HomeAbout Us A-Z IndexSearch * Contact Us Register LoginPress Shop

The Open Brand -- Problem Reporting and Interpretations System

Problem Report 1325 Details

Help Show help | Quick Search | Submit a Test Suite Support Request | Click here to view your privileges

This page provides all information on Problem Report 1325.

Report 1325 Actions

    Problem Report Number 1325
    Submitter's Classification Test Suite problem
    State Resolved
    Resolution Test Suite Deficiency (TSD)
    Problem Resolution ID TSD.X.0607
    Raised 1970-01-01 08:00
    Updated 2003-03-13 08:00
    Published 1998-03-12 08:00
    Product Standard Sockets (UNIX 95)
    Certification Program The Open Brand certification program
    Test Suite VSU version 5.0.2
    Test Identification CAPIsockets/recvmsg 39
    Problem Summary TSD4U.00210 This test may fail due to a bug which overwrites stack data on some machines.
    Problem Text

    The test calls iov_setbig() to set up an invalid iovec value. The value that
    iovnum is set to is greater than MAX_IOV value. The code for iov_setbig()
    look like this:

    struct iovec Riov[IOVNUM];

    iov_setbig(Riov, iovnum);



    iov_setbig(struct iovec *iov, int iovcnt)


    for (i=0; i < iovcnt; i++) {
    iov[i].iov_len = (size_t)1<<((CHAR_BIT * sizeof(size_t))-1);
    iov[i+1].iov_base = iov[i].iov_base;
    }

    At the last pass of this "for" loop, i== IOVNUM-1,
    it makes the assignment iov[IOVNUM-1 + 1].iov_base = iov[IOVNUM-1].iov_base;
    that is iov[IOVNUM].iov_base = iov[IOVNUM-1].iov_base
    which is an overflowing of the size of the array iov, and that will overwrite
    the word declared right after it on the stack, which is the variable "iovnum"
    Test Output
    TEST PURPOSE #39
    If the implementation supports a communications domain
    and a socket type:
    EINVAL in errno and return -1 on a call to ssize_t
    recvmsg(int socket, struct msghdr *message, int flags)
    when the sum of the iov_len values overflows an
    ssize_t.
    PREP: Determine if the function sbrk() is supported
    INFO: The implementation supports the Legacy Feature Group
    PREP: Read IOV_MAX system configuration
    PREP: Test whether condition can be generated
    PREP: Set up invalid iovec
    TEST: AF_INET SOCK_STREAM
    PREP: Create test sockaddr_in: address = 9.3.155.183, port = 4085
    PREP: Server: create socket
    PREP: Server: bind address 9.3.155.183, port 4085 to socket
    PREP: Server: listen on socket
    PREP: Server: notify client server is ready
    PREP: Server: accept connection
    INFO: Server: accepted connection from address 9.3.155.183, port 32909
    PREP: echo_server: read and echo data
    INFO: echo_server: echoed 25 bytes of data (ABCDEFGHIJKLMNOPQ123TEST!)
    INFO: Server received signal 15
    INFO: Server terminated
    PREP: Wait for server to be ready
    PREP: Create a socket
    PREP: Connect socket to address 9.3.155.183, port 4085
    PREP: Send test data
    TEST: Return -1 when iov_len values overflows an ssize_t
    TEST: EINVAL in errno when iov_len values overflows an ssize_t
    ERROR: recvmsg failed unexpectedly expected errno = EINVAL, errno = 59(EMSGSIZE
    - Message too large)
    CLEANUP: Send SIGTERM to server
    39 FAIL

    Review Information

    Review Type TSMA Review
    Start Date null
    Completed null
    Status Complete
    Review Recommendation No Resolution Given
    Review Response
    We agree this is a test suite deficiency in the test
    suite version(s) listed.

    Review Type SA Review
    Start Date null
    Completed null
    Status Complete
    Review Resolution Test Suite Deficiency (TSD)
    Review Conclusion
    This is an agreed Test Suite Deficiency.

    Problem Reporting System Options:

     

    Back   

Contact the Certification Authority