harness)
  56 +TESTS = xi1-tests
  57 +CLEANFILES = $(TESTS)
  58 +
  59 +xi1-tests:
  60 +       @echo 'echo "ld -wrap support required for xi1 unit tests, skipping"' > $@
  61 +       @echo 'exit 77' >> $@
  62 +       $(AM_V_GEN)chmod +x $@
  63 +endif
  64 +endif
  65 --- /dev/null
  66 +++ b/test/xi1/protocol-xchangedevicecontrol.c
  67 @@ -0,0 +1,122 @@
  68 +/**
  69 + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
  70 + *
  71 + * Permission is hereby granted, free of charge, to any person obtaining a
  72 + * copy of this software and associated documentation files (the "Software"),
  73 + * to deal in the Software without restriction, including without limitation
  74 + * the rights to use, copy, modify, merge, publish, distribute, sublicense,
  75 + * and/or sell copies of the Software, and to permit persons to whom the
  76 + * Software is furnished to do so, subject to the following conditions:
  77 + *
  78 + * The above copyright notice and this permission notice (including the next
  79 + * paragraph) shall be included in all copies or substantial portions of the
  80 + * Software.
  81 + *
  82 + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  83 + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  84 + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
  85 + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  86 + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
  87 + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
  88 + * DEALINGS IN THE SOFTWARE.
  89 + */
  90 +
  91 +#ifdef HAVE_DIX_CONFIG_H
  92 +#include <dix-config.h>
  93 +#endif
  94 +
  95 +/*
  96 + * Protocol testing for ChangeDeviceControl request.
  97 + */
  98 +#include <stdint.h>
  99 +#include <X11/X.h>
 100 +#include <X11/Xproto.h>
 101 +#include <X11/extensions/XIproto.h>
 102 +#include "inputstr.h"
 103 +#include "chgdctl.h"
 104 +
 105 +#include "protocol-common.h"
 106 +
 107 +static ClientRec client_request;
 108 +
 109 +static void
 110 +reply_ChangeDeviceControl(ClientPtr client, int len, char *data, void *userdata)
 111 +{
 112 +    xChangeDeviceControlReply *rep = (xChangeDeviceControlReply *) data;
 113 +
 114 +    if (client->swapped) {
 115 +        swapl(&rep->length);
 116 +        swaps(&rep->sequenceNumber);
 117 +    }
 118 +
 119 +    reply_check_defaults(rep, len, ChangeDeviceControl);
 120 +
 121 +    /* XXX: check status code in reply */
 122 +}
 123 +
 124 +static void
 125 +request_ChangeDeviceControl(ClientPtr client, xChangeDeviceControlReq * req,
 126 +                            xDeviceCtl *ctl, int error)
 127 +{
 128 +    int rc;
 129 +
 130 +    client_request.req_len = req->length;
 131 +    rc = ProcXChangeDeviceControl(&client_request);
 132 +    assert(rc == error);
 133 +
 134 +    /* XXX: ChangeDeviceControl doesn't seem to fill in errorValue to check */
 135 +
 136 +    client_request.swapped = TRUE;
 137 +    swaps(&req->length);
 138 +    swaps(&req->control);
 139 +    swaps(&ctl->length);
 140 +    swaps(&ctl->control);
 141 +    /* XXX: swap other contents of ctl, depending on type */
 142 +    rc = SProcXChangeDeviceControl(&client_request);
 143 +    assert(rc == error);
 144 +}
 145 +
 146 +static unsigned char *data[4096];       /* the request buffer */
 147 +
 148 +static void
 149 +test_ChangeDeviceControl(void)
 150 +{
 151 +    xChangeDeviceControlReq *request = (xChangeDeviceControlReq *) data;
 152 +    xDeviceCtl *control = (xDeviceCtl *) (&request[1]);
 153 +
 154 +    request_init(request, ChangeDeviceControl);
 155 +
 156 +    reply_handler = reply_ChangeDeviceControl;
 157 +
 158 +    client_request = init_client(request->length, request);
 159 +
 160 +    printf("Testing invalid lengths:\n");
 161 +    printf(" -- no control struct\n");
 162 +    request_ChangeDeviceControl(&client_request, request, control, BadLength);
 163 +
 164 +    printf(" -- xDeviceResolutionCtl\n");
 165 +    request_init(request, ChangeDeviceControl);
 166 +    request->control = DEVICE_RESOLUTION;
 167 +    control->length = (sizeof(xDeviceResolutionCtl) >> 2);
 168 +    request->length += control->length - 2;
 169 +    request_ChangeDeviceControl(&client_request, request, control, BadLength);
 170 +
 171 +    printf(" -- xDeviceEnableCtl\n");
 172 +    request_init(request, ChangeDeviceControl);
 173 +    request->control = DEVICE_ENABLE;
 174 +    control->length = (sizeof(xDeviceEnableCtl) >> 2);
 175 +    request->length += control->length - 2;
 176 +    request_ChangeDeviceControl(&client_request, request, control, BadLength);
 177 +
 178 +    /* XXX: Test functionality! */
 179 +}
 180 +
 181 +int
 182 +main(int argc, char **argv)
 183 +{
 184 +    init_simple();
 185 +
 186 +    test_ChangeDeviceControl();
 187 +
 188 +    return 0;
 189 +}